starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 09:46:00 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1694] Domain URL configuration results in 404 #1034

New issue
Closed
opened 2026-03-03 02:05:41 +03:00 by kerem · 22 comments
kerem commented 2026-03-03 02:05:41 +03:00
Owner
Copy link

Originally created by @kingofthering on GitHub (May 12, 2021).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1694

FIRST OF ALL THX A LOT FOR YOUR GREAT PROJECT!!!

Subject of the issue

I can start valutwarden successfully with the default "http://localhost" domain URL setting .
When it is running I can configure the domain url in the admin portal to use my proxy's real name https://foo.bar/bitwarden.
Valutwarden is then working perfect, 2FA mails contain the right urls, all clients connect successfully.
When I restart the docker container, I get the following error and the docker instance does not work:

"404: Not Found
The requested resource could not be found.

Rocket"

bitwarden.log
[2021-05-12 19:41:51.859][start][INFO] Rocket has launched from https://0.0.0.0:80
[2021-05-12 19:41:54.274][request][INFO] GET /admin/
[2021-05-12 19:41:54.274][response][INFO] 404 Not Found

When I disable the domain setting in config.json I can restart and set the url again through the admin panel. Everything works again. So everything is perfect, except I cannot reboot without getting stuck.
Is there some startup routine that checks the ssl cert or domain url?
I have tried to configure log_level=debug & EXTENDED_LOGGING=true but cannot generate any debug logging on the issue.

Thx a lot and looking foreward for your help!

Deployment environment

Webserver in the internet, running with apache as proxy for domain https://foo.bar/bitwarden, default ssl port 443. Letsencrypt SSL certs.
Port forwarding from the webserver to my local (ISP) synology with docker (443 to 5555)
Vaultwarden running as docker image, port mapping 80 -> 5555. Rocket_TLS certs copy of the webserver installed

  • Install method: Docker image on synology

  • Clients used: mobile, firefox

  • Reverse proxy and version:
    Server version: Apache/2.4.6 (CentOS)
    Server built: Nov 16 2020 16:18:20

  • Other relevant details:

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.21.0
  • Web-vault version: v2.19.0d
  • Running within Docker: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: SQLite
  • Database version: 3.33.0
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "https://foo.bar/bitwarden/",
  "domain_origin": https://foo.bar/,
  "domain_path": "/bitwarden",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "*****",
  "invitations_allowed": false,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "****@*******.**",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_folder": "data/sends",
  "show_password_hint": true,
  "signups_allowed": true,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": true,
  "smtp_from": "****@*******.**",
  "smtp_from_name": "Bitwarden",
  "smtp_host": "****.****.***",
  "smtp_password": "***",
  "smtp_port": 465,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "****@*******.**",
  "templates_folder": "data/templates",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

docker env variables:
"ROCKET_TLS" = "{certs="/ssl/live/foo.bar/fullchain.pem",key="/ssl/live/foo.bar/privkey.pem"}"
"ROCKET_LIMITS", "{json=104857600}"

