geforkt von mirrored/vaultwarden
80 Zeilen
2,1 KiB
Markdown
80 Zeilen
2,1 KiB
Markdown
|
# Proxy examples
|
||
|
|
||
|
In this document, `<SERVER>` refers to the IP or domain where bitwarden_rs is accessible from. If both the proxy and bitwarden_rs are running in the same system, simply use `localhost`.
|
||
|
The ports proxied by default are `80` for the web server and `3012` for the WebSocket server. The proxies are configured to listen in port `443` with HTTPS enabled, which is recommended.
|
||
|
|
||
|
When using a proxy, it's preferrable to configure HTTPS at the proxy level and not at the application level, this way the WebSockets connection is also secured.
|
||
|
|
||
|
## Caddy
|
||
|
|
||
|
```nginx
|
||
|
localhost:443 {
|
||
|
# The negotiation endpoint is also proxied to Rocket
|
||
|
proxy /notifications/hub/negotiate <SERVER>:80 {
|
||
|
transparent
|
||
|
}
|
||
|
|
||
|
# Notifications redirected to the websockets server
|
||
|
proxy /notifications/hub <SERVER>:3012 {
|
||
|
websocket
|
||
|
}
|
||
|
|
||
|
# Proxy the Root directory to Rocket
|
||
|
proxy / <SERVER>:80 {
|
||
|
transparent
|
||
|
}
|
||
|
|
||
|
tls ${SSLCERTIFICATE} ${SSLKEY}
|
||
|
}
|
||
|
```
|
||
|
|
||
|
## Nginx (by shauder)
|
||
|
```nginx
|
||
|
server {
|
||
|
include conf.d/ssl/ssl.conf;
|
||
|
|
||
|
listen 443 ssl http2;
|
||
|
server_name vault.*;
|
||
|
|
||
|
location /notifications/hub/negotiate {
|
||
|
include conf.d/proxy-confs/proxy.conf;
|
||
|
proxy_pass http://<SERVER>:80;
|
||
|
}
|
||
|
|
||
|
location / {
|
||
|
include conf.d/proxy-confs/proxy.conf;
|
||
|
proxy_pass http://<SERVER>:80;
|
||
|
}
|
||
|
|
||
|
location /notifications/hub {
|
||
|
proxy_pass http://<SERVER>:3012/api/websocket;
|
||
|
proxy_set_header Upgrade $http_upgrade;
|
||
|
proxy_set_header Connection "upgrade";
|
||
|
}
|
||
|
}
|
||
|
```
|
||
|
|
||
|
## Apache (by fbartels)
|
||
|
```apache
|
||
|
<VirtualHost *:443>
|
||
|
SSLEngine on
|
||
|
ServerName bitwarden.$hostname.$domainname
|
||
|
|
||
|
SSLCertificateFile ${SSLCERTIFICATE}
|
||
|
SSLCertificateKeyFile ${SSLKEY}
|
||
|
SSLCACertificateFile ${SSLCA}
|
||
|
${SSLCHAIN}
|
||
|
|
||
|
ErrorLog \${APACHE_LOG_DIR}/bitwarden-error.log
|
||
|
CustomLog \${APACHE_LOG_DIR}/bitwarden-access.log combined
|
||
|
|
||
|
RewriteEngine On
|
||
|
RewriteCond %{HTTP:Upgrade} =websocket [NC]
|
||
|
RewriteRule /(.*) ws://<SERVER>:3012/$1 [P,L]
|
||
|
|
||
|
ProxyPass / http://<SERVER>:80/
|
||
|
|
||
|
ProxyPreserveHost On
|
||
|
ProxyRequests Off
|
||
|
</VirtualHost>
|
||
|
```
|