Thank you for reading my question!
I could use some help getting Vaultwarden to work on Docker using NGinx as reverse-proxy with a Comodo domain certificate and custom port numbers. hope someone over here can point me to a solution.
The current situation:
I have a Debian server dedicated to serving applications through Docker. This works very well for Adguard Home, Domoticz, Dashticz, Mosquitto, Node-Red and a few other containers.
In my network I have a Raspberry Pi that is currently hosting Vaultwarden in a Docker container and NGinx installed on the host system.
NGinx on the Pi (and on the Docker server) is configured to use a Comodo certificate for bitwarden DOT MyDomainName DOT TLD
What I would like to achieve:
I would like to migrate Vaultwarden from the Pi to the Docker server using a container for the reverse proxy
I have separate locations for the docker-commpose files and the persistent volumes. I would like to keep using that scenario. My Docker-compose files are stored in /home/XYZ/compose/[name of the container]. The persistent volumes are stored in /home/XYZ/containers/[name of the container]
What I have done so far:
Too much to write down here. 
I have NGinx set up in a container and the Comodo certificate is configured and available in the web interface of NGinx
I have created docker-compose.yml files for Vaultwarden and NGinx to create the containers.
Docker-compose file for Vaultwarden
---
version: "2.1"
services:
vaultwarden:
image: vaultwarden/server
container_name: vaultwarden
volumes:
- /home/XYZ/vaultwarden/vw-data/:/data/
ports:
- 6080:80 ## <- Port 80 is used by Adguard Home
- 3012:3012 ## <- This port is still available
restart: unless-stopped
Docker-compose file for NGinx:
[code] version: ‘3’
services:
nginx:
image: ‘jc21/nginx-proxy-manager:latest’
restart: unless-stopped
ports:
- ‘5080:80’ ## ← Port 80 is used by adguard Home
- ‘5081:81’ ## ← Would like to keep the ports a bit predictable
- ‘5443:443’ ## ← Same here
environment:
DB_MYSQL_HOST: “db”
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: “some_user”
DB_MYSQL_PASSWORD: “some_password”
DB_MYSQL_NAME: “npm”
volumes:
- /home/XYZ/containers/nginx/data:/data
- ./letsencrypt:/etc/letsencrypt ## ← not needed I guess since I have my own certificate
db:
image: ‘jc21/mariadb-aria:latest’
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: ‘some_root_password’
MYSQL_DATABASE: ‘npm’
MYSQL_USER: ‘some_user’
MYSQL_PASSWORD: ‘some_password’
volumes:
- /home/XYZ/containers/nginx/data/mysql:/var/lib/mysql
[/code]
Creation works (no errors that is ;-)). I can reach NGinx but I cannot reach Vaultwarden; either the front-end or the admin interface.
I have added Vaultwarden to the network created for NGinx. It has gotten an IP address but Vaultwarden is not reachable.
I have added a proxy host in NGinx to relay to Vaultwarden. Unsuccessful I must confess
The proxy host configuration is as follows:
Domain name: bitwarden DOT MyDomainName DOT TLD
scheme: http
Forward hostname/IP: 172.30.0.4 (the actual IP the Vaultwarden container is getting)
Forward port: 6080
Block Common Exploits = Yes
Websockets Support = Yes
Access List: Publicly Accessible
Custom locations = None
SSL Certificate = [My Comodo certificate]
Force SSL = True
HTTP/2 Support = True
HSTS Enabled = True
Advanced:
[code]location /admin {
return 404;
}
location / {
proxy_pass http :// 172.30.0.4:6080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notifications/hub {
proxy_pass http :// 172.30.0.4:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
}
location /notifications/hub/negotiate {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http :// 172.30.0.4:6080;
}[/code]
What have I done wrong or what am I missing? I hope a knowledgeable Docker expert is willing to help me!
PS. Sorry for the DOT’s and the spaces between http and the actual address. Apparently I am not allowed to “publish” web addresses