vaultwarden
/
vaultwarden-alternativa-bitwarden
mirror of https://github.com/dani-garcia/vaultwarden.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

reverse proxy example for openbsd - relayd.conf file - tested good on openbsd 7.2 with websockets

Ollie Strickland 2022-11-12 02:05:19 -06:00
parent c0419b98b6
commit 5b767b54c1
1 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
Proxy-examples.md

@ -868,4 +868,51 @@ spec:
number: 80
host: vaultwarden
```
</details>
<details>
<summary>relayd on openbsd (by olliestrickland)</summary><br/>
```gateway+vs
table <vaultwarden-default-host> { localhost }
table <vaultwarden-websocket-host> { localhost }
# protocol definition for vaultwarden with tls
http protocol vaultwarden-https {
# add a header vaultwarden needs
match request header append "X-Real-IP" value "$REMOTE_ADDR"
# add a few headers vaultwarden may not need
match request header append "Host" value "$HOST"
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
# most general rule - forward connections to vaultwarden rocket
match request path "/*" forward to <vaultwarden-default-host>
# forward the path used for websocket to the vaultwarden websocket port
match request path "/notifications/hub" forward to <vaultwarden-websocket-host>
# save most specific path for last - this path should not forward to the websocket server
match request path "/notifications/hub/negotiate" forward to <vaultwarden-default-host>
# various TCP options
tcp { nodelay, sack, backlog 128 }
# tls config
tls keypair bitwarden.example.tld
tls { no tlsv1.0, ciphers HIGH }
# allow websockets - this is nice it handles all the headers no need for manual header edits
http websockets
}
# relay definition for vaultwarden - forward inbound 443 tls on the egress interface to rocket on default port 8000 and websocket on 3012
relay vaultwarden-https-relay {
listen on egress port 443 tls
protocol vaultwarden-https
forward to <vaultwarden-default-host> port 8000
forward to <vaultwarden-websocket-host> port 3012
}
```
</details>