Apache Reverse Proxy to Docker

Dec 31, 2021 One-minute read

Caddy, traefik, nginx are usually what comes to mind when you want to reverse proxy. Reverse proxying is something that I have never done before in Apache. I will admit even though Apache was the first web server software I used in my formative years, I’ve always opted for nginx for non-containerized applications. I had an Nextcloud server using Apache thanks to linode’s Nextcloud one-click app. I wanted to add Vaultwarden to the underutilized server. Since I wanted to get Vaultwarden working with minimal headache I chose to use the docker image.

Start the Vaultwarden container

docker pull vaultwarden/server:latest
docker run -d --name vaultwarden -v /vw-data/:/data/ -p 8080:80 vaultwarden/server:latest
Checkout vaultwarden’s wiki for full documentation.

To reverse proxy the docker container, configure the Apache site with the following:

<IfModule mod_ssl.c>
  <VirtualHost *:443>
    ServerName vaultwarden.domain.com
    SSLEngine On
    SSLProxyEngine On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off

    ProxyPreserveHost On
    ProxyPass / http://vaultwarden.domain.com:8080/
    ProxyPassReverse / http://vaultwarden.domain.com:8080/
    ErrorLog /${APACHE_LOG_DIR}/vaultwarden-error.log
    CustomLog /${APACHE_LOG_DIR}/vaultwarden-access.log combined

    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /notifications/hub(.*) ws://vaultwarden.domain.com:3012/$1 [P,L]

    ProxyRequests Off
    RequestHeader set X-Real-IP %{REMOTE_ADDR}s
    RequestHeader set X-Forwarded-Proto https

    SSLCertificateFile /etc/letsencrypt/live/vaultwarden.domain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/vaultwarden.domain.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

Reload Apache and you should now have ssl traffic for your vaultwarden proxied to the docker container.

Bitwarden Login