update nginx template

2026-01-16 20:50:33 +00:00 · 2025-01-16 10:12:53 +01:00
parent 36dc049d78
commit d1be232ea3
1 changed files with 19 additions and 27 deletions
--- a/Proxy-examples.md
+++ b/Proxy-examples.md
@@ -164,7 +164,7 @@ server {
 }

 server {
-    # For older versions of nginx appened http2 to the listen line after ssl and remove `http2 on`
+    # For older versions of nginx appended http2 to the listen line after ssl and remove `http2 on`
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
@@ -174,19 +174,20 @@ server {
    #ssl_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;
    #ssl_certificate_key /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/privkey.pem;
    #ssl_trusted_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;
+    #add_header Strict-Transport-Security "max-age=31536000;";

    client_max_body_size 525M;

+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+
    location / {
-      proxy_http_version 1.1;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection $connection_upgrade;
-
-      proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto $scheme;
-
      proxy_pass http://vaultwarden-default;
    }

@@ -198,15 +199,6 @@ server {
    #  auth_basic "Private";
    #  auth_basic_user_file /path/to/htpasswd_file;
    #
-    #  proxy_http_version 1.1;
-    #  proxy_set_header Upgrade $http_upgrade;
-    #  proxy_set_header Connection $connection_upgrade;
-    #
-    #  proxy_set_header Host $host;
-    #  proxy_set_header X-Real-IP $remote_addr;
-    #  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    #  proxy_set_header X-Forwarded-Proto $scheme;
-    #
    #  proxy_pass http://vaultwarden-default;
    #}
 }
@@ -226,14 +218,14 @@ If you run into 504 Gateway Timeout problems, tell nginx to wait longer for Vaul
 <details>
 <summary>Nginx with sub-path (by <a href="https://github.com/BlackDex" target="_blank">@BlackDex</a>)</summary><br/>

-In this example Vaultwarden will be available via https://bitwarden.example.tld/vault/<br/>
+In this example Vaultwarden will be available via https://shared.example.tld/vault/<br/>
 If you want to use any other sub-path, like `bitwarden` or `secret-vault` you should change `/vault/` in the example below to match.<br/>
 <br/>
 For this to work you need to configure your `DOMAIN` variable to match so it should look like:

 ```ini
 ; Add the sub-path! Else this will not work!
-DOMAIN=https://vaultwarden.example.tld/vault/
+DOMAIN=https://shared.example.tld/vault/
 ```

 ```nginx
@@ -260,7 +252,7 @@ map $http_upgrade $connection_upgrade {
 server {
    listen 80;
    listen [::]:80;
-    server_name vaultwarden.example.tld;
+    server_name shared.example.tld;

    location /vault/ { # <-- replace with desired sub-path
        return 301 https://$host$request_uri;
@@ -277,12 +269,13 @@ server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
-    server_name vaultwarden.example.tld;
+    server_name shared.example.tld;

    # Specify SSL Config when needed
-    #ssl_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;
-    #ssl_certificate_key /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/privkey.pem;
-    #ssl_trusted_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;
+    #ssl_certificate /path/to/certificate/letsencrypt/live/shared.example.tld/fullchain.pem;
+    #ssl_certificate_key /path/to/certificate/letsencrypt/live/shared.example.tld/privkey.pem;
+    #ssl_trusted_certificate /path/to/certificate/letsencrypt/live/shared.example.tld/fullchain.pem;
+    #add_header Strict-Transport-Security "max-age=31536000;";

    client_max_body_size 525M;

@@ -299,7 +292,6 @@ server {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
-
      proxy_pass http://vaultwarden-default;
    }