Vaultwarden, NGinx, Comodo certificate, custom portnumbers - really stuck :-(

Thank you for reading my question!

I could use some help getting Vaultwarden to work on Docker using NGinx as reverse-proxy with a Comodo domain certificate and custom port numbers. hope someone over here can point me to a solution.

The current situation:

I have a Debian server dedicated to serving applications through Docker. This works very well for Adguard Home, Domoticz, Dashticz, Mosquitto, Node-Red and a few other containers.
In my network I have a Raspberry Pi that is currently hosting Vaultwarden in a Docker container and NGinx installed on the host system.
NGinx on the Pi (and on the Docker server) is configured to use a Comodo certificate for bitwarden DOT MyDomainName DOT TLD

What I would like to achieve:

I would like to migrate Vaultwarden from the Pi to the Docker server using a container for the reverse proxy
I have separate locations for the docker-commpose files and the persistent volumes. I would like to keep using that scenario. My Docker-compose files are stored in /home/XYZ/compose/[name of the container]. The persistent volumes are stored in /home/XYZ/containers/[name of the container]

What I have done so far:

Too much to write down here. :wink:
I have NGinx set up in a container and the Comodo certificate is configured and available in the web interface of NGinx
I have created docker-compose.yml files for Vaultwarden and NGinx to create the containers.

Docker-compose file for Vaultwarden

--- version: "2.1" services: vaultwarden: image: vaultwarden/server container_name: vaultwarden volumes: - /home/XYZ/vaultwarden/vw-data/:/data/ ports: - 6080:80 ## <- Port 80 is used by Adguard Home - 3012:3012 ## <- This port is still available restart: unless-stopped

Docker-compose file for NGinx:

[code] version: ‘3’
image: ‘jc21/nginx-proxy-manager:latest’
restart: unless-stopped
- ‘5080:80’ ## ← Port 80 is used by adguard Home
- ‘5081:81’ ## ← Would like to keep the ports a bit predictable :wink:
- ‘5443:443’ ## ← Same here
DB_MYSQL_USER: “some_user”
DB_MYSQL_PASSWORD: “some_password”
- /home/XYZ/containers/nginx/data:/data

- ./letsencrypt:/etc/letsencrypt ## ← not needed I guess since I have my own certificate

image: ‘jc21/mariadb-aria:latest’
restart: unless-stopped
MYSQL_ROOT_PASSWORD: ‘some_root_password’
MYSQL_USER: ‘some_user’
MYSQL_PASSWORD: ‘some_password’
- /home/XYZ/containers/nginx/data/mysql:/var/lib/mysql

Creation works (no errors that is ;-)). I can reach NGinx but I cannot reach Vaultwarden; either the front-end or the admin interface.

I have added Vaultwarden to the network created for NGinx. It has gotten an IP address but Vaultwarden is not reachable.

I have added a proxy host in NGinx to relay to Vaultwarden. Unsuccessful I must confess

The proxy host configuration is as follows:
Domain name: bitwarden DOT MyDomainName DOT TLD
scheme: http
Forward hostname/IP: (the actual IP the Vaultwarden container is getting)
Forward port: 6080
Block Common Exploits = Yes
Websockets Support = Yes
Access List: Publicly Accessible
Custom locations = None
SSL Certificate = [My Comodo certificate]
Force SSL = True
HTTP/2 Support = True
HSTS Enabled = True

[code]location /admin {
return 404;

location / {
proxy_pass http ://;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

location /notifications/hub {
proxy_pass http ://;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;

location /notifications/hub/negotiate {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http ://;

What have I done wrong or what am I missing? I hope a knowledgeable Docker expert is willing to help me!

PS. Sorry for the DOT’s and the spaces between http and the actual address. Apparently I am not allowed to “publish” web addresses

Barry Llewellyn rocks! Got it working using and adapting his guide here: Installing Vaultwarden formally bitwarden_rs on Ubuntu 20.04 with Nginx ·

Case closed.