Local hosting, admin portal with non-default 443 https port issues

wcjxixi · September 24, 2020, 1:50pm

Bitwarden Server 1.37.1 / CentOS 7

if I use the default https port 443, I can access Web Vault and Admin Portal.
but when I change the https port 443 to 8443, I can access Web Vault, But can’t access Admin Portal.

When I access https://vault.bitwarden.in:8443/admin, it automatically jump to https://vault.bitwarden.in/admin/login?returnUrl=%2Fadmin.

What other settings should I modify? THX!

./bwdata/config.yml:

url: https://vault.bitwarden.in:8443
generate_compose_config: true
generate_nginx_config: true
http_port: 8080
https_port: 8443
compose_version: 
ssl: true
ssl_versions: 
ssl_ciphersuites: 
ssl_managed_lets_encrypt: false
ssl_certificate_path: /etc/ssl/vault.bitwarden.in/certificate.crt
ssl_key_path: /etc/ssl/vault.bitwarden.in/private.key
ssl_ca_path: /etc/ssl/vault.bitwarden.in/ca.crt
ssl_diffie_hellman_path: 
push_notifications: true
database_docker_volume: false
real_ips:

./bwdata/env/global.override.env:

globalSettings__baseServiceUri__vault=https://vault.bitwarden.in:8443
globalSettings__baseServiceUri__api=https://vault.bitwarden.in:8443/api
globalSettings__baseServiceUri__identity=https://vault.bitwarden.in:8443/identity
globalSettings__baseServiceUri__admin=https://vault.bitwarden.in:8443/admin
globalSettings__baseServiceUri__notifications=https://vault.bitwarden.in:8443/notifications
globalSettings__baseServiceUri__sso=https://vault.bitwarden.in:8443/sso
globalSettings__baseServiceUri__portal=https://vault.bitwarden.in:8443/portal
...
globalSettings__attachment__baseUrl=https://vault.bitwarden.in:8443/attachments
...

Pulsar · September 24, 2020, 9:14pm

Hello @wcjxixi,
may I suggest you to use a reverse proxy instead of just opening another port? I think it should be for you also much easier to work with . Then you would have:

Instead of https://…:8080, and need to remember the ports.

If you want to make this change I already have an example and can help you with that. Otherwise say so and I will help you with your implementation when I have some time.

Cheers

wcjxixi · September 25, 2020, 9:24am

use a reverse proxy, yes, no this problem and no need to remember port. But, A non-443 port must be used for some reason.

I think bitwarden can do it, but my settings are incorrect.

Pulsar · September 25, 2020, 5:57pm

Hello @wcjxixi,

try this:
from https://vault.bitwarden.in/admin/login?returnUrl=%2Fadmin%2F
to https://vault.bitwarden.in:8443/admin/login?returnUrl=%2Fadmin%2F

https://vault.bitwarden.in:8443/admin/login?returnUrl=%2Fadmin%2F

If you really want to fix it

After some research I found that if you want to fix it you need to do the following:

Download source code (https://github.com/bitwarden/server)
Go to src/Admin/Controllers/LoginController.cs on line 64
Debug the code, why it does not return the given port
Recompile
Create the docker image via docker build
Use that image in your docker-compose file (under /bwdata/docker)
Run bitwarden

Note: Since, I’ve not fixed it, there is a small possibility that I might be wrong

Although not the best solution for you, I hope this helps you anyway

wcjxixi · September 26, 2020, 3:29am

Thank your reply.

This solution of yours may work, but there will be other problems, such as subsequent updates, which will be tedious!

Hopefully Bitwarden will fix the problem so that we can simply change the port number!

wcjxixi · September 26, 2020, 4:29pm

from https://vault.bitwarden.in/admin/login?returnUrl=%2Fadmin%2F
to https://vault.bitwarden.in:8443/admin/login?returnUrl=%2Fadmin%2F

magical! Follow this method, I can access and enter the admin portal.

Maybe it’s bug.

Casper042 · December 31, 2022, 8:05am

It’s definitely a bug as I just ran into it myself 3 months later.
I also found when you register as a new user, the email verification prompt similarly fails to include the custom port.
Really wish the devs would add this as part of their QA testing as it’s going to be annoying to fix it manually every single time.
Also for those saying to use a Proxy, the bitwarden-nginx container IS a proxy, so we put the proxy behind another proxy?
Also what if you are self hosted and your ISP blocks 80/443?

“Work around it” isn’t a valid solution.

Casper042 · December 31, 2022, 8:37am

Well that was fast, I think figured it out.

Edit: ./bwdata/env/global.override.env
Add the port number to the first variable which should be globalSettings__baseServiceUri__vault

So if it currently says:
=https://bitwarden.yourdomain.com
Change it to:
=https://bitwarden.yourdomain.com:12345

Then bitwarden.sh restart
So it pulls in the new value.

I found numerous references to This “BaseServiceUri” in the code and remembered seeing it when I was setting up my SMTP details.
I verified that my Admin Panel login code for example did NOT have the custom port in the email the first time, but after this change it now does.
Same with the New User Verification Email.

Don’t forget to flush your browser cache related to bitwarden . yourdomain . com otherwise you might get the old page from cache.