latest git version is broken with nginx proxy #1624

New Issue

MrUnknownDE · 2026-04-06T02:06:20+02:00

MrUnknownDE commented

2026-04-06 02:06:20 +02:00

Originally created by @nipsy on 5/1/2023

Subject of the issue

Updated to the latest version in git (1ec049e2b5) and everything is broken. Getting either a 502 bad gateway error or the following error in my nginx logs:

[error] 1467253#1467253: *225 upstream prematurely closed connection while reading upstream, client: 1.2.3.4, server: fqdn.com, request: "GET /vault/ HTTP/2.0", upstream: "http://127.0.0.1:8000/vault/", host: "fqdn.com"

Deployment environment

vaultwarden version: 1ec049e2b5
Install method: built from source
Clients used: web browser
Reverse proxy and version: nginx 1.22.1-9 via Debian testing/unstable using the exact configuration described in the wiki under "Nginx with sub-path (by BlackDex)"
MySQL/MariaDB or PostgreSQL version: neither/ SQLite
Other relevant details:

Steps to reproduce

Nothing special other than what is described above. Rolling back to 393645617e and bw_web v2023.3.0b fixes everything again.

Expected behaviour

Vault page loads in my browser.

Actual behaviour

502 Bad Gateway or even more cryptic client error due to the stream simply crapping out mid request.

Troubleshooting data

Nothing much to provide sadly beyond the error above. I never even see the requests making it through to Rocket as nothing is ever logged there unless I access Rocket directly. That does at least give me the following:

% curl http://127.0.0.1:8000
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <title>404 Not Found</title>
</head>
<body align="center">
    <div role="main" align="center">
        <h1>404: Not Found</h1>
        <p>The requested resource could not be found.</p>
        <hr />
    </div>
    <div role="contentinfo" align="center">
        <small>Rocket</small>
    </div>
</body>
</html>

% curl http://127.0.0.1:8000/vault/
curl: (52) Empty reply from server

When I roll back to the previously working version, that second request actually returns the expected:

% curl http://127.0.0.1:8000/vault/
<!doctype html><html class="theme_light"><head><meta charset="utf-8"/><meta name="viewport" content="width=1010"/><meta name="theme-color" content="#175DDC"/><title page-title>Vaultwarden Web Vault</title><link rel="apple-touch-icon" sizes="180x180" href="images/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="images/favicon-32x32.png"/><link rel="icon" type="image/png" sizes="16x16" href="images/favicon-16x16.png"/><link rel="mask-icon" href="images/safari-pinned-tab.svg" color="#175DDC"/><link rel="manifest" href="ca8f66ed7fccfcd0809f.json"/><script defer="defer" src="theme_head.5f24ba8d7aa944e6f52b.js"></script><link href="app/main.c107f7b9354b6317446a.css" rel="stylesheet"></head><body class="layout_frontend"><app-root><div class="mt-5 d-flex justify-content-center"><div><img class="mb-4 logo logo-themed" alt="Bitwarden"/><p class="text-center"><i class="bwi bwi-spinner bwi-spin bwi-2x text-muted" title="Loading" aria-hidden="true"></i></p></div></div></app-root><script defer="defer" src="app/polyfills.428c25638840333a09ee.js"></script><script defer="defer" src="app/vendor.776201439bfdefee32dc.js"></script><script defer="defer" src="app/main.3a27378a743dd4ad9f70.js"></script></body></html>

Nothing else has changed, either between the working and broken versions aside from the vaultwarden code and web contents themselves. The systemd unit file and nginx configurations are identical. But I can provide whatever else might be helpful.

*Originally created by @nipsy on 5/1/2023* ### Subject of the issue Updated to the latest version in git (1ec049e2b5f2f1aa3b8d035e94915b131c5e9e25) and everything is broken. Getting either a 502 bad gateway error or the following error in my nginx logs: ``` [error] 1467253#1467253: *225 upstream prematurely closed connection while reading upstream, client: 1.2.3.4, server: fqdn.com, request: "GET /vault/ HTTP/2.0", upstream: "http://127.0.0.1:8000/vault/", host: "fqdn.com" ``` ### Deployment environment * vaultwarden version: 1ec049e2b5f2f1aa3b8d035e94915b131c5e9e25 * Install method: built from source * Clients used: web browser * Reverse proxy and version: nginx 1.22.1-9 via Debian testing/unstable using the exact configuration described in the wiki under "Nginx with sub-path (by BlackDex)" * MySQL/MariaDB or PostgreSQL version: neither/ SQLite * Other relevant details: ### Steps to reproduce Nothing special other than what is described above. Rolling back to 393645617efa6866001d40cc7f6a9485947e9b23 and bw_web v2023.3.0b fixes everything again. ### Expected behaviour Vault page loads in my browser. ### Actual behaviour 502 Bad Gateway or even more cryptic client error due to the stream simply crapping out mid request. ### Troubleshooting data Nothing much to provide sadly beyond the error above. I never even see the requests making it through to Rocket as nothing is ever logged there unless I access Rocket directly. That does at least give me the following: ``` % curl http://127.0.0.1:8000 <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>404 Not Found</title> </head> <body align="center"> <div role="main" align="center"> <h1>404: Not Found</h1> <p>The requested resource could not be found.</p> <hr /> </div> <div role="contentinfo" align="center"> <small>Rocket</small> </div> </body> </html> % curl http://127.0.0.1:8000/vault/ curl: (52) Empty reply from server ``` When I roll back to the previously working version, that second request actually returns the expected: ``` % curl http://127.0.0.1:8000/vault/ <!doctype html><html class="theme_light"><head><meta charset="utf-8"/><meta name="viewport" content="width=1010"/><meta name="theme-color" content="#175DDC"/><title page-title>Vaultwarden Web Vault</title><link rel="apple-touch-icon" sizes="180x180" href="images/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="images/favicon-32x32.png"/><link rel="icon" type="image/png" sizes="16x16" href="images/favicon-16x16.png"/><link rel="mask-icon" href="images/safari-pinned-tab.svg" color="#175DDC"/><link rel="manifest" href="ca8f66ed7fccfcd0809f.json"/><script defer="defer" src="theme_head.5f24ba8d7aa944e6f52b.js"></script><link href="app/main.c107f7b9354b6317446a.css" rel="stylesheet"></head><body class="layout_frontend"><app-root><div class="mt-5 d-flex justify-content-center"><div><img class="mb-4 logo logo-themed" alt="Bitwarden"/><p class="text-center"><i class="bwi bwi-spinner bwi-spin bwi-2x text-muted" title="Loading" aria-hidden="true"></i></p></div></div></app-root><script defer="defer" src="app/polyfills.428c25638840333a09ee.js"></script><script defer="defer" src="app/vendor.776201439bfdefee32dc.js"></script><script defer="defer" src="app/main.3a27378a743dd4ad9f70.js"></script></body></html> ``` Nothing else has changed, either between the working and broken versions aside from the vaultwarden code and web contents themselves. The systemd unit file and nginx configurations are identical. But I can provide whatever else might be helpful.

MrUnknownDE closed this issue

2026-04-06 02:06:20 +02:00

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#1624