rhino/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-25 11:19:21 -07:00
Code Issues Packages Projects Releases Wiki Activity

clean up Caddy 2.x example, remove weird default example of running Caddyfile behind another reverse proxy

Jeremy Lin
2021-03-05 18:21:19 -08:00
parent e1bb0d293b
commit 3f12232a7b
1 changed files with 28 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
Proxy-examples.md

@@ -39,25 +39,36 @@ Caddy can also automatically enable HTTPS in some circumstances, check the [docs
<details> <details>
<summary>Caddy 2.x</summary><br/> <summary>Caddy 2.x</summary><br/>
Caddy 2 can also automatically enable HTTPS in some circumstances, check the [docs](https://caddyserver.com/docs/automatic-https). Caddy 2 can automatically enable HTTPS in some circumstances, check the [docs](https://caddyserver.com/docs/automatic-https).
```nginx
# Caddyfile V2.0 config file In the Caddyfile syntax, `{$VAR}` denotes the value of the environment variable `VAR`.
:80 { If you prefer, you can also directly specify a value instead of substituting an env var value.
#Caddy on port 80 in container to bitwarden_rs private instance
#Use it if Caddy behind another reverse proxy such as the one embedded on Synology ```
{$DOMAIN}:443 {
log { log {
output file {env.LOG_FILE} level INFO
level INFO output file {$LOG_FILE} {
#roll_size 5MiB #Not working on Caddy V2.0.0 Beta20 https://caddyserver.com/docs/caddyfile/directives/log#log roll_size 10MB
#roll_keep 2 #Not working on Caddy V2.0.0 Beta20 https://caddyserver.com/docs/caddyfile/directives/log#log roll_keep 10
}
} }
# Uncomment this if you want to get a cert via ACME (Let's Encrypt or ZeroSSL).
# tls {$EMAIL}
# Or uncomment this if you're providing your own cert. You would also use this option
# if you're running behind Cloudflare.
# tls {$SSL_CERT_PATH} {$SSL_KEY_PATH}
# This setting may have compatibility issues with some browsers # This setting may have compatibility issues with some browsers
# (e.g., attachment downloading on Firefox). Try disabling this # (e.g., attachment downloading on Firefox). Try disabling this
# if you encounter issues. # if you encounter issues.
encode gzip encode gzip
header { header / {
# Enable HTTP Strict Transport Security (HSTS)
Strict-Transport-Security "max-age=31536000;"
# Enable cross-site filter (XSS) and tell browser to block detected attacks # Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block" X-XSS-Protection "1; mode=block"
# Disallow the site to be rendered within a frame (clickjacking protection) # Disallow the site to be rendered within a frame (clickjacking protection)
@@ -68,58 +79,16 @@ Caddy 2 can also automatically enable HTTPS in some circumstances, check the [do
-Server -Server
} }
# The negotiation endpoint is also proxied to Rocket
reverse_proxy /notifications/hub/negotiate <SERVER>:80
# Notifications redirected to the websockets server # Notifications redirected to the websockets server
reverse_proxy /notifications/hub <SERVER>:3012 reverse_proxy /notifications/hub <SERVER>:3012
# Proxy the Root directory to Rocket # Proxy everything else to Rocket
reverse_proxy <SERVER>:80 reverse_proxy <SERVER>:80 {
# Send the true remote IP to Rocket, so that bitwarden_rs can put this in the
# log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host}
}
} }
#{env.DOMAIN}:443 {
# #Caddy on port 443 in container to bitwarden_rs private instance
# #Use it if Caddy exposed to the net
#
# log {
# output file {env.LOG_FILE}
# level INFO
# #roll_size 5MiB #Not working on Caddy V2.0.0 Beta20 https://caddyserver.com/docs/caddyfile/directives/log#log
# #rool_keep 30 #Not working on Caddy V2.0.0 Beta20 https://caddyserver.com/docs/caddyfile/directives/log#log
# }
#
# # Uncomment only one of the 2 lines. Depending if you provide your own cert or request one from Let's Encrypt
# tls {env.SSLCERTIFICATE} {env.SSLKEY}
# tls {env.EMAIL}
#
# encode gzip
#
# header / {
# # Enable HTTP Strict Transport Security (HSTS)
# Strict-Transport-Security "max-age=31536000;"
# # Enable cross-site filter (XSS) and tell browser to block detected attacks
# X-XSS-Protection "1; mode=block"
# # Disallow the site to be rendered within a frame (clickjacking protection)
# X-Frame-Options "DENY"
# # Prevent search engines from indexing (optional)
# X-Robots-Tag "none"
# # Server name removing
# -Server
# }
# # The negotiation endpoint is also proxied to Rocket
# reverse_proxy /notifications/hub/negotiate <SERVER>:80
#
# # Notifications redirected to the websockets server
# reverse_proxy /notifications/hub <SERVER>:3012
#
# # Proxy the Root directory to Rocket
# reverse_proxy <SERVER>:80 {
# # Send the true remote IP to Rocket, so that bitwarden_rs can put this in the
# # log, so that fail2ban can ban the correct IP.
# header_up X-Real-IP {remote_host}
# }
#}
``` ```
</details> </details>