I have been fighting with getting the admin panel to work on a self hosted install.
/admin does not work and generates a 404 from the base Bitwarden container. I attempted to map a port into :5000 of the admin container, which gives me the page to enter an email address on http://domain:5000/ but /admin is invalid so /admin/login is invalid and the link I receive in email doesn’t work, even when taking out the /admin portion, it just loops back to prompting for the email address…
What’s the deal?
The port is probably getting dropped during redirection. Try navigating to domain.com:5000/admin/login directly.
There is nothing listening on external host port 5000. I have a reverse proxy as such
<VirtualHost *:443>
Servername xxx.com
Include /etc/letsencrypt/options-ssl-apache.conf
ProxyPass / http://localhost:9280/
ProxyPassReverse / http://localhost:9280/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
SSLCertificateFile /etc/letsencrypt/live/xxx.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xxx.com-0001/privkey.pem
</VirtualHost>
When navigating to https://xxx.com/admin, the Bitwarden container log shows
GET /admin text/html:
=> Matched: GET /<p..>
=> Error: Response was a non-`Responder` `Err`: Os { code: 2, kind: NotFound, message: "No such file or directory" }.
=> Outcome: Failure
=> Warning: Responding with 404 Not Found catcher.
=> Response succeeded.
The result and error for /admin/login is identical
Ah yes, I misunderstood what you were originally asking. I suppose there is some issue with your proxy config. Do other endpoints work, such as /api/version ?
No that gives the same result as well.
The main site works fine, I’ve been using it for a while. I only learned this was broken when trying to add another user. From the log though, it’s clearly getting through to the bitwarden container.
1 Like
Until very recently, I could not access my self-hosted admin page. Everything else was working fine.
I installed my self-hosted Bitwarden some months back, but before the final install, I was testing different setups. During that testing, I was always asked if I wanted to change the default ports from 80/443 to my own choice during the install. But when I came to do a final install, the Bitwarden install program must have very recently been updated and it was no longer asking if I wanted to change the ports. So I changed them manually after the install had completed. Bitwarden was installed on Ubuntu PC using the standard Docker containers and a standard router firewall with the new ports forwarded to the Bitwarden PC. Everything worked fine except for the Admin page.
Only a few days ago, I decided to experiment and changed my ports back to 80/443 and ran “./bitwarden.sh rebuild” in order to reconfigure everything with the new (default) ports. After this, the Admin page was now accessible after the weblink was emailed to me. Previously, with my own ports, I was not able to access the Admin page where you input your email address for the link to be sent to. I tried accessing it using the current https and http ports at the time, but it wasn’t accessible. I was only able to access it after reverting back to the standard https and http ports.
@kspearrin, if you would like to see any of my config and log files from when I had Bitwarden installed with my own ports, I can restore my backups to a different folder and send them to you. It may be something in my config that’s quite obvious to you, and it may be totally unrelated to @Vaelek’s problem, but I thought I’d share my experience on here.
1 Like
I am seeing something very similar.
I am trying to integrate Bitwarden in my existing Docker setup which has Traefik as the reverse proxy.
So far, in general, everything seems to be working, except for the admin page.
Navigating to https://bitwarden.mydomain.com/admin redirects to https://bitwarden.mydomain.com/login which is handled by the web container and thus errors out.
Navigating directly to https://bitwarden.mydomain.com/admin/login kinda works in such that it returns the HTML page of the login page. But it is still broken, because all references to CSS and Javascript files start with a slash, i.e. it tries to get them from https://bitwarden.mydomain.com/lib instead of from https://bitwarden.mydomain.com/admin/lib
I have verified that globalSettings__baseServiceUri__admin is set correctly.
Is it possible that the Admin area simply can’t be hosted on a sub path?
I have since changed the configuration so that the admin area is available at https://admin.bitwarden.mydomain.com and now it seems to work.
Even with these changes, admin seems to be a bit buggy, because:
- login only works if it is hosted at root
- all the actual content after logging in, is available at the admin subpath
So, right now, I am navigating to https://admin.bitwarden.mydomain.com. This redirects me to https://admin.bitwarden.mydomain.com/login. I enter my email address. I click on the link and it again, redirects me to https://admin.bitwarden.mydomain.com/login. But it does set a cookie for /admin. So, I manually navigate to https://admin.bitwarden.mydomain.com/admin and I am finally inside the admin area.
I see /admin hardcoded in Startup.cs.
Not sure if my situation is the same. I have several sub-domains and thus I run Apache as a front-end for them. Thus, I setup BitWarden to run plain HTTP only because Apache terminates HTTPS traffic and upstreams one of my 3rd level domains to bitwarden docker.
I solved the problem by adding permanent redirect from HTTP to HTTPS. Something like this:
<VirtualHost *:80>
ServerName bitwarden.my-domain.tld
RedirectPermanent / https://bitwarden.my-domain.tld/
</VirtualHost>
Note final slash after full domain name.
Any news on this? I’m struggling with the same problem.
I also had this problem, but got it to work.
- What’s not working:
bitwarden.sample.com/admin - What’s working:
bitwarden.sample.com/admin/login
The error occurs in the same way if the setting globalSettings__mail__replyToEmail in the global.override.env file contains an email that does not match globalSettings__mail__smtp__username. It is best to enter the same email here and use a completely different address under adminSettings__admins. Then everything worked.