From 67f85acaa1cf8df7f251e2e0fa1847aa3899d05a Mon Sep 17 00:00:00 2001
From: FlakyPi <143874154+FlakyPi@users.noreply.github.com>
Date: Sat, 11 Nov 2023 13:54:44 +0100
Subject: [PATCH] Added proxy example for Lighttpd with sub-path for v1.29.0+
---
Proxy-examples.md | 43 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
diff --git a/Proxy-examples.md b/Proxy-examples.md
index dcda781..0469eba 100644
--- a/Proxy-examples.md
+++ b/Proxy-examples.md
@@ -116,6 +116,49 @@ You'll have to set `IP_HEADER` to `X-Forwarded-For` instead of `X-Real-IP` in th
+
+lighttpd with sub-path - v1.29.0+ (by FlakyPi)
+
+In this example Vaultwarden will be available via https://vaultwarden.example.tld/vault/
+If you want to use any other sub-path, like `bitwarden` or `secret-vault` you should change `vault` in the example below to match.
+
+```lighttpd
+server.modules += (
+"mod_openssl"
+)
+
+$SERVER["socket"] == ":443" {
+ ssl.engine = "enable"
+ ssl.pemfile = "/etc/letsencrypt/live/vaultwarden.example.tld/fullchain.pem"
+ ssl.privkey = "/etc/letsencrypt/live/vaultwarden.example.tld/privkey.pem"
+}
+
+# Redirect HTTP requests (port 80) to HTTPS (port 443)
+$SERVER["socket"] == ":80" {
+ $HTTP["host"] =~ "vaultwarden.example.tld" {
+ url.redirect = ( "^/(.*)" => "https://vaultwarden.example.tld/$1" )
+ server.name = "vaultwarden.example.tld"
+ }
+}
+
+server.modules += ( "mod_proxy" )
+
+$HTTP["host"] == "vaultwarden.example.tld" {
+ $HTTP["url"] =~ "/vault" {
+ proxy.server = ( "" => ("vaultwarden" => ( "host" => "", "port" => 8080 )))
+ proxy.forwarded = ( "for" => 1 )
+ proxy.header = (
+ "https-remap" => "enable",
+ "upgrade" => "enable",
+ "connect" => "enable"
+ )
+ }
+}
+```
+You'll have to set `IP_HEADER` to `X-Forwarded-For` instead of `X-Real-IP` in the Vaultwarden environment.
+
+
+
Nginx - v1.29.0+ (by @BlackDex)