Docker volumes
/ssl -> points to a copy of the webservers certs
/data

Originally created by @kingofthering on GitHub (May 12, 2021). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1694 ##### FIRST OF ALL THX A LOT FOR YOUR GREAT PROJECT!!! ##### ### Subject of the issue I can start valutwarden successfully with the default "http://localhost" domain URL setting . When it is running I can configure the domain url in the admin portal to use my proxy's real name https://foo.bar/bitwarden. Valutwarden is then working perfect, 2FA mails contain the right urls, all clients connect successfully. When I restart the docker container, I get the following error and the docker instance does not work: "404: Not Found The requested resource could not be found. ---------------- Rocket" bitwarden.log [2021-05-12 19:41:51.859][start][INFO] Rocket has launched from https://0.0.0.0:80 [2021-05-12 19:41:54.274][request][INFO] GET /admin/ [2021-05-12 19:41:54.274][response][INFO] 404 Not Found When I disable the domain setting in config.json I can restart and set the url again through the admin panel. Everything works again. So everything is perfect, except I cannot reboot without getting stuck. Is there some startup routine that checks the ssl cert or domain url? I have tried to configure log_level=debug & EXTENDED_LOGGING=true but cannot generate any debug logging on the issue. Thx a lot and looking foreward for your help! ### Deployment environment Webserver in the internet, running with apache as proxy for domain https://foo.bar/bitwarden, default ssl port 443. Letsencrypt SSL certs. Port forwarding from the webserver to my local (ISP) synology with docker (443 to 5555) Vaultwarden running as docker image, port mapping 80 -> 5555. Rocket_TLS certs copy of the webserver installed * Install method: Docker image on synology * Clients used: mobile, firefox * Reverse proxy and version: Server version: Apache/2.4.6 (CentOS) Server built: Nov 16 2020 16:18:20 * Other relevant details: ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.21.0 * Web-vault version: v2.19.0d * Running within Docker: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.33.0 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "https://foo.bar/bitwarden/", "domain_origin": https://foo.bar/, "domain_path": "/bitwarden", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "*****", "invitations_allowed": false, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": null, "org_creation_users": "****@*******.**", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": true, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": true, "smtp_from": "****@*******.**", "smtp_from_name": "Bitwarden", "smtp_host": "****.****.***", "smtp_password": "***", "smtp_port": 465, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "****@*******.**", "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": false, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` docker env variables: "ROCKET_TLS" = "{certs=\"/ssl/live/foo.bar/fullchain.pem\",key=\"/ssl/live/foo.bar/privkey.pem\"}" "ROCKET_LIMITS", "{json=104857600}" Docker volumes /ssl -> points to a copy of the webservers certs /data
kerem 2026-03-03 02:05:41 +03:00
kerem commented 2026-03-03 02:05:42 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (May 16, 2021):

It kinda looks like you manually changed the config.json.
If you did that, it could cause some issues.

If you want to change the domain i suggest to use the -e DOMAIN option or set the correct domain within your docker-compose.yml file, same goes for all other settings and remove the config.json file, stop and start the container again and see what happens.

<!-- gh-comment-id:841824086 --> @BlackDex commented on GitHub (May 16, 2021): It kinda looks like you manually changed the `config.json`. If you did that, it could cause some issues. If you want to change the domain i suggest to use the `-e DOMAIN` option or set the correct domain within your `docker-compose.yml` file, same goes for all other settings and remove the `config.json` file, stop and start the container again and see what happens.
kerem commented 2026-03-03 02:05:42 +03:00
Author
Owner
Copy link

@kingofthering commented on GitHub (May 17, 2021):

Hi, thx a lot for your Support!

I have deleted the config and set env Variables but it's still the same behavior. When I set the domain env variable it comes up with the same error message.

I have set -e LOG_LEVEL debug but it does not show up in the admin panel.

Do you have some more tipps where to search?
Thx a lot!

<!-- gh-comment-id:841970976 --> @kingofthering commented on GitHub (May 17, 2021): Hi, thx a lot for your Support! I have deleted the config and set env Variables but it's still the same behavior. When I set the domain env variable it comes up with the same error message. I have set -e LOG_LEVEL debug but it does not show up in the admin panel. Do you have some more tipps where to search? Thx a lot!
kerem commented 2026-03-03 02:05:42 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (May 17, 2021):

Does the changed setting not appear in the support string?

All the logs are going to a file in the data folder by default. The file is called vaultwarden.log

Also check the logs of the reverse proxy you use.

