Updated Using an alternate base dir (markdown)

Jeremy Lin 2020-02-21 21:31:31 -08:00
parent ea69092d5d
commit 35ddf4c771
1 changed files with 7 additions and 33 deletions

@ -2,50 +2,24 @@ Traditionally, Bitwarden is limited to residing at the root of a subdomain, e.g.
This limitation originates in the backend and web vault, which haven't been designed to accommodate alternate base dirs (see [bitwarden/server#277](/bitwarden/server/issues/277)). The mobile/desktop apps and browser extensions actually have no issues using a base URL with a path. This limitation originates in the backend and web vault, which haven't been designed to accommodate alternate base dirs (see [bitwarden/server#277](/bitwarden/server/issues/277)). The mobile/desktop apps and browser extensions actually have no issues using a base URL with a path.
In bitwarden_rs, with the changes in [PR#868](../pull/868), you can configure the backend server to work properly with an alternate base dir. With a bit more work, it's also possible to modify the web vault to work properly, resulting in a fully functional installation. In bitwarden_rs, with the changes in [PR#868](https://github.com/dani-garcia/bitwarden_rs/pull/868) (backend) and [PR#11](https://github.com/dani-garcia/bw_web_builds/pull/11) (web vault), you can configure a fully functional instance at an alternate base dir.
## Configuring the backend server ## Configuration
Simply configure your domain URL to include the base dir. For example, suppose you want to access your installation at `https://bitwarden.example.com/secret-dir`. Simply configure your domain URL to include the base dir. For example, suppose you want to access your instance at `https://bitwarden.example.com/base-dir`. (Note that you can also use multiple levels of directories, like `https://bitwarden.example.com/multi/level/base/dir`if you want.)
1. Stop bitwarden_rs. 1. Stop bitwarden_rs.
2. If you normally configure bitwarden_rs using the admin page, edit your `config.json` to look as follows: 2. If you normally configure bitwarden_rs using the admin page, edit your `config.json` to look as follows:
```javascript ```javascript
{ {
"domain": "https://bitwarden.example.com/secret-dir", "domain": "https://bitwarden.example.com/base-dir",
// ... other values ... // ... other values ...
} }
``` ```
3. If you normally configure bitwarden_rs via environment variables, update your config files/scripts to set the `DOMAIN` environment variable to the base URL. For example: 3. If you normally configure bitwarden_rs via environment variables, update your config files/scripts to set the `DOMAIN` environment variable to the base URL. For example:
```sh ```sh
docker run -e DOMAIN="https://bitwarden.example.com/secret-dir" ... docker run -e DOMAIN="https://bitwarden.example.com/base-dir" ...
``` ```
4. Restart bitwarden_rs. 4. Restart bitwarden_rs.
5. You should now be able to access the web vault (assuming it has been modified appropriately; see the next section) at `https://bitwarden.example.com/secret-dir/` (note the trailing slash). For reasons not entirely clear, you may run into issues if you use `https://bitwarden.example.com/secret-dir` (without the trailing slash). 5. You should now be able to access the web vault at `https://bitwarden.example.com/base-dir/` (note the trailing slash). For reasons not entirely clear, you'll probably run into issues if you use `https://bitwarden.example.com/base-dir` (without the trailing slash).
6. Configure your apps or browser extensions to use `https://bitwarden.example.com/secret-dir`. If you add a trailing slash, the apps and extensions will automatically remove it before saving. 6. Configure your apps or browser extensions to use `https://bitwarden.example.com/base-dir`. If you add a trailing slash, the apps and extensions will automatically remove it before saving.
## Modifying the web vault
The issue with the web vault is there's no simple way to configure it for a specific base URL. Instead, the code generally just assumes the web vault URL is given by `window.location.origin`, which always represents the root of the subdomain. This is true of both the upstream web vault and the patched version used in bitwarden_rs:
* https://github.com/bitwarden/web/blob/f7f7040/src/app/services/services.module.ts#L137-L144
* https://github.com/dani-garcia/bw_web_builds/blob/5c9de1a/patches/v2.11.0.patch#L17-L29
Here are some approaches you could take to modify the web vault to work at a different base dir.
### The hard and clean way
Modify the upstream code and/or bitwarden_rs patches and rebuild the web vault. (Someone else can document this if they're interested.)
### The quick and dirty way
1. Enter a shell in the bitwarden_rs container: `docker exec -it <container-name> /bin/sh`
2. Patch the web vault: `sed -i "s|window\.location\.origin|window.location.origin+'/secret-dir'|g" /web-vault/app/main*.js` (of course, replace `/secret-dir` with your actual base dir)
Pros:
* It works just fine for normal purposes.
* This approach could be easily automated on container start.
Cons:
* It's a brittle solution, although it's probably not too likely `window.location.origin` would be used for anything else.
* It will probably break the [source map](https://www.html5rocks.com/en/tutorials/developertools/sourcemaps/), but this won't matter unless you're doing development or need to troubleshoot with a developer.