Hi folks,
Im wondering if its possible to disable the Web access to the GUI via the FQDN and only allow access for the plugins and mobile app?
Cheers
Jack.
Hi folks,
Im wondering if its possible to disable the Web access to the GUI via the FQDN and only allow access for the plugins and mobile app?
Cheers
Jack.
While there isn’t a toggle for that, you can achieve this by configuring NGINX to return a specific http code based on user agent, etc.
Since the majority of management and admin functions are done in the Web Vault, it may be good to not enforce that rule if the accessed within a specified network.
Hey thanks for you reply.
I see i was thinking more about security. I rarely access the web gui and use the Pin for the add-on and Finger Print.
Cheers.
Jack.
Ah, I see!
I assumed you were taking about a self-hosted instance
You’re on the right track though - a great master password and two-step login is a great defense, and like you mentioned, the PIN and biometric unlocking make it convenient for other apps.
Yeah i wondered if its possible. I dont see any point exposing a Web Gui if its not being used. it would be cool if in the future that its a option in the ./bwdata/env/global. overide. env.
Cheers.
Jack.
Great question and fair point.
I suppose you could just stop the web container and start it up if you needed manage items/users outside of the API or CLI.
But an override option would be easier
If im understanding the container doesn’t always need to be running for access to the Vault? only needs to be on when adding new users and passwords?
The web container just runs the web vault, so everything else (api, identity, etc.) will power the other clients without the web vault running.
Ok so just stop the Web Server then?
Yep, the web container.
So something like ./bitwarden.sh stop nginx ?
I believe you’d handle it via docker, and you’ll want to stop the web container, not nginx as it handles everything.
Run ‘docker ps’ to list your containers, get the ID of the web container. Then:
‘docker container stop [container id]’
I’m not a docker expert by far, so if anyone has tips and tricks, feel free
Yeah im new to Docker myself, I usually build from scratch and install packages manually. I shall have a look here.
Oh my System i have,
3d9c79e43b98 bitwarden/nginx:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 80/tcp, 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp bitwarden-nginx
d63487acdaa1 bitwarden/portal:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-portal
02fc563ea49f bitwarden/admin:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-admin
3a52b15ea6dc bitwarden/attachments:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) bitwarden-attachments
bf915e4148f4 bitwarden/web:2.17.1 “/entrypoint.sh” 2 days ago Up 2 days (healthy) bitwarden-web
cab50f8005fc bitwarden/mssql:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) bitwarden-mssql
d218f4a1adf1 bitwarden/events:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-events
1e3ae9740656 bitwarden/identity:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-identity
3c78a27f9ad5 bitwarden/sso:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-sso
326fd5cfdba1 bitwarden/icons:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-icons
46ddf71aaba5 bitwarden/notifications:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-notifications
d2f8c5abb9eb bitwarden/api:1.38.2 “/entrypoint.sh” 2 days ago Up 2 days (healthy) 5000/tcp bitwarden-api
so im guessing i do docker container stop [bf915e4148f4] ?
I do believe so! Give it a shot, anyways