upstream vaultwarden-default { zone vaultwarden-default 64k; server 192.168.122.5:8082; keepalive 2; } map $http_upgrade $connection_upgrade { default upgrade; '' ""; } server { listen 80; listen [::]:80; server_name vault.iamninja.ru; if ($host = vault.iamninja.ru) { return 301 https://$host$request_uri; } return 404; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name vault.iamninja.ru; access_log /var/log/vault.iamninja.ru.ssl.access.log; error_log /var/log/vault.iamninja.ru.ssl.error.log; ssl_certificate /etc/letsencrypt/live/iamninja.ru/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/iamninja.ru/privkey.pem; # include /etc/letsencrypt/options-ssl-nginx.conf; # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://vaultwarden-default; # proxy_set_header HOST $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; add_header Host $http_host; add_header X-Real-IP $remote_addr; add_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header X-Forwarded-Proto $scheme; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header Referrer-Policy "strict-origin"; add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"; client_max_body_size 525M; proxy_buffers 16 32k; proxy_buffer_size 64k; proxy_connect_timeout 600s; proxy_send_timeout 600s; proxy_read_timeout 600s; send_timeout 600s; server_tokens off; } # location /robots.txt { # alias /var/www/robots.txt; # } }