elleoma/nix-flakes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
Amoelle
2025-07-23 16:47:48 +03:00
commit 349c65ed1f
22 changed files with 1032 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
modules/nginx/sites-available/vaultwarden Normal file
View File

@@ -0,0 +1,64 @@
# The `upstream` directives ensure that you have a http/1.1 connection
# This enables the keepalive option and better performance
#
# Define the server IP and ports here.
upstream vaultwarden-default {
zone vaultwarden-default 128k;
server 127.0.0.1:5080;
keepalive 2;
}
# Needed to support websocket connections
# See: https://nginx.org/en/docs/http/websocket.html
# Instead of "close" as stated in the above link we send an empty value.
# Else all keepalive connections will not work.
map $http_upgrade $connection_upgrade {
default upgrade;
'' "";
}
# Redirect HTTP to HTTPS
server {
listen 80;
listen [::]:80;
server_name vault.forsen-cock.dedyn.io;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl;
server_name vault.forsen-cock.dedyn.io;
client_max_body_size 525M;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# If you use Cloudflare proxying, replace $remote_addr with $http_cf_connecting_ip
# See https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/#nginx-1
# alternatively use ngx_http_realip_module
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Proxy settings for HTTP API and web vault
location / {
proxy_pass http://vaultwarden-default; # Vaultwarden's internal HTTPS port
}
location /admin {
allow 127.0.0.1;
allow 192.168.0.0/24;
allow 91.245.123.18;
deny all;
proxy_pass http://vaultwarden-default;
}
ssl_certificate /etc/letsencrypt/live/vault.forsen-cock.dedyn.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vault.forsen-cock.dedyn.io/privkey.pem; # managed by Certbot
}