In Nginx, if should be avoided for risk of confusion ("if is evil"). No reason to use it here anyway, as server_name handles that.

Proxy-examples.md

@@ -160,11 +160,8 @@ server {
     listen [::]:80;
     server_name vaultwarden.example.tld;
 
-    if ($host = vaultwarden.example.tld) {
     return 301 https://$host$request_uri;
 }
-    return 404;
-}
 
 server {
     # For older versions of nginx appened http2 to the listen line after ssl and remove `http2 on`
@@ -265,10 +262,14 @@ server {
     listen [::]:80;
     server_name vaultwarden.example.tld;
 
-    if ($host = vaultwarden.example.tld) {
+    location /vault/ { # <-- replace with desired sub-path
         return 301 https://$host$request_uri;
     }
-    return 404;
+
+    # If you want to enforce HTTPS for the entire domain anyway,
+    # rather than just for Vaultwarden, then you can just use
+    # the following instead of the `location` block above:
+    return 301 https://$host$request_uri;
 }
 
 server {
@@ -416,14 +417,11 @@ map $http_upgrade $connection_upgrade {
 
 # Redirect HTTP to HTTPS
 server {
-    if ($host = vaultwarden.example.tld) {
-        return 301 https://$host$request_uri;
-    }
-
     listen 80 proxy_protocol; # <---
     listen [::]:80 proxy_protocol; # <---
     server_name vaultwarden.example.tld;
-    return 404;
+
+    return 301 https://$host$request_uri;
 }
 
 server {