diff --git a/Proxy-examples.md b/Proxy-examples.md index 9127b59..228c1fc 100644 --- a/Proxy-examples.md +++ b/Proxy-examples.md @@ -164,7 +164,7 @@ server { } server { - # For older versions of nginx appened http2 to the listen line after ssl and remove `http2 on` + # For older versions of nginx appended http2 to the listen line after ssl and remove `http2 on` listen 443 ssl; listen [::]:443 ssl; http2 on; @@ -174,19 +174,20 @@ server { #ssl_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem; #ssl_certificate_key /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/privkey.pem; #ssl_trusted_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem; + #add_header Strict-Transport-Security "max-age=31536000;"; client_max_body_size 525M; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + location / { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://vaultwarden-default; } @@ -198,15 +199,6 @@ server { # auth_basic "Private"; # auth_basic_user_file /path/to/htpasswd_file; # - # proxy_http_version 1.1; - # proxy_set_header Upgrade $http_upgrade; - # proxy_set_header Connection $connection_upgrade; - # - # proxy_set_header Host $host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; - # # proxy_pass http://vaultwarden-default; #} } @@ -226,14 +218,14 @@ If you run into 504 Gateway Timeout problems, tell nginx to wait longer for Vaul
Nginx with sub-path (by @BlackDex)
-In this example Vaultwarden will be available via https://bitwarden.example.tld/vault/
+In this example Vaultwarden will be available via https://shared.example.tld/vault/
If you want to use any other sub-path, like `bitwarden` or `secret-vault` you should change `/vault/` in the example below to match.

For this to work you need to configure your `DOMAIN` variable to match so it should look like: ```ini ; Add the sub-path! Else this will not work! -DOMAIN=https://vaultwarden.example.tld/vault/ +DOMAIN=https://shared.example.tld/vault/ ``` ```nginx @@ -260,7 +252,7 @@ map $http_upgrade $connection_upgrade { server { listen 80; listen [::]:80; - server_name vaultwarden.example.tld; + server_name shared.example.tld; location /vault/ { # <-- replace with desired sub-path return 301 https://$host$request_uri; @@ -277,12 +269,13 @@ server { listen 443 ssl; listen [::]:443 ssl; http2 on; - server_name vaultwarden.example.tld; + server_name shared.example.tld; # Specify SSL Config when needed - #ssl_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem; - #ssl_certificate_key /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/privkey.pem; - #ssl_trusted_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem; + #ssl_certificate /path/to/certificate/letsencrypt/live/shared.example.tld/fullchain.pem; + #ssl_certificate_key /path/to/certificate/letsencrypt/live/shared.example.tld/privkey.pem; + #ssl_trusted_certificate /path/to/certificate/letsencrypt/live/shared.example.tld/fullchain.pem; + #add_header Strict-Transport-Security "max-age=31536000;"; client_max_body_size 525M; @@ -299,7 +292,6 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://vaultwarden-default; }