Files
home_server/vaultwarden-server/Docker/nginx/default.conf.template
T
2024-02-03 11:58:42 +01:00

37 lines
1.2 KiB
Plaintext

server {
listen 80;
server_name bw.knast.cc;
# server_name localhost;
client_body_temp_path /tmp/nginx;
client_max_body_size 128M;
ssl_protocols TLSv1.3;
ssl_reject_handshake on;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
# the header prevents clickjacking
add_header X-Frame-Options "SAMEORIGIN";
# block Cross-Site scripting
add_header X-XSS-Protection "1; mode=block";
location / {
proxy_pass http://vaultwarden;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notifications/hub {
proxy_pass http://vaultwarden:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://vaultwarden:80;
}
}