<!-- gh-comment-id:842016761 --> @BlackDex commented on GitHub (May 17, 2021): Does the changed setting not appear in the support string? All the logs are going to a file in the data folder by default. The file is called vaultwarden.log Also check the logs of the reverse proxy you use.
kerem commented 2026-03-03 02:05:42 +03:00
Author
Owner
Copy link

@kingofthering commented on GitHub (May 17, 2021):

I have set all parameters as docker env variables and everything shows up in the support string ... except log_file

"log_file": null,

<!-- gh-comment-id:842467159 --> @kingofthering commented on GitHub (May 17, 2021): I have set all parameters as docker env variables and everything shows up in the support string ... except log_file "log_file": null,
kerem commented 2026-03-03 02:05:43 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (May 17, 2021):

The try to use docker logs vaultwarden or docker logs --since 1440m vaultwarden.
Or to see the current actions: docker logs --follow vaultwarden

<!-- gh-comment-id:842489169 --> @BlackDex commented on GitHub (May 17, 2021): The try to use `docker logs vaultwarden` or `docker logs --since 1440m vaultwarden`. Or to see the current actions: `docker logs --follow vaultwarden`
kerem commented 2026-03-03 02:05:43 +03:00
Author
Owner
Copy link

@kingofthering commented on GitHub (May 19, 2021):

Thx a lot.
Ok it generates debug log entries in the terminal but unfortunately nothing during startup about the 404 error.
I have migratet all settings to docker env and everything except the domain works.
The proxy is not involved in the problem since I already get the error when I connect directly to the docker container.

Any hint how to debug further?

Thx a lot

<!-- gh-comment-id:844106403 --> @kingofthering commented on GitHub (May 19, 2021): Thx a lot. Ok it generates debug log entries in the terminal but unfortunately nothing during startup about the 404 error. I have migratet all settings to docker env and everything except the domain works. The proxy is not involved in the problem since I already get the error when I connect directly to the docker container. Any hint how to debug further? Thx a lot
kerem commented 2026-03-03 02:05:43 +03:00
Author
Owner
Copy link

@bokkabonga commented on GitHub (May 25, 2021):

I faced a similiar Problem when deploying vaultwarden (still bitwarden_rs back then) behind an reverse proxy using an apache und CentOS. As far as i understand your configuration correctly you still let vaultwarden handle the ssl encryption, right?
If i remember correctly I had the excact same probmlen as you and solved it by moving the ssl encryption beeing handled by the proxy. So my Setup looked something likes this:

Client <-> Proxy = SSL Encrypted
Proxy <-> Docker = Unencrypted

This should still be fine from a security perspective as far as i know and this is also referrd to in the wiki:

"Note that when you put vaultwarden behind a reverse proxy, the connections between the reverse proxy and vaultwarden are typically assumed to be going through a secure private network, and thus do not need to be encrypted. The examples below assume you are running in this configuration, in which case you should not enable the HTTPS functionality built into vaultwarden (i.e., you should not set the ROCKET_TLS environment variable). If you do, connections will fail since the reverse proxy is using HTTP to connect to vaultwarden, but you're configuring vaultwarden to expect HTTPS."

<!-- gh-comment-id:847578434 --> @bokkabonga commented on GitHub (May 25, 2021): I faced a similiar Problem when deploying vaultwarden (still bitwarden_rs back then) behind an reverse proxy using an apache und CentOS. As far as i understand your configuration correctly you still let vaultwarden handle the ssl encryption, right? If i remember correctly I had the excact same probmlen as you and solved it by moving the ssl encryption beeing handled by the proxy. So my Setup looked something likes this: Client <-> Proxy = SSL Encrypted Proxy <-> Docker = Unencrypted This should still be fine from a security perspective as far as i know and this is also referrd to in the [wiki](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples): "Note that when you put vaultwarden behind a reverse proxy, the connections between the reverse proxy and vaultwarden are typically assumed to be going through a secure private network, and thus do not need to be encrypted. The examples below assume you are running in this configuration, in which case you should not enable the HTTPS functionality built into vaultwarden (i.e., you should not set the ROCKET_TLS environment variable). If you do, connections will fail since the reverse proxy is using HTTP to connect to vaultwarden, but you're configuring vaultwarden to expect HTTPS."
kerem commented 2026-03-03 02:05:43 +03:00
Author
Owner
Copy link

@kingofthering commented on GitHub (May 25, 2021):

Hi Bokkabonga,
thx a lot for your reply and that you had the same problem.
I do not have a secure tunnel between the proxy and docker and therefore need the secured connection.

