Disable Web access Gui via FQDN

Hi folks,

Im wondering if its possible to disable the Web access to the GUI via the FQDN and only allow access for the plugins and mobile app?



While there isn’t a toggle for that, you can achieve this by configuring NGINX to return a specific http code based on user agent, etc.

Since the majority of management and admin functions are done in the Web Vault, it may be good to not enforce that rule if the accessed within a specified network.

Hey thanks for you reply.

I see i was thinking more about security. I rarely access the web gui and use the Pin for the add-on and Finger Print.



1 Like

Ah, I see!

I assumed you were taking about a self-hosted instance :slight_smile:

You’re on the right track though - a great master password and two-step login is a great defense, and like you mentioned, the PIN and biometric unlocking make it convenient for other apps.

1 Like

Yeah i wondered if its possible. I dont see any point exposing a Web Gui if its not being used. it would be cool if in the future that its a option in the ./bwdata/env/global. overide. env.



Great question and fair point.

I suppose you could just stop the web container and start it up if you needed manage items/users outside of the API or CLI.

But an override option would be easier :slight_smile:

1 Like

If im understanding the container doesn’t always need to be running for access to the Vault? only needs to be on when adding new users and passwords?

The web container just runs the web vault, so everything else (api, identity, etc.) will power the other clients without the web vault running.

Ok so just stop the Web Server then?

Yep, the web container.

So something like ./bitwarden.sh stop nginx ?

I believe you’d handle it via docker, and you’ll want to stop the web container, not nginx as it handles everything.

Run ‘docker ps’ to list your containers, get the ID of the web container. Then:

‘docker container stop [container id]’

I’m not a docker expert by far, so if anyone has tips and tricks, feel free :slight_smile:

1 Like

Yeah im new to Docker myself, I usually build from scratch and install packages manually. I shall have a look here.

Oh my System i have,

3d9c79e43b98 bitwarden/nginx:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 80/tcp,>8080/tcp,>8443/tcp bitwarden-nginx
d63487acdaa1 bitwarden/portal:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-portal
02fc563ea49f bitwarden/admin:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-admin
3a52b15ea6dc bitwarden/attachments:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) bitwarden-attachments
bf915e4148f4 bitwarden/web:2.17.1 “/entrypoint.sh” 2 days ago Up 2 days (healthy) bitwarden-web
cab50f8005fc bitwarden/mssql:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) bitwarden-mssql
d218f4a1adf1 bitwarden/events:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-events
1e3ae9740656 bitwarden/identity:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-identity
3c78a27f9ad5 bitwarden/sso:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-sso
326fd5cfdba1 bitwarden/icons:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-icons
46ddf71aaba5 bitwarden/notifications:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-notifications
d2f8c5abb9eb bitwarden/api:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-api

so im guessing i do docker container stop [bf915e4148f4] ?

I do believe so! Give it a shot, anyways :sunglasses:

1 Like

Awesome thats works. I get a 502 Bad Gateway since doing that and no longer loads the Gui. Nice that you can do this on the fly without restarting.

Just for people that want to do this the following works.

sudo docker container stop bf915e4148f4



1 Like