Traefik 2 and bitwarden rs protocol ws on notifications/hub

Question

I'm using traefik 2.0 (v2) and i'm trying to configure bitwardenrs on my serv.

This is my docker-compose.yml:

version: "3"

services:
  bitwarden:
    image: bitwardenrs/server
    restart: always
    volumes:
      - ./bw-data:/data
    environment:
      WEBSOCKET_ENABLED: "true" # Required to use websockets
      SIGNUPS_ALLOWED: "false"
      ADMIN_TOKEN: "myadmintoken"
    networks:
      - traefik_network
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.bitwardenRouter.rule=Host(`mywebsite.com`)"
      - "traefik.http.routers.bitwardenRouter.entrypoints=web-secured"
      - "traefik.http.routers.bitwardenRouter.tls=true"
      - "traefik.http.routers.bitwardenRouter.tls.options=default"
      - "traefik.http.routers.bitwardenRouter.tls.certResolver=letsencrypt"

networks:
  traefik_network:
    external: true

When i'm doing this, i have one error:

bitwarden_1  | [2019-10-20 15:12:07][rocket::rocket][INFO] POST /notifications/hub/negotiate text/plain; charset=UTF-8:
bitwarden_1  | [2019-10-20 15:12:07][_][INFO] Matched: POST /notifications/hub/negotiate (negotiate)
bitwarden_1  | [2019-10-20 15:12:07][rocket::rocket][INFO] GET /api/sync?excludeDomains=true application/json:
bitwarden_1  | [2019-10-20 15:12:07][_][INFO] Matched: GET /api/sync?<data..> (sync)
bitwarden_1  | [2019-10-20 15:12:07][_][INFO] Outcome: Success
bitwarden_1  | [2019-10-20 15:12:07][_][INFO] Response succeeded.
bitwarden_1  | [2019-10-20 15:12:07][_][INFO] Outcome: Success
bitwarden_1  | [2019-10-20 15:12:07][_][INFO] Response succeeded.
bitwarden_1  | [2019-10-20 15:12:07][rocket::rocket][INFO] GET /notifications/hub?id=myId&access_token=myToken:
bitwarden_1  | [2019-10-20 15:12:07][_][INFO] Matched: GET /notifications/hub (websockets_err)
bitwarden_1  | [2019-10-20 15:12:07][bitwarden_rs::error][ERROR] '/notifications/hub' should be proxied to the websocket server or notifications won't work. Go to the README for more info.. '/notifications/hub' should be proxied to the websocket server or notifications won't work. Go to the README for more info.

This is the error:

[2019-10-20 15:12:07][bitwarden_rs::error][ERROR] '/notifications/hub' should be proxied to the websocket server or notifications won't work. Go to the README for more info.. '/notifications/hub' should be proxied to the websocket server or notifications won't work. Go to the README for more info.

I tried to find how to to, and with the traefik 1.7 i found this:

- traefik.hub.frontend.rule=Host:bitwarden.domain.tld;Path:/notifications/hub
- traefik.hub.port=3012
- traefik.hub.protocol=ws

But this don't work with the V2 of traefik. I'm asking with this but don't work too:

- "traefik.http.routers.notificationBitwardenRouter.rule=(Host(`mywebsite.com`) && Path(`/notifications/hub`))"
- "traefik.http.routers.notificationBitwardenRouter.entrypoints=web-secured"
- "traefik.http.services.notificationBitwardenRouter.loadbalancer.server.port=3012"
- "traefik.http.services.notificationBitwardenRouter.loadbalancer.server.protocol=ws"
- "traefik.http.services.notificationBitwardenService.loadBalancer.servers=0.0.0.0:3012"

Someone can help me please ?

Answer 1

https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples has been updated with traefik v2.

Traefik v1 labels migrated to Traefik v2

labels:
  - traefik.enable=true
  - traefik.docker.network=traefik
  - traefik.http.routers.bitwarden-ui.rule=Host(`bitwarden.domain.tld`)
  - traefik.http.routers.bitwarden-ui.service=bitwarden-ui
  - traefik.http.services.bitwarden-ui.loadbalancer.server.port=80
  - traefik.http.routers.bitwarden-websocket.rule=Host(`bitwarden.domain.tld`) && Path(`/notifications/hub`)
  - traefik.http.routers.bitwarden-websocket.service=bitwarden-websocket
  - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012

Migrated labels plus HTTP to HTTPS redirect

These labels assume that the entrypoints defined in Traefik for port 80 and 443 are 'web' and 'websecure' respectively.

These labels also assume you already have a default certificates resolver defined in Traefik.

labels:
  - traefik.enable=true
  - traefik.docker.network=traefik
  - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
  - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
  - traefik.http.routers.bitwarden-ui-https.rule=Host(`bitwarden.domain.tld`)
  - traefik.http.routers.bitwarden-ui-https.entrypoints=websecure
  - traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui
  - traefik.http.routers.bitwarden-ui-http.rule=Host(`bitwarden.domain.tld`)
  - traefik.http.routers.bitwarden-ui-http.entrypoints=web
  - traefik.http.routers.bitwarden-ui-http.middlewares=redirect-https
  - traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui
  - traefik.http.services.bitwarden-ui.loadbalancer.server.port=80
  - traefik.http.routers.bitwarden-websocket-https.rule=Host(`bitwarden.domain.tld`) && Path(`/notifications/hub`)
  - traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure
  - traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket
  - traefik.http.routers.bitwarden-websocket-http.rule=Host(`bitwarden.domain.tld`) && Path(`/notifications/hub`)
  - traefik.http.routers.bitwarden-websocket-http.entrypoints=web
  - traefik.http.routers.bitwarden-websocket-http.middlewares=redirect-https
  - traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket
  - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012