mirror of
https://github.com/linuxserver/reverse-proxy-confs.git
synced 2025-07-05 04:26:02 -07:00
100 lines
3.5 KiB
Text
100 lines
3.5 KiB
Text
## Version 2024/07/16
|
|
# make sure that your vaultwarden container is named vaultwarden
|
|
# make sure that your dns has a cname set for vaultwarden
|
|
# if you are using bitwarden (the official image), use the bitwarden conf
|
|
# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf
|
|
#
|
|
# vaultwarden defaults to port 80 and can be changed using the environment variable ROCKET_PORT on the vaultwarden container
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
|
|
server_name vaultwarden.*;
|
|
|
|
include /config/nginx/ssl.conf;
|
|
|
|
client_max_body_size 128M;
|
|
|
|
# enable for ldap auth (requires ldap-location.conf in the location block)
|
|
#include /config/nginx/ldap-server.conf;
|
|
|
|
# enable for Authelia (requires authelia-location.conf in the location block)
|
|
#include /config/nginx/authelia-server.conf;
|
|
|
|
# enable for Authentik (requires authentik-location.conf in the location block)
|
|
#include /config/nginx/authentik-server.conf;
|
|
|
|
location / {
|
|
# enable the next two lines for http auth
|
|
#auth_basic "Restricted";
|
|
#auth_basic_user_file /config/nginx/.htpasswd;
|
|
|
|
# enable for ldap auth (requires ldap-server.conf in the server block)
|
|
#include /config/nginx/ldap-location.conf;
|
|
|
|
# enable for Authelia (requires authelia-server.conf in the server block)
|
|
#include /config/nginx/authelia-location.conf;
|
|
|
|
# enable for Authentik (requires authentik-server.conf in the server block)
|
|
#include /config/nginx/authentik-location.conf;
|
|
|
|
include /config/nginx/proxy.conf;
|
|
include /config/nginx/resolver.conf;
|
|
set $upstream_app vaultwarden;
|
|
set $upstream_port 80;
|
|
set $upstream_proto http;
|
|
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
|
|
|
|
}
|
|
|
|
location ~ ^(/vaultwarden)?/admin {
|
|
# enable the next two lines for http auth
|
|
#auth_basic "Restricted";
|
|
#auth_basic_user_file /config/nginx/.htpasswd;
|
|
|
|
# enable for ldap auth (requires ldap-server.conf in the server block)
|
|
#include /config/nginx/ldap-location.conf;
|
|
|
|
# enable for Authelia (requires authelia-server.conf in the server block)
|
|
#include /config/nginx/authelia-location.conf;
|
|
|
|
# enable for Authentik (requires authentik-server.conf in the server block)
|
|
#include /config/nginx/authentik-location.conf;
|
|
|
|
# if you enable admin page via ADMIN_TOKEN env variable
|
|
# consider restricting access to LAN only via uncommenting the following lines
|
|
#allow 10.0.0.0/8;
|
|
#allow 172.16.0.0/12;
|
|
#allow 192.168.0.0/16;
|
|
#deny all;
|
|
|
|
include /config/nginx/proxy.conf;
|
|
include /config/nginx/resolver.conf;
|
|
set $upstream_app vaultwarden;
|
|
set $upstream_port 80;
|
|
set $upstream_proto http;
|
|
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
|
|
|
|
}
|
|
|
|
location ~ (/vaultwarden)?/api {
|
|
include /config/nginx/proxy.conf;
|
|
include /config/nginx/resolver.conf;
|
|
set $upstream_app vaultwarden;
|
|
set $upstream_port 80;
|
|
set $upstream_proto http;
|
|
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
|
|
|
|
}
|
|
|
|
location ~ (/vaultwarden)?/notifications/hub {
|
|
include /config/nginx/proxy.conf;
|
|
include /config/nginx/resolver.conf;
|
|
set $upstream_app vaultwarden;
|
|
set $upstream_port 80;
|
|
set $upstream_proto http;
|
|
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
|
|
|
|
}
|
|
}
|