Skip to content

Configuration overview

Jump to bottom Edit New page
Jeremy Lin edited this page Mar 13, 2020 · 16 revisions

Configuration methods

In bitwarden_rs, you can perform configuration either via environment variables or an admin page (which writes settings to a config.json file under your data directory). It's important to note that each setting in config.json overrides the corresponding environment variable setting (if it exists). For example, if you set the environment variable DOMAIN=https://bitwarden.example.com, but your config.json includes "domain": "https://bw.example.com", then bitwarden_rs will generate various links based on what's in the config file (https://bw.example.com).

A common source of confusion is enabling the admin page (which creates the config.json file), changing some settings via the admin page (which sets the corresponding values in config.json), then later trying to change those settings via environment variable (which doesn't work because config.json overrides env vars). To avoid this confusion, it's highly recommended to stick to one configuration method or the other; that is, configure entirely via environment variables, or entirely via config.json (whether using the admin page or editing config.json directly).

Setting the domain URL

Make sure to set the DOMAIN environment variable (or domain in the config file) properly. If you don't, it's likely that various functionality will break mysteriously. Some examples:

  • https://bitwarden.example.com
  • https://bitwarden.example.com:8443 (non-default port)
  • https://host.example.com/bitwarden (subdir hosting -- avoid URL-rewriting tricks whenever possible)
Add a custom footer

FAQs

  1. FAQs
  2. Audits

Container Image Usage

  1. Which container image to use
  2. Starting a container
  3. Updating the vaultwarden image
  4. Using Docker Compose
  5. Using Podman

Deployment

  1. Building your own docker image
  2. Building binary
  3. Pre-built binaries
  4. Third-party packages
  5. Deployment examples
  6. Proxy examples
  7. Logrotate example

HTTPS

  1. Enabling HTTPS
  2. Running a private vaultwarden instance with Let's Encrypt certs

Configuration

  1. Overview
  2. Disable registration of new users
  3. Disable invitations
  4. Enabling admin page
  5. Disable the admin token
  6. Enabling WebSocket notifications
  7. Enabling Mobile Client push notification
  8. Enabling U2F and FIDO2 WebAuthn authentication
  9. Enabling YubiKey OTP authentication
  10. Changing persistent data location
  11. Changing the API request size limit
  12. Changing the number of workers
  13. SMTP configuration
  14. Translating the email templates
  15. Customize Vaultwarden CSS
  16. Password hint display
  17. Disabling or overriding the Vault interface hosting
  18. Logging
  19. Creating a systemd service
  20. Syncing users from LDAP
  21. Using an alternate base dir (subdir/subpath)
  22. Other configuration

Database

  1. Using the MariaDB (MySQL) Backend
  2. Using the PostgreSQL Backend
  3. Running without WAL enabled
  4. Migrating from MariaDB (MySQL) to SQLite

Security

  1. Hardening Guide
  2. Fail2Ban Setup
  3. Fail2Ban + ModSecurity + Traefik + Docker

Backup

  1. General (not docker)

Other Information

  1. Importing data from Keepass or KeepassX
  2. Backing up your vault
  3. Differences from the upstream API implementation
  4. Supporting upstream development
  5. Caddy 2.x with Cloudflare DNS
Clone this wiki locally