-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Using an alternate base dir
Traditionally, Bitwarden is limited to residing at the root of a subdomain, e.g. https://bitwarden.example.com
.
This limitation originates in the backend and web vault, which haven't been designed to accommodate alternate base dirs (see bitwarden/server#277). The mobile/desktop apps and browser extensions actually have no issues using a base URL with a path.
In bitwarden_rs, with the changes in PR#868, you can configure the backend server to work properly with an alternate base dir. With a bit more work, it's also possible to modify the web vault to work properly, resulting in a fully functional installation.
Simply configure your domain URL to include the base dir. For example, suppose you want to access your installation at https://bitwarden.example.com/secret-path
.
- Stop bitwarden_rs.
- If you normally configure bitwarden_rs using the admin page, edit your
config.json
to look as follows:{ "domain": "https://bitwarden.example.com/secret-path", // ... other values ... }
- If you normally configure bitwarden_rs via environment variables, update your config files/scripts to set the
DOMAIN
environment variable to the base URL. For example:docker run -e DOMAIN="https://bitwarden.example.com/secret-path" ...
- Restart bitwarden_rs.
- You should now be able to access the web vault at
https://bitwarden.example.com/secret-path/
(note the trailing slash). For reasons not entirely clear, you may run into issues if you usehttps://bitwarden.example.com/secret-path
(without the trailing slash). - Configure your apps or browser extensions to use
https://bitwarden.example.com/secret-path
. If you add a trailing slash, the apps and extensions will automatically remove it before saving.
- Which container image to use
- Starting a container
- Updating the vaultwarden image
- Using Docker Compose
- Using Podman
- Building your own docker image
- Building binary
- Pre-built binaries
- Third-party packages
- Deployment examples
- Proxy examples
- Logrotate example
- Overview
- Disable registration of new users
- Disable invitations
- Enabling admin page
- Disable the admin token
- Enabling WebSocket notifications
- Enabling Mobile Client push notification
- Enabling U2F and FIDO2 WebAuthn authentication
- Enabling YubiKey OTP authentication
- Changing persistent data location
- Changing the API request size limit
- Changing the number of workers
- SMTP configuration
- Translating the email templates
- Password hint display
- Disabling or overriding the Vault interface hosting
- Logging
- Creating a systemd service
- Syncing users from LDAP
- Using an alternate base dir (subdir/subpath)
- Other configuration