However, I will try to disable ROCKET_TLS and check if the problem is caused by this setting.

Thx a lot

<!-- gh-comment-id:847581690 --> @kingofthering commented on GitHub (May 25, 2021): Hi Bokkabonga, thx a lot for your reply and that you had the same problem. I do not have a secure tunnel between the proxy and docker and therefore need the secured connection. However, I will try to disable ROCKET_TLS and check if the problem is caused by this setting. Thx a lot
kerem commented 2026-03-03 02:05:43 +03:00
Author
Owner
Copy link

@kingofthering commented on GitHub (May 25, 2021):

I have removed the ROCLKET_TLS Settings and the problem remain: if the domain setting is present, the server responds 404

<!-- gh-comment-id:847633867 --> @kingofthering commented on GitHub (May 25, 2021): I have removed the ROCLKET_TLS Settings and the problem remain: if the domain setting is present, the server responds 404
kerem commented 2026-03-03 02:05:43 +03:00
Author
Owner
Copy link

@bokkabonga commented on GitHub (May 25, 2021):

Can you show us your Port mapping for the Docker Container? Or did i miss it in your original post?

<!-- gh-comment-id:847634682 --> @bokkabonga commented on GitHub (May 25, 2021): Can you show us your Port mapping for the Docker Container? Or did i miss it in your original post?
kerem commented 2026-03-03 02:05:43 +03:00
Author
Owner
Copy link

@kingofthering commented on GitHub (May 25, 2021):

I have mapped:
Apache proxy 443 -> Synology 5555
Docker port 5555 -> Vaultwarden 80

<!-- gh-comment-id:847665646 --> @kingofthering commented on GitHub (May 25, 2021): I have mapped: Apache proxy 443 -> Synology 5555 Docker port 5555 -> Vaultwarden 80
kerem commented 2026-03-03 02:05:43 +03:00
Author
Owner
Copy link

@bokkabonga commented on GitHub (May 25, 2021):

How excactly did you map this in your Docker-Compose? I remember someone facing a similiar problem in the forum who fixed it by changing his port mapping from:

Ports:

  • 5080:443

To:

Ports:

  • 127.0.0.1:5080:443

I´m not sure however if this is a possible solution for you, but might me worth a shot.

<!-- gh-comment-id:847696126 --> @bokkabonga commented on GitHub (May 25, 2021): How excactly did you map this in your Docker-Compose? I remember someone facing a similiar problem in the forum who fixed it by changing his port mapping from: Ports: - 5080:443 To: Ports: - 127.0.0.1:5080:443 I´m not sure however if this is a possible solution for you, but might me worth a shot.
kerem commented 2026-03-03 02:05:43 +03:00
Author
Owner
Copy link

@kingofthering commented on GitHub (May 25, 2021):

hi,
i have tested to use port 443 of the docker container but it does not respond at all.

thx

<!-- gh-comment-id:847700489 --> @kingofthering commented on GitHub (May 25, 2021): hi, i have tested to use port 443 of the docker container but it does not respond at all. thx
kerem commented 2026-03-03 02:05:43 +03:00
Author
Owner
Copy link

@bokkabonga commented on GitHub (May 25, 2021):

Ah Sorry if this was misleading. I was rather reffering to adding 127.0.0.1 to the mapping, not changing the Port!

<!-- gh-comment-id:847701966 --> @bokkabonga commented on GitHub (May 25, 2021): Ah Sorry if this was misleading. I was rather reffering to adding 127.0.0.1 to the mapping, not changing the Port!
kerem commented 2026-03-03 02:05:43 +03:00
Author
Owner
Copy link

@kingofthering commented on GitHub (May 25, 2021):

So this is my docker port mapping, which one do you propose to bind to localhost?
The port inside the container or the docker interface one?

