starred/vaultwarden

Fork 0

mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-25 17:25:57 +03:00

[GH-ISSUE #241] Run locally at suburl #118

New issue

Closed

opened 2026-03-03 01:25:06 +03:00 by kerem · 8 comments

kerem commented

2026-03-03 01:25:06 +03:00

Owner

Originally created by @skug67 on GitHub (Nov 6, 2018).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/241

I'm running bitwarden_rs locally (i.e., not in a docker container) and using Apache as reverse proxy via a suburl from my main web-facing domain name. The setup was comparatively easy -- just adding the url prefix to the "mount" commands in main.rs got me 98% of the way there. I then had to customize web-vault source in a couple of places -- the baseUrl in jslib/src/services/api.service.ts, and the urls for api and identity in src/app/services/services.module.ts.

At that point I pretty much had a usable system. But immediately post-login there was a post request sent to "hub/negotiate" instead of to "/hub/negotiate" As far as I can tell this call is coming from line 20 of api/notifications.rs. But I can't figure out why it's not respecting the previously defined url prefix from the mount command on line 57 of main.rs [in my setup now = .mount("//notifications", api::notifications_routes())]

I'm working around it for now by just using apache to redirect /hub/negotiate to /hub/negotiate. But I'd love to figure out how to solve the problem internally to bitwarden_rs.

Thanks in advance for any advice. And thanks a million for a great project.

Originally created by @skug67 on GitHub (Nov 6, 2018). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/241 I'm running bitwarden_rs locally (i.e., not in a docker container) and using Apache as reverse proxy via a suburl from my main web-facing domain name. The setup was comparatively easy -- just adding the url prefix to the "mount" commands in main.rs got me 98% of the way there. I then had to customize web-vault source in a couple of places -- the baseUrl in jslib/src/services/api.service.ts, and the urls for api and identity in src/app/services/services.module.ts. At that point I pretty much had a usable system. But immediately post-login there was a post request sent to "hub/negotiate" instead of to "<urlprefix>/hub/negotiate" As far as I can tell this call is coming from line 20 of api/notifications.rs. But I can't figure out why it's not respecting the previously defined url prefix from the mount command on line 57 of main.rs [in my setup now = .mount("/<urlprefix>/notifications", api::notifications_routes())] I'm working around it for now by just using apache to redirect /hub/negotiate to <urlprefix>/hub/negotiate. But I'd love to figure out how to solve the problem internally to bitwarden_rs. Thanks in advance for any advice. And thanks a million for a great project.

kerem closed this issue

2026-03-03 01:25:06 +03:00

kerem commented

2026-03-03 01:25:07 +03:00

Author

Owner

@dani-garcia commented on GitHub (Nov 6, 2018):

If the post request is sent to the wrong URL, then the problem is probably from the web vault config.
Make sure you are also setting the notificationsUrl along the baseUrl from the services.module.ts file.

You can check the set-vault-baseurl.patch file inside the docker folder, which is the changes to the web vault that are applied to the docker version.

@dani-garcia commented on GitHub (Nov 6, 2018): If the post request is sent to the wrong URL, then the problem is probably from the web vault config. Make sure you are also setting the notificationsUrl along the baseUrl from the services.module.ts file. You can check the set-vault-baseurl.patch file inside the docker folder, which is the changes to the web vault that are applied to the docker version.

kerem commented

2026-03-03 01:25:07 +03:00

Author

Owner

@skug67 commented on GitHub (Nov 6, 2018):

Yup. Just needed to add my prefix at line 24 of your patch and everything works perfectly.

@skug67 commented on GitHub (Nov 6, 2018): Yup. Just needed to add my prefix at line 24 of your patch and everything works perfectly.

kerem commented

2026-03-03 01:25:07 +03:00

Author

Owner

@mprasil commented on GitHub (Nov 6, 2018):

@skug67 if you ever want to document your efforts, a PR with some *.md file would be very welcome.

