Help needed: HAProxy-Config for bitwardenrs dockerimage on Synology DSM #4112

New Issue

Closed

opened 2026-03-07 19:29:42 -06:00 by GiteaMirror · 4 comments

GiteaMirror commented 2026-03-07 19:29:42 -06:00

Owner

Copy Link

Originally created by @abysso2 on GitHub (Nov 3, 2019).

Hi there,
i am running several http services behind a haproxy on my openwrt-router. I also try to reach an on premise installation of the bitwarden docker image on my synology nas.

I tried the following config of haproxy:

# global parameters

global
maxconn 2048
ulimit-n 65535
uid 0
gid 0
daemon
nosplice
nbproc 2
# custom ssl options

ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12
ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM
tune.ssl.default-dh-param 2048
# definiton of frontends

frontend main-https

mode http
bind 192.168.0.1:444 ssl crt /etc/haproxy.pem ciphers EECDH+AESGCM:EDH+AESGCM force-tlsv12 no-sslv3
reqadd X-Forwarded-Proto:\ https
http-response set-header Strict-Transport-Security max-age=31536000
http-response set-header X-Frame-Options SAMEORIGIN
http-response set-header X-Content-Type-Options nosniff
# nextcloud caldav / carddav acls

acl caldav-endpoint path_beg /.well-known/caldav
http-request set-path /remote.php/dav if caldav-endpoint
use_backend nextcloud-http if caldav-endpoint
acl carddav-endpoint path_beg /.well-known/carddav
http-request set-path /remote.php/dav if carddav-endpoint
use_backend nextcloud-http if carddav-endpoint
# bitwarden domain acl

acl bitwardendomain hdr_dom(host) -i bitwarden.mydomain.dom
use_backend synology-bitwarden if bitwardendomain

default_backend nextcloud-http
# definiton of backends
# nextcloud cluster backend

backend nextcloud-http

mode http
balance first
server next1 192.168.0.11:80 check
server next2 192.168.0.12:80 check
# bitwarden backend (docker config redirects port 8080 to 80, all firewallrules on synology are set)

backend synology-bitwarden

mode http
server synology 192.168.0.13:8080 check

Issue

I reach the login page, but after i fill in my credentials and try to login, i get a error message after “An unexpected error occurred” after aprox. 10 seconds.

I can not find any relevant information within the router and haproxy logs or within the docker image.

If i access the docker image via http://192.168.0.13:8080, everything works like a charm, so it seems to be a haproxy issue.

Any helping hands here?

Regards,
A.

Originally created by @abysso2 on GitHub (Nov 3, 2019). Hi there, i am running several http services behind a haproxy on my openwrt-router. I also try to reach an on premise installation of the bitwarden docker image on my synology nas. I tried the following config of haproxy: ``` # global parameters global maxconn 2048 ulimit-n 65535 uid 0 gid 0 daemon nosplice nbproc 2 # custom ssl options ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12 ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM tune.ssl.default-dh-param 2048 # definiton of frontends frontend main-https mode http bind 192.168.0.1:444 ssl crt /etc/haproxy.pem ciphers EECDH+AESGCM:EDH+AESGCM force-tlsv12 no-sslv3 reqadd X-Forwarded-Proto:\ https http-response set-header Strict-Transport-Security max-age=31536000 http-response set-header X-Frame-Options SAMEORIGIN http-response set-header X-Content-Type-Options nosniff # nextcloud caldav / carddav acls acl caldav-endpoint path_beg /.well-known/caldav http-request set-path /remote.php/dav if caldav-endpoint use_backend nextcloud-http if caldav-endpoint acl carddav-endpoint path_beg /.well-known/carddav http-request set-path /remote.php/dav if carddav-endpoint use_backend nextcloud-http if carddav-endpoint # bitwarden domain acl acl bitwardendomain hdr_dom(host) -i bitwarden.mydomain.dom use_backend synology-bitwarden if bitwardendomain default_backend nextcloud-http # definiton of backends # nextcloud cluster backend backend nextcloud-http mode http balance first server next1 192.168.0.11:80 check server next2 192.168.0.12:80 check # bitwarden backend (docker config redirects port 8080 to 80, all firewallrules on synology are set) backend synology-bitwarden mode http server synology 192.168.0.13:8080 check ``` # Issue I reach the login page, but after i fill in my credentials and try to login, i get a error message after “An unexpected error occurred” after aprox. 10 seconds. I can not find any relevant information within the router and haproxy logs or within the docker image. If i access the docker image via http://192.168.0.13:8080, everything works like a charm, so it seems to be a haproxy issue. Any helping hands here? Regards, A.

GiteaMirror closed this issue 2026-03-07 19:29:43 -06:00

GiteaMirror commented 2026-03-07 19:29:43 -06:00

Author

Owner

Copy Link

@pboesch commented on GitHub (Nov 5, 2019):

Hi,
My haproxy configuration for bitwarden:

backend vm_bitwardenrs
  mode http
  balance source
  option forwardfor
  hash-type consistent
  log global
  timeout connect 30000
  timeout server 30000
  server bitwarden192.168.1.3:80

@pboesch commented on GitHub (Nov 5, 2019): Hi, My haproxy configuration for bitwarden: ``` backend vm_bitwardenrs mode http balance source option forwardfor hash-type consistent log global timeout connect 30000 timeout server 30000 server bitwarden192.168.1.3:80 ````

GiteaMirror commented 2026-03-07 19:29:44 -06:00

Author

Owner

Copy Link

@abysso2 commented on GitHub (Nov 6, 2019):

Thanks a lot but i still get the same error ... i have to dig deeper :-)

@abysso2 commented on GitHub (Nov 6, 2019): Thanks a lot but i still get the same error ... i have to dig deeper :-)

GiteaMirror commented 2026-03-07 19:29:44 -06:00

Author

Owner

Copy Link

@pboesch commented on GitHub (Nov 7, 2019):

You could try to comment these lines:

reqadd X-Forwarded-Proto:\ https
http-response set-header Strict-Transport-Security max-age=31536000
http-response set-header X-Frame-Options SAMEORIGIN
http-response set-header X-Content-Type-Options nosniff

@pboesch commented on GitHub (Nov 7, 2019): You could try to comment these lines: ``` reqadd X-Forwarded-Proto:\ https http-response set-header Strict-Transport-Security max-age=31536000 http-response set-header X-Frame-Options SAMEORIGIN http-response set-header X-Content-Type-Options nosniff ```

GiteaMirror commented 2026-03-07 19:29:44 -06:00

Author

Owner

Copy Link

@dani-garcia commented on GitHub (May 13, 2020):

Closed due to inactivity.

@dani-garcia commented on GitHub (May 13, 2020): Closed due to inactivity.

GiteaMirror referenced this issue 2026-03-07 21:09:44 -06:00

[PR #4143] [MERGED] Several small fixes for open issues #7023

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#4112