From a88810e9a857409163a3f62e4d6a6cdc61cde24b Mon Sep 17 00:00:00 2001
From: Jivan Pal <jivan.pal@gmail.com>
Date: Tue, 3 Dec 2024 00:37:39 +0000
Subject: [PATCH] In Nginx, `if` should be avoided for risk of confusion ("`if`
 is evil"). No reason to use it here anyway, as `server_name` handles that.

---
 Proxy-examples.md | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/Proxy-examples.md b/Proxy-examples.md
index ae2c869..9127b59 100644
--- a/Proxy-examples.md
+++ b/Proxy-examples.md
@@ -160,10 +160,7 @@ server {
     listen [::]:80;
     server_name vaultwarden.example.tld;
 
-    if ($host = vaultwarden.example.tld) {
-        return 301 https://$host$request_uri;
-    }
-    return 404;
+    return 301 https://$host$request_uri;
 }
 
 server {
@@ -265,10 +262,14 @@ server {
     listen [::]:80;
     server_name vaultwarden.example.tld;
 
-    if ($host = vaultwarden.example.tld) {
+    location /vault/ { # <-- replace with desired sub-path
         return 301 https://$host$request_uri;
     }
-    return 404;
+
+    # If you want to enforce HTTPS for the entire domain anyway,
+    # rather than just for Vaultwarden, then you can just use
+    # the following instead of the `location` block above:
+    return 301 https://$host$request_uri;
 }
 
 server {
@@ -416,14 +417,11 @@ map $http_upgrade $connection_upgrade {
 
 # Redirect HTTP to HTTPS
 server {
-    if ($host = vaultwarden.example.tld) {
-        return 301 https://$host$request_uri;
-    }
-
     listen 80 proxy_protocol; # <---
     listen [::]:80 proxy_protocol; # <---
     server_name vaultwarden.example.tld;
-    return 404;
+
+    return 301 https://$host$request_uri;
 }
 
 server {