App Proxy http and https pass thru
-
yep sorry was not sure if was to clear at all
So I have 2 server
1st server is cloudro ( firewall 80 and 443 to it )
2nd server is a docker that has bit warden running on itnow it is easy to have to have the Clouder server to pass the https over to the docker server on port 443
now the server (2nd server) need to do a ssl key update using letsencrypt BUT can't get the .well-known file
if I recall it need to do this with http ( bbs has the some error too when it try with the server's do not have the folder)https://letsencrypt.org/how-it-works/ ( if I am reading that right ) need to come in as http to access .well-known folder.
Hope that better
-
Hello @nozy
Why are you running a custom Bitwarden on a second server if you could just install @vaultwarden on your Cloudron server?
Also, the second server would only need to serve Bitwarden on http and the Cloudron Proxy app should point to thathttp://$IP:$PORT.
I still need more details why the second server needs the ssl key if you plan to use the Cloudron Proxy app? -
I see so you probably have deployed bitwarden with some additional reverse proxy which wants to setup SSL/TLS hence tries to get a certificate from letsencrypt. Since Cloudron's proxy app already handles this part, you just have to disable this in your bitwarden setup and proxy bitwarden directly.
For context, most likely your setup is trying to get a cert via http which won't work as it wont reach it, since Cloudron sits on that already and always forwards to https.
-
Hello @nozy
Why are you running a custom Bitwarden on a second server if you could just install @vaultwarden on your Cloudron server?
Also, the second server would only need to serve Bitwarden on http and the Cloudron Proxy app should point to thathttp://$IP:$PORT.
I still need more details why the second server needs the ssl key if you plan to use the Cloudron Proxy app? -
I see so you probably have deployed bitwarden with some additional reverse proxy which wants to setup SSL/TLS hence tries to get a certificate from letsencrypt. Since Cloudron's proxy app already handles this part, you just have to disable this in your bitwarden setup and proxy bitwarden directly.
For context, most likely your setup is trying to get a cert via http which won't work as it wont reach it, since Cloudron sits on that already and always forwards to https.
-
Just a note as ISPConfig need ssl ( site and mail server ) I can see the keys folder I think I will script it to update the 2nd server
"/home/yellowtent/platformdata/nginx/cert/_XXXX .com.cert" think this may work may be a good think to have a export ? sure need to be script has someone done this ?
Nozy -
Hello @nozy
I am very sorry, but what you are writing is still confusing and incoherent to me.
From your last response I can gather that you are hosting Bitwarden on a server that is running ISPConfig - Hosting Control Panel.If you truly wish for us to understand what you are doing and what you need, you will need to explain it clearly and in detail.
I am also repeating my question.
Why not use @vaultwarden which is Bitwarden, on Cloudron directly? -
I have this running too I thanks I have ork this out will update this post so if someone need to do it
but thanks for the help sure I got it now I have found he keys
ssl_certificate /home/yellowtent/platformdata/nginx/cert/_.XXXXX.cert; ssl_certificate_key /home/yellowtent/platformdata/nginx/cert/_.XX.key;just need to make a scp for on changes and to send a copy to the 2nd server.....
Nozy
-
J james has marked this topic as solved
