Using an alternate base dir
Traditionally, Bitwarden is limited to residing at the root of a subdomain, e.g. https://bitwarden.example.com.
This limitation originates in the backend and web vault, which haven't been designed to accommodate alternate base dirs (see bitwarden/server#277). The mobile/desktop apps and browser extensions actually have no issues using a base URL with a path.
In bitwarden_rs, with the changes in PR#868, you can configure the backend server to work properly with an alternate base dir. With a bit more work, it's also possible to modify the web vault to work properly, resulting in a fully functional installation.
Simply configure your domain URL to include the base dir. For example, suppose you want to access your installation at https://bitwarden.example.com/secret-dir.
- Stop bitwarden_rs.
- If you normally configure bitwarden_rs using the admin page, edit your
config.jsonto look as follows:{ "domain": "https://bitwarden.example.com/secret-dir", // ... other values ... }
- If you normally configure bitwarden_rs via environment variables, update your config files/scripts to set the
DOMAINenvironment variable to the base URL. For example:docker run -e DOMAIN="https://bitwarden.example.com/secret-dir" ... - Restart bitwarden_rs.
- You should now be able to access the web vault (assuming it has been modified appropriately; see the next section) at
https://bitwarden.example.com/secret-dir/(note the trailing slash). For reasons not entirely clear, you may run into issues if you usehttps://bitwarden.example.com/secret-dir(without the trailing slash). - Configure your apps or browser extensions to use
https://bitwarden.example.com/secret-dir. If you add a trailing slash, the apps and extensions will automatically remove it before saving.
The issue with the web vault is there's no simple way to configure it for a specific base URL. Instead, the code generally just assumes the web vault URL is given by window.location.origin, which always represents the root of the subdomain. This is true of both the upstream web vault and the patched version used in bitwarden_rs:
- https://github.com/bitwarden/web/blob/f7f7040/src/app/services/services.module.ts#L137-L144
- https://github.com/dani-garcia/bw_web_builds/blob/5c9de1a/patches/v2.11.0.patch#L17-L29
Here are some approaches you could take to modify the web vault to work at a different base dir.
Modify the upstream code and/or bitwarden_rs patches and rebuild the web vault. (Someone else can document this if they're interested.)
- Enter a shell in the bitwarden_rs container:
docker exec -it <container-name> /bin/sh - Patch the web vault:
sed -i "s|window\.location\.origin|window.location.origin+'/secret-dir'|g" /web-vault/app/main*.js(of course, replace/secret-dirwith your actual base dir)
🏠 Wiki Home · 📖 FAQs · ⚙️ Configuration · 🔒 Hardening Guide · 🐳 Docker
❤️ Love Vaultwarden? Consider supporting upstream Bitwarden — without their work, this project wouldn't exist.
Vaultwarden is an unofficial, community-driven Bitwarden-compatible server. It is not associated with, endorsed by, or affiliated with Bitwarden, Inc. — "Bitwarden" is a trademark of Bitwarden, Inc.
Maintained with care by @dani-garcia and contributors · Wiki content licensed under the project's terms