M roles/vaultwarden/templates/pass.conf.j2 => roles/vaultwarden/templates/pass.conf.j2 +30 -12
@@ 1,3 1,22 @@
+# The `upstream` directives ensure that you have a http/1.1 connection
+# This enables the keepalive option and better performance
+#
+# Define the server IP and ports here.
+upstream vaultwarden-default {
+ zone vaultwarden-default 64k;
+ server 127.0.0.1:8000;
+ keepalive 2;
+}
+
+# Needed to support websocket connections
+# See: https://nginx.org/en/docs/http/websocket.html
+# Instead of "close" as stated in the above link we send an empty value.
+# Else all keepalive connections will not work.
+map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' "";
+}
+
server {
include /etc/nginx/snippets/http.conf;
server_name pass.xenrox.net;
@@ 7,35 26,34 @@ server {
include /etc/nginx/snippets/https.conf;
server_name pass.xenrox.net;
- client_max_body_size 128M;
+ client_max_body_size 525M;
location / {
- proxy_pass http://127.0.0.1:8000;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
- }
-
- location /notifications/hub {
- proxy_pass http://127.0.0.1:3012;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- }
- location /notifications/hub/negotiate {
- proxy_pass http://127.0.0.1:8000;
+ proxy_pass http://vaultwarden-default;
}
location /admin {
allow {{ wireguard_vpn_subnet }};
deny all;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
- proxy_pass http://127.0.0.1:8000;
+ proxy_pass http://vaultwarden-default;
}
}