Run locally at suburl #241
Comments
|
If the post request is sent to the wrong URL, then the problem is probably from the web vault config. You can check the set-vault-baseurl.patch file inside the docker folder, which is the changes to the web vault that are applied to the docker version. |
|
Yup. Just needed to add my prefix at line 24 of your patch and everything works perfectly. |
|
@skug67 if you ever want to document your efforts, a PR with some *.md file would be very welcome. |
|
My coding/git skills are close to non-existent. I figured all of this
out pretty much via trial-and-error. But I was able to create three
diff files (one for bitwarden_rs itself, one for the mainstream
bitwarden web source code, and one for the jslib files that the
bitwarden web code incorporates by reference. I've also got an apache
conf file that handles the reverse proxy stuff (it assumes it's running
on an SSL enabled site). In each of the files I use URLPREFIX for the
prefix that fronts the bitwarden site (both web interface and api, etc
calls). I also assume that rocket is serving the backend on port 8000
as per the default in your .env file. All those files are attached.
Hopefully someone with more git skills than me can roll this into
something that makes its way into the repository.
On 2018-11-06 9:37 am, mprasil wrote:
@skug67 [1] if you ever want to document your efforts, a PR with some *.md file would be very welcome.
--
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub [2], or mute the thread [3].
Links:
------
[1] https://github.com/skug67
[2]
#241 (comment)
[3]
https://github.com/notifications/unsubscribe-auth/AH1-wMIhyKOr_XUXjsLktRZ_ZsrXFQphks5usZ7HgaJpZM4YQceh
<Location /URLPREFIX/hub/negotiate>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:3012/$1 [P,L]
ProxyPass http://localhost:8000/URLPREFIX/hub/negotiate keepalive=on
ProxyPassReverse http://localhost:8000/URLPREFIX/hub/negotiate
ProxyPreserveHost Off
RequestHeader set X-Forwarded-Proto "https"
Require all granted
</Location>
<Location /URLPREFIX/hub>
ProxyPass ws://localhost:3012/URLPREFIX/hub
ProxyPassReverse ws://localhost:3012/URLPREFIX/hub
ProxyPreserveHost Off
RequestHeader set X-Forwarded-Proto "https"
Require all granted
</Location>
<Location /URLPREFIX>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:3012/$1 [P,L]
ProxyPass http://localhost:8000/URLPREFIX keepalive=on
ProxyPassReverse http://localhost:8000/URLPREFIX
ProxyPreserveHost Off
RequestHeader set X-Forwarded-Proto "https"
Require all granted
</Location>
|
|
Posted that last comment via email and looks like not all the attachments came through (just validating my claim of non-existent git skills). Posting them via the web interface now..... (all with .txt extension added to make the interface accept them). |
|
Hi Is it this implemented and usabe in Apache atm? I am in need to running Bitwarden behindn Apache as a subfolder. thanks |
|
You'll need to apply the patches included in the previous comment, which would require compiling the web vault and bitwarden_rs by yourself. We could include an option to change the prefix which would keep you from having to compile bitwarden_rs, but there is not much we can do about the web vault itself. |
|
Thanks, one reason I do not want to run this under a subdomain is that it is much easier for an attacker to discover the service than hiding behind a folder |
I'm running bitwarden_rs locally (i.e., not in a docker container) and using Apache as reverse proxy via a suburl from my main web-facing domain name. The setup was comparatively easy -- just adding the url prefix to the "mount" commands in main.rs got me 98% of the way there. I then had to customize web-vault source in a couple of places -- the baseUrl in jslib/src/services/api.service.ts, and the urls for api and identity in src/app/services/services.module.ts.
At that point I pretty much had a usable system. But immediately post-login there was a post request sent to "hub/negotiate" instead of to "/hub/negotiate" As far as I can tell this call is coming from line 20 of api/notifications.rs. But I can't figure out why it's not respecting the previously defined url prefix from the mount command on line 57 of main.rs [in my setup now = .mount("//notifications", api::notifications_routes())]
I'm working around it for now by just using apache to redirect /hub/negotiate to /hub/negotiate. But I'd love to figure out how to solve the problem internally to bitwarden_rs.
Thanks in advance for any advice. And thanks a million for a great project.
The text was updated successfully, but these errors were encountered: