Linux installation with existing apache server

poldi · March 25, 2022, 2:55am

I have an existing (Linux) server installation running virtual apache hosts.

I have installed bitwarden with ports 8080 and 8443 (80 * 443 fails as these are already used by apache)

I’ve looked for a way to get the bitwarden installation to run as a virtual apache host, but haven’t found much info on the correct way of doing this.

Thanks

not · March 25, 2022, 3:50am

So working knowledge on this is limited, but in general I’d say the problem is this. Bitwarden is expecting traffic on those ports. I’d say the solution is that you need certain traffic to be forwarded to those ports. Can your Apache installation do that? Alternatively, there might be a way to change where Bitwarden is expecting traffic.

poldi · March 25, 2022, 4:41am

I played around a bit more with this and have set up virual apache host for bitwarden

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerName bitwarden.xxx.xxx
                ServerAlias bitwarden.xxx.xxx
                #DocumentRoot ????

                ErrorLog ${APACHE_LOG_DIR}/bw_error.log
                CustomLog ${APACHE_LOG_DIR}/bw_access.log combined

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

        SSLCertificateFile     /etc/letsencrypt/xxx/fullchain.pem

        SSLCertificateKeyFile          /etc/letsencrypt/xxx/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        </VirtualHost>
</IfModule>

This comes up without errors, but I don’t know what the document root is and I’m also not sure that this is the correct approach

accolon · March 25, 2022, 2:59pm

You should configure your Apache as reverse proxy:
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#forwardreverse

In my setup, Bitwarden is listening locally on port 4480 with SSL turned off. I configured a virtual host for https://bitwarden.mydomain.com which sends all requests to Bitwarden like this:

        SSLProxyEngine On
        RequestHeader set Front-End-Https "On"
        ProxyPreserveHost On
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off

        ProxyPass / http://127.0.0.1:4480/
        ProxyPassReverse / http://127.0.0.1:4480/

Certificates for this virtual host are generated separately, not by Bitwarden.

not · March 25, 2022, 3:24pm

I’d say this is the solution is this. But be careful how you generate those certs! It’s a jungle out there, make sure that it is done by yourself.

poldi · March 26, 2022, 6:06am

Thanks for the suggestion.
I’m a bit surpsrised there is no formal doc on how to do thisa as I’m sure that i can’t be the only one that needs to run a docker app in a standard lamp install.

Maybe this is a question for the docker community.