[SOLVED] Traefik + Vaultwarden 502 Error
Edit: Thanks for the help, issue was solved! Had Traefik’s loadbalancer set to route to port 8081, not the internal port of 80. Whoops.
Intro
HI everyone. I’ve been busy configuring my homelab and have run into issues with Traefik and Vaultwarden running within Podman. I’ve already successfully set up Home Assistant and Homepage but for the life of me cannot get things working. I’m hoping a fresh pair of eyes would be able to spot something I missed or provide some advice. I’ve tried to provide all the information and logs relevant to the situation.
Expected Behavior:
- Requests for
*.fenndev.networkare sent to my Traefik server. - Incoming HTTPS requests to
vault.fenndev.networkare forwarded to Vaultwarden- HTTP requests are upgraded to HTTPS
- Vaultwarden is accessible via
https://vault.fenndev.networkand utilizes the wildcard certificates generated by Traefik.
Quick Facts
Overview
- I’m running Traefik and Vaultwarden in Podman, using Quadlet
- Traefik and Vaultwarden, along with all of my other services, are part of the same
fenndev_defaultnetwork - Traefik is working correctly with Home assistant, Adguard Home, and Homepage, but returns a
502 Bad Gatewayerror with Vaultwarden - I’ve verified that port
8081is open on my firewall and my service is reachable at{SERVER_IP}:8081. -
10.89.0.132is the internal Podman IP address of the Vaultwarden container
Versions
Server: AlmaLinux 9.4
Podman: 4.9.4-rhel
Traefik: v3
Vaultwarden: alpine-latest (1.30.5-alpine I believe)
Error Logs
Traefik Log:
<span style="color:#323232;">2024-05-11T22:09:53Z DBG github.com/traefik/traefik/v3/pkg/server/service/proxy.go:100 > 502 Bad Gateway error="dial tcp 10.89.0.132:8081: connect: connection refused"
</span>
cURL to URL:
<span style="color:#323232;">[fenndev@bastion ~]$ curl -v https://vault.fenndev.network
</span><span style="color:#323232;">* Trying 192.168.1.169:443...
</span><span style="color:#323232;">* Connected to vault.fenndev.network (192.168.1.169) port 443 (#0)
</span><span style="color:#323232;">* ALPN, offering h2
</span><span style="color:#323232;">* ALPN, offering http/1.1
</span><span style="color:#323232;">* CAfile: /etc/pki/tls/certs/ca-bundle.crt
</span><span style="color:#323232;">* TLSv1.0 (OUT), TLS header, Certificate Status (22):
</span>
Config Files
vaultwarden.container file:
<span style="color:#323232;">[Unit]
</span><span style="color:#323232;">Description=Password
</span><span style="color:#323232;">After=network-online.target
</span><span style="color:#323232;">[Service]
</span><span style="color:#323232;">Restart=always
</span><span style="color:#323232;">RestartSec=3
</span><span style="color:#323232;">
</span><span style="color:#323232;">[Install]
</span><span style="color:#323232;"># Start by default on boot
</span><span style="color:#323232;">WantedBy=multi-user.target default.target
</span><span style="color:#323232;">
</span><span style="color:#323232;">[Container]
</span><span style="color:#323232;">Image=ghcr.io/dani-garcia/vaultwarden:latest-alpine
</span><span style="color:#323232;">Exec=/start.sh
</span><span style="color:#323232;">EnvironmentFile=%h/.config/vault/vault.env
</span><span style="color:#323232;">ContainerName=vault
</span><span style="color:#323232;">Network=fenndev_default
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Security Options
</span><span style="color:#323232;">SecurityLabelType=container_runtime_t
</span><span style="color:#323232;">NoNewPrivileges=true
</span><span style="color:#323232;"># Volumes
</span><span style="color:#323232;">Volume=%h/.config/vault/data:/data:Z
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Ports
</span><span style="color:#323232;">PublishPort=8081:80
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Labels
</span><span style="color:#323232;">Label=traefik.enable=true
</span><span style="color:#323232;">Label=traefik.http.routers.vault.entrypoints=web
</span><span style="color:#323232;">Label=traefik.http.routers.vault-websecure.entrypoints=websecure
</span><span style="color:#323232;">Label=traefik.http.routers.vault.rule=Host(`vault.fenndev.network`)
</span><span style="color:#323232;">Label=traefik.http.routers.vault-websecure.rule=Host(`vault.fenndev.network`)
</span><span style="color:#323232;">Label=traefik.http.routers.vault-websecure.tls=true
</span><span style="color:#323232;">Label=traefik.http.routers.vault.service=vault
</span><span style="color:#323232;">Label=traefik.http.routers.vault-websecure.service=vault
</span><span style="color:#323232;">
</span><span style="color:#323232;">Label=traefik.http.services.vault.loadbalancer.server.port=8081
</span><span style="color:#323232;">
</span><span style="color:#323232;">Label=homepage.group="Services"
</span><span style="color:#323232;">Label=homepage.name="Vaultwarden"
</span><span style="color:#323232;">Label=homepage.icon=vaultwarden.svg
</span><span style="color:#323232;">Label=homepage.description="Password Manager"
</span><span style="color:#323232;">Label=homepage.href=https://vault.fenndev.network
</span>
vault.env file:
<span style="color:#323232;">LOG_LEVEL=debug
</span><span style="color:#323232;">DOMAIN=https://vault.fenndev.network
</span>
Add comment