update nginx template

Proxy-examples.md

@@ -164,7 +164,7 @@ server {
 }
 
 server {
-    # For older versions of nginx appened http2 to the listen line after ssl and remove `http2 on`
+    # For older versions of nginx appended http2 to the listen line after ssl and remove `http2 on`
     listen 443 ssl;
     listen [::]:443 ssl;
     http2 on;
@@ -174,19 +174,20 @@ server {
     #ssl_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;
     #ssl_certificate_key /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/privkey.pem;
     #ssl_trusted_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;
+    #add_header Strict-Transport-Security "max-age=31536000;";
 
     client_max_body_size 525M;
 
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+
     location / {
-      proxy_http_version 1.1;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection $connection_upgrade;
-
-      proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto $scheme;
-
       proxy_pass http://vaultwarden-default;
     }
 
@@ -198,15 +199,6 @@ server {
     #  auth_basic "Private";
     #  auth_basic_user_file /path/to/htpasswd_file;
     #
-    #  proxy_http_version 1.1;
-    #  proxy_set_header Upgrade $http_upgrade;
-    #  proxy_set_header Connection $connection_upgrade;
-    #
-    #  proxy_set_header Host $host;
-    #  proxy_set_header X-Real-IP $remote_addr;
-    #  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    #  proxy_set_header X-Forwarded-Proto $scheme;
-    #
     #  proxy_pass http://vaultwarden-default;
     #}
 }
@@ -226,14 +218,14 @@ If you run into 504 Gateway Timeout problems, tell nginx to wait longer for Vaul
 <details>
 <summary>Nginx with sub-path (by <a href="https://github.com/BlackDex" target="_blank">@BlackDex</a>)</summary><br/>
 
-In this example Vaultwarden will be available via https://bitwarden.example.tld/vault/<br/>
+In this example Vaultwarden will be available via https://shared.example.tld/vault/<br/>
 If you want to use any other sub-path, like `bitwarden` or `secret-vault` you should change `/vault/` in the example below to match.<br/>
 <br/>
 For this to work you need to configure your `DOMAIN` variable to match so it should look like:
 
 ```ini
 ; Add the sub-path! Else this will not work!
-DOMAIN=https://vaultwarden.example.tld/vault/
+DOMAIN=https://shared.example.tld/vault/
 ```
 
 ```nginx
@@ -260,7 +252,7 @@ map $http_upgrade $connection_upgrade {
 server {
     listen 80;
     listen [::]:80;
-    server_name vaultwarden.example.tld;
+    server_name shared.example.tld;
 
     location /vault/ { # <-- replace with desired sub-path
         return 301 https://$host$request_uri;
@@ -277,12 +269,13 @@ server {
     listen 443 ssl;
     listen [::]:443 ssl;
     http2 on;
-    server_name vaultwarden.example.tld;
+    server_name shared.example.tld;
 
     # Specify SSL Config when needed
-    #ssl_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;
+    #ssl_certificate /path/to/certificate/letsencrypt/live/shared.example.tld/fullchain.pem;
-    #ssl_certificate_key /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/privkey.pem;
+    #ssl_certificate_key /path/to/certificate/letsencrypt/live/shared.example.tld/privkey.pem;
-    #ssl_trusted_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;
+    #ssl_trusted_certificate /path/to/certificate/letsencrypt/live/shared.example.tld/fullchain.pem;
+    #add_header Strict-Transport-Security "max-age=31536000;";
 
     client_max_body_size 525M;
 
@@ -299,7 +292,6 @@ server {
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
-
       proxy_pass http://vaultwarden-default;
     }