@mprasil commented on GitHub (Nov 6, 2018): @skug67 if you ever want to document your efforts, a PR with some *.md file would be very welcome.

kerem commented

2026-03-03 01:25:07 +03:00

Author

Owner

@skug67 commented on GitHub (Nov 6, 2018):

My coding/git skills are close to non-existent. I figured all of this
out pretty much via trial-and-error. But I was able to create three
diff files (one for bitwarden_rs itself, one for the mainstream
bitwarden web source code, and one for the jslib files that the
bitwarden web code incorporates by reference. I've also got an apache
conf file that handles the reverse proxy stuff (it assumes it's running
on an SSL enabled site). In each of the files I use URLPREFIX for the
prefix that fronts the bitwarden site (both web interface and api, etc
calls). I also assume that rocket is serving the backend on port 8000
as per the default in your .env file. All those files are attached.
Hopefully someone with more git skills than me can roll this into
something that makes its way into the repository.

On 2018-11-06 9:37 am, mprasil wrote:

@skug67 [1] if you ever want to document your efforts, a PR with some *.md file would be very welcome.

--
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub [2], or mute the thread [3].

Links:

[1] https://github.com/skug67
[2]
https://github.com/dani-garcia/bitwarden_rs/issues/241#issuecomment-436274444
[3]
https://github.com/notifications/unsubscribe-auth/AH1-wMIhyKOr_XUXjsLktRZ_ZsrXFQphks5usZ7HgaJpZM4YQceh
<Location /URLPREFIX/hub/negotiate>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:3012/$1 [P,L]
ProxyPass http://localhost:8000/URLPREFIX/hub/negotiate keepalive=on
ProxyPassReverse http://localhost:8000/URLPREFIX/hub/negotiate
ProxyPreserveHost Off
RequestHeader set X-Forwarded-Proto "https"
Require all granted

<Location /URLPREFIX/hub>
ProxyPass ws://localhost:3012/URLPREFIX/hub
ProxyPassReverse ws://localhost:3012/URLPREFIX/hub
ProxyPreserveHost Off
RequestHeader set X-Forwarded-Proto "https"
Require all granted

<Location /URLPREFIX>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:3012/$1 [P,L]
ProxyPass http://localhost:8000/URLPREFIX keepalive=on
ProxyPassReverse http://localhost:8000/URLPREFIX
ProxyPreserveHost Off
RequestHeader set X-Forwarded-Proto "https"
Require all granted

@skug67 commented on GitHub (Nov 6, 2018): My coding/git skills are close to non-existent. I figured all of this out pretty much via trial-and-error. But I was able to create three diff files (one for bitwarden_rs itself, one for the mainstream bitwarden web source code, and one for the jslib files that the bitwarden web code incorporates by reference. I've also got an apache conf file that handles the reverse proxy stuff (it assumes it's running on an SSL enabled site). In each of the files I use URLPREFIX for the prefix that fronts the bitwarden site (both web interface and api, etc calls). I also assume that rocket is serving the backend on port 8000 as per the default in your .env file. All those files are attached. Hopefully someone with more git skills than me can roll this into something that makes its way into the repository. On 2018-11-06 9:37 am, mprasil wrote: > @skug67 [1] if you ever want to document your efforts, a PR with some *.md file would be very welcome. > > -- > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub [2], or mute the thread [3]. Links: ------ [1] https://github.com/skug67 [2] https://github.com/dani-garcia/bitwarden_rs/issues/241#issuecomment-436274444 [3] https://github.com/notifications/unsubscribe-auth/AH1-wMIhyKOr_XUXjsLktRZ_ZsrXFQphks5usZ7HgaJpZM4YQceh <Location /URLPREFIX/hub/negotiate> RewriteEngine On RewriteCond %{HTTP:Upgrade} =websocket [NC] RewriteRule /(.*) ws://localhost:3012/$1 [P,L] ProxyPass http://localhost:8000/URLPREFIX/hub/negotiate keepalive=on ProxyPassReverse http://localhost:8000/URLPREFIX/hub/negotiate ProxyPreserveHost Off RequestHeader set X-Forwarded-Proto "https" Require all granted </Location> <Location /URLPREFIX/hub> ProxyPass ws://localhost:3012/URLPREFIX/hub ProxyPassReverse ws://localhost:3012/URLPREFIX/hub ProxyPreserveHost Off RequestHeader set X-Forwarded-Proto "https" Require all granted </Location> <Location /URLPREFIX> RewriteEngine On RewriteCond %{HTTP:Upgrade} =websocket [NC] RewriteRule /(.*) ws://localhost:3012/$1 [P,L] ProxyPass http://localhost:8000/URLPREFIX keepalive=on ProxyPassReverse http://localhost:8000/URLPREFIX ProxyPreserveHost Off RequestHeader set X-Forwarded-Proto "https" Require all granted </Location>

