Change domain name?

Hi! New to the forum!

Been using bitwarden_rs for a few years now. Have SSL through Let’s Encrypt. Run on Ubuntu 18.04 on a VPS. I use it for a small office. We’ve recently changed business names, and I’d like to change the domain name of bitwarden_rs. I’d like to keep the current data, rather than rebuilding the whole server and having every member export their data and then import it to the new server.

I’m running with a simple docker run command. I tried simply changing the environmental variables, but that didn;t work. Any config files on bitwarden or ubuntu that I need to update?

Thanks!

You probably used the admin interface at some point which creates a config.json file in your bitwarden_rs data folder.

So either update the domain via the /admin interface, or remove the config.json file, but then your previous changed settings could differ from your docker env settings.

Thank you for the suggestion. That didn’t work. I think the problem is with the certificates.

I stop and remove bitwarden_rs. Then I renew the certificate for the new name. Update works ok. But then get an apache error.

When I attempt to restart bitwarden I get the following:

docker: Error response from daemon: driver failed programming external connectivity on endpoint bitwarden (ffd64a2c60d06dbf784f9a4d691aabd73992372fb912a6e697240eb334d12f02): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use.

I understand I’m likely getting into certbot and apache territory here. Anyone have any suggestions though?

Thank you.

I use a reverse proxy for Bitwarden (and the other zillion of dockerized apps and services). This allows you to disconnect the TLS part from the application (in my case handled by Caddy (https://caddyserver.com/) which is a wonderful, fast, easy web server that handles the certificates automatically - I do not have any affiliation with caddy, I just use it for years and I am extremely happy with it).

You just run BW without any consideration for TLS, and configure Caddy to reverse proxy the right paths (Proxy examples · dani-garcia/vaultwarden Wiki · GitHub) and let it take care of the certificates. This also simplifies the domain management.

Thanks! I think that is what I’ll have to do, but I think I’ll have to rebuild the whole server to do that. Is there a setting within the docker container that I need to change to update the domain name? I can get a new certificate for the host. I just cant seem to bind the ports correctly.

I am not exactly sure what you mean by “rebuild”.

You have your BW container running, with some persistent volumes where the configuration, vaults etc. are stored. The container is a “black box” to you, that you can (and should!) update, restart etc. You never need to get inside that container.

When it is running, you can access it via a port you exposed (-p or ports: in docker-compose). This is maybe fine for tests or limited usage, but this is not how I do it.

I do not expose any ports but have Caddy “offering” https://bitwarden.my.domain. When calling that URL, it gets actually proxified to the BW container (on the default port, within the docker network). This allows me to handle https://bitwarden.my.domain at Caddy’s level, especially the TLS (certificate) part that will be done automatically.

Of course, if you use BW outside your local network, you need to have a publicly resolvable name (say, https://bitwarden.mycompany.com that points to your Internet point of presence. From there the traffic intended to port 80 and 443 would be forwarded to the server that hosts caddy (and that exposes these ports).

Finally, once you settled upon a domain name, you can go to the /admin URL of your server, authenticate with the token you set at startup time (in docker-composer.yaml in my case) and in “General” you will find the FQDN of your server to fill in (I guess that could also be done with environment variables)