"port_bindings" : [
{
"container_port" : 3012,
"host_port" : 0,
"type" : "tcp"
},
{
"container_port" : 80,
"host_port" : 5555,
"type" : "tcp"
}
],

<!-- gh-comment-id:847728393 --> @kingofthering commented on GitHub (May 25, 2021): So this is my docker port mapping, which one do you propose to bind to localhost? The port inside the container or the docker interface one? "port_bindings" : [ { "container_port" : 3012, "host_port" : 0, "type" : "tcp" }, { "container_port" : 80, "host_port" : 5555, "type" : "tcp" } ],
kerem commented 2026-03-03 02:05:43 +03:00
Author
Owner
Copy link

@bokkabonga commented on GitHub (May 25, 2021):

If i understand this correctly i would suggest the following:

"port_bindings" : [
{
"container_port" : 3012,
"host_port" : 0,
"type" : "tcp"
},
{
"container_port" : 127.0.0.1:80,
"host_port" : 5555,
"type" : "tcp"
}
],

<!-- gh-comment-id:847765964 --> @bokkabonga commented on GitHub (May 25, 2021): If i understand this correctly i would suggest the following: "port_bindings" : [ { "container_port" : 3012, "host_port" : 0, "type" : "tcp" }, { "container_port" : 127.0.0.1:80, "host_port" : 5555, "type" : "tcp" } ],
kerem commented 2026-03-03 02:05:44 +03:00
Author
Owner
Copy link

@kingofthering commented on GitHub (May 25, 2021):

thx for the tip ... but it doesnt wortk

how can i troubleshoot this, the debug log doesn't help. what can i do within the container?

<!-- gh-comment-id:847835253 --> @kingofthering commented on GitHub (May 25, 2021): thx for the tip ... but it doesnt wortk how can i troubleshoot this, the debug log doesn't help. what can i do within the container?
kerem commented 2026-03-03 02:05:44 +03:00
Author
Owner
Copy link

@bokkabonga commented on GitHub (May 25, 2021):

You might want to set the Log_Level env to "debug" or even "trace" to get more detailed logfiles.

<!-- gh-comment-id:847839918 --> @bokkabonga commented on GitHub (May 25, 2021): You might want to set the Log_Level env to "debug" or even "trace" to get more detailed logfiles.
kerem commented 2026-03-03 02:05:44 +03:00
Author
Owner
Copy link

@JensTimmerman commented on GitHub (Jun 1, 2021):

I'm seeing the same issue,

when I configure my url to be https://example.com/bitwarden/ rocket seems to generate bitwarden/api/xxx routes

however the normal routes should still be in place because I have bitwarden running on http://0.0.0.:8000 and have it behind an nginx proxy that makes it available at https://example.com/bitwarden/

setting the url in the config to https://example.com/ makes bitwarden work, however the admin interface then does not work. So at the moment I have the workaround but this makes the admin interface not work, which I actually need to work...

is there a way to set domain_origin in the config file?

<!-- gh-comment-id:852163864 --> @JensTimmerman commented on GitHub (Jun 1, 2021): I'm seeing the same issue, when I configure my url to be https://example.com/bitwarden/ rocket seems to generate bitwarden/api/xxx routes however the normal routes should still be in place because I have bitwarden running on http://0.0.0.:8000 and have it behind an nginx proxy that makes it available at https://example.com/bitwarden/ setting the url in the config to https://example.com/ makes bitwarden work, however the admin interface then does not work. So at the moment I have the workaround but this makes the admin interface not work, which I actually need to work... is there a way to set domain_origin in the config file?
kerem commented 2026-03-03 02:05:44 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Jun 1, 2021):

I'm seeing the same issue,

when I configure my url to be https://example.com/bitwarden/ rocket seems to generate bitwarden/api/xxx routes

however the normal routes should still be in place because I have bitwarden running on http://0.0.0.:8000 and have it behind an nginx proxy that makes it available at https://example.com/bitwarden/

setting the url in the config to https://example.com/ makes bitwarden work, however the admin interface then does not work. So at the moment I have the workaround but this makes the admin interface not work, which I actually need to work...

is there a way to set domain_origin in the config file?