kerem commented

2026-03-03 01:25:07 +03:00

Author

Owner

@skug67 commented on GitHub (Nov 6, 2018):

Posted that last comment via email and looks like not all the attachments came through (just validating my claim of non-existent git skills). Posting them via the web interface now..... (all with .txt extension added to make the interface accept them).
jslib.diff.txt
bitwarden-apache.conf.txt
web-vault.diff.txt
bitwarden_rs.diff.txt

@skug67 commented on GitHub (Nov 6, 2018): Posted that last comment via email and looks like not all the attachments came through (just validating my claim of non-existent git skills). Posting them via the web interface now..... (all with .txt extension added to make the interface accept them). [jslib.diff.txt](https://github.com/dani-garcia/bitwarden_rs/files/2557259/jslib.diff.txt) [bitwarden-apache.conf.txt](https://github.com/dani-garcia/bitwarden_rs/files/2554694/bitwarden-apache.conf.txt) [web-vault.diff.txt](https://github.com/dani-garcia/bitwarden_rs/files/2554695/web-vault.diff.txt) [bitwarden_rs.diff.txt](https://github.com/dani-garcia/bitwarden_rs/files/2554696/bitwarden_rs.diff.txt)

kerem commented

2026-03-03 01:25:07 +03:00

Author

Owner

@gerroon commented on GitHub (Apr 27, 2019):

Is it this implemented and usabe in Apache atm? I am in need to running Bitwarden behindn Apache as a subfolder.

thanks

@gerroon commented on GitHub (Apr 27, 2019): Hi Is it this implemented and usabe in Apache atm? I am in need to running Bitwarden behindn Apache as a subfolder. thanks

kerem commented

2026-03-03 01:25:07 +03:00

Author

Owner

@dani-garcia commented on GitHub (Apr 27, 2019):

You'll need to apply the patches included in the previous comment, which would require compiling the web vault and bitwarden_rs by yourself. We could include an option to change the prefix which would keep you from having to compile bitwarden_rs, but there is not much we can do about the web vault itself.

@dani-garcia commented on GitHub (Apr 27, 2019): You'll need to apply the patches included in the previous comment, which would require compiling the web vault and bitwarden_rs by yourself. We could include an option to change the prefix which would keep you from having to compile bitwarden_rs, but there is not much we can do about the web vault itself.

kerem commented

2026-03-03 01:25:07 +03:00

Author

Owner

@gerroon commented on GitHub (Apr 27, 2019):

Thanks, one reason I do not want to run this under a subdomain is that it is much easier for an attacker to discover the service than hiding behind a folder

@gerroon commented on GitHub (Apr 27, 2019): Thanks, one reason I do not want to run this under a subdomain is that it is much easier for an attacker to discover the service than hiding behind a folder

kerem referenced this issue

2026-03-03 02:20:05 +03:00

[PR #133] [MERGED] Extend documentation #2622