Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nginx docker service won't start due to missing dhparam.pem file #3743

Open
1 task done
houserockr opened this issue Feb 5, 2024 · 3 comments
Open
1 task done

nginx docker service won't start due to missing dhparam.pem file #3743

houserockr opened this issue Feb 5, 2024 · 3 comments
Labels
bug

Comments

@houserockr
Copy link

Steps To Reproduce

  1. ./bitwarden.sh updateself
  2. ./bitwarden.sh update
  3. ./bitwarden.sh rebuild
  4. ./bitwarden.sh restart
  5. tail bwdata/logs/nginx/error.log yields:
    ./logs/nginx/error.log:2024/02/05 18:22:55 [emerg] 1#1: BIO_new_file("/etc/letsencrypt/live/foo.bar.com/dhparam.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/foo.bar.com/dhparam.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

Expected Result

The nginx service of bitwarden starts.

Actual Result

The nginx service of bitwarden does not start and tries to restart itself due to the missing file dhparam.pem.

Screenshots or Videos

No response

Additional Context

The command ./bitwarden.sh rebuild will also generate the bwdata/nginx/default.conf which contains the following line(s):

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/letsencrypt/live/foo.bar.com/dhparam.pem;

Trying to start bitwarden with ./bitwarden.sh (re)start yields the following
$ tail bwdata/logs/nginx/error.log
./logs/nginx/error.log:2024/02/05 18:22:55 [emerg] 1#1: BIO_new_file("/etc/letsencrypt/live/foo.bar.com/dhparam.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/foo.bar.com/dhparam.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

But that file doesn't exist anywhere in my letsencrypt archive. I found it in an old backup I made about one year ago.
Maybe letsencrypt changed something?

Now I found you can generate that file with
$ openssl dhparam -out dhparams.pem 4096

But I'd prefer not to need that at all.

Build Version

2024.1.2

Environment

Self-Hosted

Environment Details

  • Host OS Debian 12 x86_64
  • Docker 24.0.5
  • Compose 2.9.0
  • BW 2024.1.2

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
@houserockr houserockr added the bug label Feb 5, 2024
@houserockr
Copy link
Author

Additional note:
If I copy the dhparam.pem from my backup to /etc/letsencrypt/live/foo.bar.com/, bitwarden/nginx works again.

@sammbw
Copy link

sammbw commented Feb 7, 2024

Hi there,

I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

@LOENS2
Copy link

LOENS2 commented May 30, 2024

I just had the same problem. After migrating the bwdata folder from my old host to my new host, I had an issue with a parsefail of the certbot renewal config. In order to solve that problem I redid the ./bitwarden.sh install process and copied the new letsencrypt dir in my old bwdata folder. After that, the dhparam.pem file was missing and I had to restore it from a backup, too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@houserockr @LOENS2 @sammbw