You can't mix/match different entry-points. We need the full actual URL for all items to work.
It's either with or without sub-path, not one IP which has it, and the other which doesn't.

We need to full URL because of e-mails which are sent which need that.
So, i suggest to also access the admin by using https://example.com/bitwarden/admin instead of http://0.0.0.0:8000/admin

<!-- gh-comment-id:852177280 --> @BlackDex commented on GitHub (Jun 1, 2021): > I'm seeing the same issue, > > when I configure my url to be https://example.com/bitwarden/ rocket seems to generate bitwarden/api/xxx routes > > however the normal routes should still be in place because I have bitwarden running on http://0.0.0.:8000 and have it behind an nginx proxy that makes it available at https://example.com/bitwarden/ > > setting the url in the config to https://example.com/ makes bitwarden work, however the admin interface then does not work. So at the moment I have the workaround but this makes the admin interface not work, which I actually need to work... > > is there a way to set domain_origin in the config file? You can't mix/match different entry-points. We need the full actual URL for all items to work. It's either with or without sub-path, not one IP which has it, and the other which doesn't. We need to full URL because of e-mails which are sent which need that. So, i suggest to also access the admin by using `https://example.com/bitwarden/admin` instead of `http://0.0.0.0:8000/admin`
kerem commented 2026-03-03 02:05:44 +03:00
Author
Owner
Copy link

@JensTimmerman commented on GitHub (Jun 1, 2021):

@BlackDex Sure, I understand, that is exactly what I am trying to do, however, it doesn't work.

If I put DOMAIN=https://example.com/bitwarden/ in the environment I see rocket creating the wrong routes:

[2021-06-01 14:04:00.158][routes][INFO] Routes loaded:
[2021-06-01 14:04:00.158][routes][INFO] GET    /bitwarden
[2021-06-01 14:04:00.158][routes][INFO] GET    /bitwarden/<p..> [10]
[2021-06-01 14:04:00.158][routes][INFO] GET    /bitwarden/admin [1]
[2021-06-01 14:04:00.158][routes][INFO] GET    /bitwarden/admin [2]
[2021-06-01 14:04:00.158][routes][INFO] POST   /bitwarden/admin
[2021-06-01 14:04:00.158][routes][INFO] POST   /bitwarden/admin/config
[2021-06-01 14:04:00.159][routes][INFO] POST   /bitwarden/admin/config/backup_db
[2021-06-01 14:04:00.159][routes][INFO] POST   /bitwarden/admin/config/delete
[2021-06-01 14:04:00.159][routes][INFO] GET    /bitwarden/admin/diagnostics
[2021-06-01 14:04:00.159][routes][INFO] GET    /bitwarden/admin/diagnostics/config
[2021-06-01 14:04:00.159][routes][INFO] POST   /bitwarden/admin/invite
[2021-06-01 14:04:00.159][routes][INFO] GET    /bitwarden/admin/logout
[2021-06-01 14:04:00.159][routes][INFO] POST   /bitwarden/admin/organizations/<uuid>/delete
[2021-06-01 14:04:00.159][routes][INFO] GET    /bitwarden/admin/organizations/overview
[2021-06-01 14:04:00.159][routes][INFO] POST   /bitwarden/admin/test/smtp
[2021-06-01 14:04:00.159][routes][INFO] GET    /bitwarden/admin/users
[2021-06-01 14:04:00.159][routes][INFO] POST   /bitwarden/admin/users/<uuid>/deauth
[2021-06-01 14:04:00.159][routes][INFO] POST   /bitwarden/admin/users/<uuid>/delete
[2021-06-01 14:04:00.159][routes][INFO] POST   /bitwarden/admin/users/<uuid>/disable
[2021-06-01 14:04:00.159][routes][INFO] POST   /bitwarden/admin/users/<uuid>/enable
[2021-06-01 14:04:00.160][routes][INFO] POST   /bitwarden/admin/users/<uuid>/remove-2fa
[2021-06-01 14:04:00.160][routes][INFO] POST   /bitwarden/admin/users/org_type
[2021-06-01 14:04:00.160][routes][INFO] GET    /bitwarden/admin/users/overview
[2021-06-01 14:04:00.160][routes][INFO] POST   /bitwarden/admin/users/update_revision
[2021-06-01 14:04:00.160][routes][INFO] GET    /bitwarden/alive
[2021-06-01 14:04:00.160][routes][INFO] DELETE /bitwarden/api/accounts
[2021-06-01 14:04:00.160][routes][INFO] POST   /bitwarden/api/accounts/delete
[2021-06-01 14:04:00.160][routes][INFO] POST   /bitwarden/api/accounts/delete-recover
[2021-06-01 14:04:00.160][routes][INFO] POST   /bitwarden/api/accounts/delete-recover-token
[2021-06-01 14:04:00.160][routes][INFO] POST   /bitwarden/api/accounts/email
[2021-06-01 14:04:00.160][routes][INFO] POST   /bitwarden/api/accounts/email-token
[2021-06-01 14:04:00.160][routes][INFO] POST   /bitwarden/api/accounts/kdf
[2021-06-01 14:04:00.160][routes][INFO] POST   /bitwarden/api/accounts/key
[2021-06-01 14:04:00.160][routes][INFO] POST   /bitwarden/api/accounts/keys
[2021-06-01 14:04:00.160][routes][INFO] POST   /bitwarden/api/accounts/password
[2021-06-01 14:04:00.160][routes][INFO] POST   /bitwarden/api/accounts/password-hint

it shoudn't put the /bitwarden/ part as part of it routes, since I have a reverse proxy configured to handle request for
https://example.com/bitwarden to http://0.0.0.0:8000/

So that configuration gives a 404

Are you saying I should then configure the reverse proxy to handle request to http://0.0.0.0:8000/bitwarden ?

I don't have a mail server installed, so the urls in the mails are not important to me at the moment.

If I put DOMAIN=https://example.com/ everything seems to work, I can access the admin interface on https://example.com/bitwarden/admin However the css is not loaded, and the api request the admin interfaces tries to make fail. The api requests the rest of voltwarden tries to make work.

