Updated Proxy examples (markdown)

Mathijs van Veluw 2022-03-01 11:42:23 +01:00
parent 4d827c5eed
commit cd0df09bd0
1 changed files with 27 additions and 4 deletions

@ -176,8 +176,16 @@ DOMAIN=https://bitwarden.example.tld/vault/
```nginx ```nginx
# Define the server IP and ports here. # Define the server IP and ports here.
upstream vaultwarden-default { server 127.0.0.1:8080; } upstream vaultwarden-default {
upstream vaultwarden-ws { server 127.0.0.1:3012; } zone vaultwarden-default 64k;
server 127.0.0.1:8080;
keepalive 2;
}
upstream vaultwarden-ws {
zone vaultwarden-ws 64k;
server 127.0.0.1:3012;
keepalive 2;
}
# Redirect HTTP to HTTPS # Redirect HTTP to HTTPS
server { server {
@ -203,6 +211,9 @@ server {
# Path to the root of your installation # Path to the root of your installation
# Be sure to add the trailing /, else you could have issues # Be sure to add the trailing /, else you could have issues
location /vault/ { location /vault/ {
proxy_http_version 1.1;
proxy_set_header "Connection" "";
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -212,6 +223,9 @@ server {
} }
location /vault/notifications/hub/negotiate { location /vault/notifications/hub/negotiate {
proxy_http_version 1.1;
proxy_set_header "Connection" "";
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -221,20 +235,29 @@ server {
} }
location /vault/notifications/hub { location /vault/notifications/hub {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection; proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Forwarded $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://vaultwarden-ws; proxy_pass http://vaultwarden-ws;
} }
# Optionally add extra authentication besides the ADMIN_TOKEN # Optionally add extra authentication besides the ADMIN_TOKEN
# If you don't want this, leave this part out # If you don't want this, leave this part out
location ^~ /vault/admin { location /vault/admin {
# See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
auth_basic "Private"; auth_basic "Private";
auth_basic_user_file /path/to/htpasswd_file; auth_basic_user_file /path/to/htpasswd_file;
proxy_http_version 1.1;
proxy_set_header "Connection" "";
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;