From 95b73daa36b23565a8566f71f9b202d3459b685f Mon Sep 17 00:00:00 2001
From: Sam Chudnick <sam@chudnick.com>
Date: Sun, 25 Jun 2023 09:52:36 -0400
Subject: Initial Commit

---
 data/vaultwarden/vaultwarden.conf.j2 | 39 ++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 data/vaultwarden/vaultwarden.conf.j2

(limited to 'data/vaultwarden')

diff --git a/data/vaultwarden/vaultwarden.conf.j2 b/data/vaultwarden/vaultwarden.conf.j2
new file mode 100644
index 0000000..76fd99c
--- /dev/null
+++ b/data/vaultwarden/vaultwarden.conf.j2
@@ -0,0 +1,39 @@
+server {
+	listen 443 ssl;
+	server_name {{ vaultwarden_server_name }};
+
+    ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    # Security / XSS Mitigation Headers
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+
+	# authelia
+	include /etc/nginx/snippets/authelia-location.conf;
+
+    location /admin {
+		#authelia
+		include /etc/nginx/snippets/proxy.conf;
+        include /etc/nginx/snippets/authelia-authrequest.conf;
+
+        proxy_pass http://127.0.0.1:{{ vaultwarden_external_port }};
+    }
+
+    location / {
+        proxy_pass http://127.0.0.1:{{ vaultwarden_external_port }}/;
+    }
+
+
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+	server_name {{ vaultwarden_server_name }};
+	return 301 https://$host$request_uri;
+}
-- 
cgit v1.2.3