<!-- gh-comment-id:852321235 --> @JensTimmerman commented on GitHub (Jun 1, 2021): @BlackDex Sure, I understand, that is exactly what I am trying to do, however, it doesn't work. If I put `DOMAIN=https://example.com/bitwarden/` in the environment I see rocket creating the wrong routes: ``` [2021-06-01 14:04:00.158][routes][INFO] Routes loaded: [2021-06-01 14:04:00.158][routes][INFO] GET /bitwarden [2021-06-01 14:04:00.158][routes][INFO] GET /bitwarden/<p..> [10] [2021-06-01 14:04:00.158][routes][INFO] GET /bitwarden/admin [1] [2021-06-01 14:04:00.158][routes][INFO] GET /bitwarden/admin [2] [2021-06-01 14:04:00.158][routes][INFO] POST /bitwarden/admin [2021-06-01 14:04:00.158][routes][INFO] POST /bitwarden/admin/config [2021-06-01 14:04:00.159][routes][INFO] POST /bitwarden/admin/config/backup_db [2021-06-01 14:04:00.159][routes][INFO] POST /bitwarden/admin/config/delete [2021-06-01 14:04:00.159][routes][INFO] GET /bitwarden/admin/diagnostics [2021-06-01 14:04:00.159][routes][INFO] GET /bitwarden/admin/diagnostics/config [2021-06-01 14:04:00.159][routes][INFO] POST /bitwarden/admin/invite [2021-06-01 14:04:00.159][routes][INFO] GET /bitwarden/admin/logout [2021-06-01 14:04:00.159][routes][INFO] POST /bitwarden/admin/organizations/<uuid>/delete [2021-06-01 14:04:00.159][routes][INFO] GET /bitwarden/admin/organizations/overview [2021-06-01 14:04:00.159][routes][INFO] POST /bitwarden/admin/test/smtp [2021-06-01 14:04:00.159][routes][INFO] GET /bitwarden/admin/users [2021-06-01 14:04:00.159][routes][INFO] POST /bitwarden/admin/users/<uuid>/deauth [2021-06-01 14:04:00.159][routes][INFO] POST /bitwarden/admin/users/<uuid>/delete [2021-06-01 14:04:00.159][routes][INFO] POST /bitwarden/admin/users/<uuid>/disable [2021-06-01 14:04:00.159][routes][INFO] POST /bitwarden/admin/users/<uuid>/enable [2021-06-01 14:04:00.160][routes][INFO] POST /bitwarden/admin/users/<uuid>/remove-2fa [2021-06-01 14:04:00.160][routes][INFO] POST /bitwarden/admin/users/org_type [2021-06-01 14:04:00.160][routes][INFO] GET /bitwarden/admin/users/overview [2021-06-01 14:04:00.160][routes][INFO] POST /bitwarden/admin/users/update_revision [2021-06-01 14:04:00.160][routes][INFO] GET /bitwarden/alive [2021-06-01 14:04:00.160][routes][INFO] DELETE /bitwarden/api/accounts [2021-06-01 14:04:00.160][routes][INFO] POST /bitwarden/api/accounts/delete [2021-06-01 14:04:00.160][routes][INFO] POST /bitwarden/api/accounts/delete-recover [2021-06-01 14:04:00.160][routes][INFO] POST /bitwarden/api/accounts/delete-recover-token [2021-06-01 14:04:00.160][routes][INFO] POST /bitwarden/api/accounts/email [2021-06-01 14:04:00.160][routes][INFO] POST /bitwarden/api/accounts/email-token [2021-06-01 14:04:00.160][routes][INFO] POST /bitwarden/api/accounts/kdf [2021-06-01 14:04:00.160][routes][INFO] POST /bitwarden/api/accounts/key [2021-06-01 14:04:00.160][routes][INFO] POST /bitwarden/api/accounts/keys [2021-06-01 14:04:00.160][routes][INFO] POST /bitwarden/api/accounts/password [2021-06-01 14:04:00.160][routes][INFO] POST /bitwarden/api/accounts/password-hint ``` it shoudn't put the `/bitwarden/` part as part of it routes, since I have a reverse proxy configured to handle request for `https://example.com/bitwarden` to `http://0.0.0.0:8000/` So that configuration gives a 404 Are you saying I should then configure the reverse proxy to handle request to `http://0.0.0.0:8000/bitwarden` ? I don't have a mail server installed, so the urls in the mails are not important to me at the moment. If I put `DOMAIN=https://example.com/` everything seems to work, I can access the admin interface on `https://example.com/bitwarden/admin` However the css is not loaded, and the api request the admin interfaces tries to make fail. The api requests the rest of voltwarden tries to make work.
kerem commented 2026-03-03 02:05:44 +03:00
Author
Owner
Copy link

@jjlin commented on GitHub (Jun 1, 2021):

See https://github.com/dani-garcia/vaultwarden/wiki/Using-an-alternate-base-dir#reverse-proxying

<!-- gh-comment-id:852323310 --> @jjlin commented on GitHub (Jun 1, 2021): See https://github.com/dani-garcia/vaultwarden/wiki/Using-an-alternate-base-dir#reverse-proxying
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.8
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#1034
No description provided.