Skip to content

Configuration overview

Jump to bottom Edit New page
Jeremy Lin edited this page Mar 13, 2020 · 17 revisions

Configuration methods

In bitwarden_rs, you can perform configuration either via environment variables or an admin page (which writes settings to a config.json file under your data directory). It's important to note that each setting in config.json overrides the corresponding environment variable setting (if it exists). For example, if you set the environment variable DOMAIN=https://bitwarden.example.com, but your config.json includes "domain": "https://bw.example.com", then bitwarden_rs will generate various links based on what's in the config file (https://bw.example.com).

A common source of confusion is enabling the admin page (which creates the config.json file), changing some settings via the admin page (which sets the corresponding values in config.json), then later trying to change those settings via environment variable (which doesn't work because config.json overrides env vars). To avoid this confusion, it's highly recommended to stick to one configuration method or the other; that is, configure entirely via environment variables, or entirely via config.json (whether using the admin page or editing config.json directly).

Setting the domain URL

Make sure to set the DOMAIN environment variable (or domain in the config file) to the URL you use to access your bitwarden_rs instance. If you don't, it's likely that various functionality will break mysteriously. Some examples:

  • https://bitwarden.example.com
  • https://bitwarden.example.com:8443 (non-default port)
  • https://host.example.com/bitwarden (subdir hosting -- avoid URL-rewriting tricks whenever possible)
Add a custom footer

FAQs

  1. FAQs
  2. Audits
  3. Supporting upstream development

Troubleshooting

  1. Logging
  2. Bitwarden Android troubleshooting

Container Image Usage

  1. Which container image to use
  2. Starting a container
  3. Using Docker Compose
  4. Using Podman
  5. Updating the vaultwarden image

Reverse Proxy

  1. Proxy examples
  2. Using an alternate base dir (subdir/subpath)

HTTPS

  1. Enabling HTTPS
  2. Running a private vaultwarden instance with Let's Encrypt certs

Configuration

  1. Overview
  2. Enabling admin page
  3. SMTP configuration
  4. Disable registration of new users
  5. Disable invitations
  6. Enabling WebSocket notifications
  7. Enabling Mobile Client push notification
  8. Enabling SSO support using OpenId Connect
  9. Other configuration

Database

  1. Using the MariaDB (MySQL) Backend
  2. Using the PostgreSQL Backend
  3. Running without WAL enabled
  4. Migrating from MariaDB (MySQL) to SQLite

Security

  1. Hardening Guide
  2. Password hint display
  3. Enabling U2F and FIDO2 WebAuthn authentication
  4. Enabling YubiKey OTP authentication
  5. Fail2Ban Setup
  6. Fail2Ban + ModSecurity + Traefik + Docker

Performance

  1. Changing the API request size limit
  2. Changing the number of workers

Customization

  1. Translating the email templates
  2. Translating admin page
  3. Customize Vaultwarden CSS
  4. Using custom website icons
  5. Disabling or overriding the Vault interface hosting

Backup

  1. General (not docker)
  2. Backing up your vault

Development

  1. Building binary
  2. Building your own docker image
  3. Git hooks
  4. Differences from the upstream API implementation

Alternative deployments

  1. Pre-built binaries
  2. Creating a systemd service
  3. Third-party packages
  4. Deployment examples
  5. Disable the admin token

Other Information

  1. Importing data from Keepass or KeepassX
  2. Changing persistent data location
  3. Syncing users from LDAP
  4. Caddy 2.x with Cloudflare DNS
  5. Logrotate example
Clone this wiki locally