-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Using an alternate base dir
Traditionally, Bitwarden is limited to residing at the root of a subdomain, e.g. https://bitwarden.example.com
.
This limitation originates in the backend and web vault, which haven't been designed to accommodate alternate base dirs (see bitwarden/server#277). The mobile/desktop apps and browser extensions actually have no issues using a base URL with a path.
In bitwarden_rs, with the changes in PR#868 (backend) and PR#11 (web vault), you can configure a fully functional instance at an alternate base dir.
Simply configure your domain URL to include the base dir. For example, suppose you want to access your instance at https://bitwarden.example.com/base-dir
. (Note that you can also use multiple levels of directories, like https://bitwarden.example.com/multi/level/base/dir
if you want.)
-
Stop bitwarden_rs.
-
If you normally configure bitwarden_rs using the admin page, edit your
config.json
to look as follows:{ "domain": "https://bitwarden.example.com/base-dir", // ... other values ... }
-
If you normally configure bitwarden_rs via environment variables, update your config files/scripts to set the
DOMAIN
environment variable to the base URL. For example:docker run -e DOMAIN="https://bitwarden.example.com/base-dir" ...
-
Restart bitwarden_rs.
-
You should now be able to access the web vault at
https://bitwarden.example.com/base-dir/
(note the trailing slash). For reasons not entirely clear, you'll probably run into issues if you usehttps://bitwarden.example.com/base-dir
(without the trailing slash). -
Configure your apps or browser extensions to use
https://bitwarden.example.com/base-dir
. If you add a trailing slash, the apps and extensions will automatically remove it before saving. -
Note over 5. The trailing slash
/
issue could be solved by appending/
after the route location string. For example, in nginx.location /my-base-path { # This config would cause `/` issue } location /my-base-path-2/ { # This config works perfectly }
If you are putting bitwarden_rs behind a reverse proxy, make sure your proxy is configured to pass the request path through to bitwarden_rs, since the bitwarden_rs API routes are set up to expect the base dir. So if a request for https://bitwarden.example.com/base-dir/api/sync
hits your reverse proxy, which then proxies to your bitwarden_rs listening on localhost:8080
, the request must go to http://localhost:8080/base-dir/api/sync
, not http://localhost:8080/api/sync
.
- Which container image to use
- Starting a container
- Updating the vaultwarden image
- Using Docker Compose
- Using Podman
- Building your own docker image
- Building binary
- Pre-built binaries
- Third-party packages
- Deployment examples
- Proxy examples
- Logrotate example
- Overview
- Disable registration of new users
- Disable invitations
- Enabling admin page
- Disable the admin token
- Enabling WebSocket notifications
- Enabling Mobile Client push notification
- Enabling U2F and FIDO2 WebAuthn authentication
- Enabling YubiKey OTP authentication
- Changing persistent data location
- Changing the API request size limit
- Changing the number of workers
- SMTP configuration
- Translating the email templates
- Password hint display
- Disabling or overriding the Vault interface hosting
- Logging
- Creating a systemd service
- Syncing users from LDAP
- Using an alternate base dir (subdir/subpath)
- Other configuration