Enable TLS for BHCE (feedback)

[jeff-matthews]

Apply suggestions from internal feedback as fast follow to #285

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
bloodhound	🟢 Ready	View Preview	May 14, 2026, 1:56 PM

💡 Tip: Enable Workflows to automatically generate PRs for you.

[coderabbitai]

Walkthrough

This PR updates the custom installation documentation for BloodHound Community Edition (BHCE) to clarify HTTPS/TLS setup. It specifies where certificate details go in configuration files, warns that volume mounts must be explicitly uncommented, reorganizes verification instructions, and updates network exposure guidance.

Changes

HTTPS/TLS Setup Clarification

Layer / File(s)

Summary

HTTPS/TLS setup guidance and verification instructions docs/get-started/custom-installation.mdx

TLS configuration requirements are clarified to explicitly require certificate details in bloodhound.config.json and certificate file volume mounts in docker-compose.yml. A critical warning is added that the bloodhound service volume mount is commented out by default and must be uncommented. The HTTPS verification section is reorganized with a dedicated step, clearer browser instructions using https:// on port 8080, and a note about expected self-signed certificate warnings. Wording is updated for the "Expose BHCE outside of localhost" section to clarify IP address binding configuration.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• SpecterOps/bloodhound-docs#285: Both PRs update docs/get-started/custom-installation.mdx with step-by-step instructions for enabling BHCE HTTPS/TLS via bloodhound.config.json tls settings and corresponding certificate volume mounts in docker-compose.yml, including HTTPS verification guidance.

Suggested reviewers

• StephenHinck

Poem

🐰 A rabbit hops through docs so clear,
TLS paths now bright and dear,
Mount those certs with gentle care,
HTTPS blooms beyond compare! 🔒

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Enable TLS for BHCE (feedback)' accurately reflects the main objective of the pull request, which updates documentation to clarify how to enable TLS/HTTPS for BloodHound Community Edition through proper configuration and volume mount setup.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch enable-tls-feedback

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

docs/get-started/custom-installation.mdx (1)

634-634: 💤 Low value

Consider minor style refinements (optional).

The instruction is clear and correct. For slightly more concise wording, you could:

• Change "outside of localhost" to "outside localhost"
• Replace "To do it" with "To expose the port" or "To accomplish this"

These are purely stylistic suggestions and the current wording is perfectly acceptable.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/get-started/custom-installation.mdx` at line 634, Edit the sentence that
currently reads "expose the port outside of `localhost`. To do it, you will need
to change the IP address that the BloodHound UI binds to." to be slightly more
concise: e.g. "expose the port outside `localhost`. To expose the port, change
the IP address the BloodHound UI binds to." Locate the occurrence using the
phrase "BloodHound UI binds to" or the existing text "expose the port outside of
`localhost`" and replace accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@docs/get-started/custom-installation.mdx`:
- Line 634: Edit the sentence that currently reads "expose the port outside of
`localhost`. To do it, you will need to change the IP address that the
BloodHound UI binds to." to be slightly more concise: e.g. "expose the port
outside `localhost`. To expose the port, change the IP address the BloodHound UI
binds to." Locate the occurrence using the phrase "BloodHound UI binds to" or
the existing text "expose the port outside of `localhost`" and replace
accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 23262be0-58c1-4693-83b3-53368a3a1fd1

📥 Commits

Reviewing files that changed from the base of the PR and between 64f5cb6 and b235617.

📒 Files selected for processing (1)

• docs/get-started/custom-installation.mdx