I self-host Bitwarden. I recently wanted to put it behind my nginx reverse proxy, as I run various other services behind it and wanted to manage them all centrally.
I did set up nginx successfully, but Bitwarden’s original URL still works. I tried to change it in global.override.env but that seems to break BW completely.
The current setup is fine for me, however it has also broken WebAuthn - I can’t use my key to login any more (I have other 2FA set up so I have not lost access).
My question is what would be the best way to put BW behind nginx so that it recognises the domain I set in nginx as its only valid domain (and therefore makes webauthn work again)?
Just to update this, I ended up moving to a new server. When I installed Bitwarden on the new server (docker), I chose from the start not to expose it to the internet. Going through the setup options, I chose no LetsEncrypt certificate, and localhost only.
I then set it up on my nginx config, and it’s been working perfectly ever since, WebAuthN and everything.
I also tested a disaster recovery where I had to install it on a new server but using the backed-up bwdata directory, and it also worked fine (WebAuthN included).
So I think tinkering with it after you’ve already set it up to expose itself publicly using LetsEncrypt is a bit of a 50-50 situation, it’s easier to go with the right options from a new install.