Hi all,
there are already plenty of topics regarding the configuration of Bitwarden behind the reverse proxy but unfortunately I didn’t find a solution working for me for that reason I would like to share with you my use case.
I have a Self hosted version of Bitwarden running on Debian 10. Everything is working until I try to configure it on our reverse proxy. Unfortunately I have to try to work with sub-folder and not sub-domain. I know that with the second solution would be much easier, but in our company we use the first solution.
As Reverse proxy I use Nginx and as starting point I’m using this link : reverse-proxy-confs/bitwarden.subfolder.conf.sample at master · linuxserver/reverse-proxy-confs · GitHub
I made it simple:
location ^~ /bitwarden/ {
# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Proxy Connection Settings
proxy_buffers 32 4k;
proxy_connect_timeout 240;
proxy_headers_hash_bucket_size 128;
proxy_headers_hash_max_size 1024;
proxy_http_version 1.1;
proxy_read_timeout 240;
proxy_redirect http:// $scheme://;
proxy_send_timeout 240;
# Proxy Cache and Cookie Settings
proxy_cache_bypass $cookie_session;
#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
proxy_no_cache $cookie_session;
# Proxy Header Settings
proxy_set_header Connection $connection_upgrade;
#proxy_set_header Early-Data $ssl_early_data;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Method $request_method;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://bitwarden/;
}
On Bitwarden side on the global.override.env I just changed:
globalSettings__baseServiceUri__vault=<https://myreverseproxy/bitwarden>
and on the config.yml I changed only
url: https://myreverseproxy/bitwarden/
real_ips:
- 10.28.8.166 (IP address of reverse proxy)
Let’s arrive to the problem. The first page is loading correctly, but for example if I try to do a login I have a problem and that’s because I have a redirect to
https://myreverseproxy/identity
and not https://myreverseproxy/bitwarden/identity.
The same for the API.
It seems that on nginx side everything is ok, but the application is not configured properly to work with the sub-folder.
Somewhere on the net I found also another variable that could be set on the global overrides, and I used like this:
globalSettings__baseServiceUri__identity=https://myreverseproxy/bitwarden/identity
It seem not having any effect.
I hope it is clear, if not please feel free to ask additional information.
Thanks in advance to everybody
BR
Marco