Include more proxy examples

6 years ago · 9cdb605659
parent 928e2424c0
commit 9cdb605659
2 changed files with 82 additions and 21 deletions
--- a/PROXY.md
+++ b/PROXY.md
@ -0,0 +1,80 @@
 # Proxy examples
 In this document, `<SERVER>` refers to the IP or domain where bitwarden_rs is accessible from. If both the proxy and bitwarden_rs are running in the same system, simply use `localhost`.
 The ports proxied by default are `80` for the web server and `3012` for the WebSocket server. The proxies are configured to listen in port `443` with HTTPS enabled, which is recommended.
 When using a proxy, it's preferrable to configure HTTPS at the proxy level and not at the application level, this way the WebSockets connection is also secured.
 ## Caddy
 ```nginx
 localhost:443 {
    # The negotiation endpoint is also proxied to Rocket
    proxy /notifications/hub/negotiate <SERVER>:80 {
        transparent
    }
    # Notifications redirected to the websockets server
    proxy /notifications/hub <SERVER>:3012 {
        websocket
    }
    # Proxy the Root directory to Rocket
    proxy / <SERVER>:80 {
        transparent
    }
    tls ${SSLCERTIFICATE} ${SSLKEY}
 }
 ```
 ## Nginx (by shauder)
 ```nginx
 server {
  include conf.d/ssl/ssl.conf;
  listen 443 ssl http2;
  server_name vault.*;
  location /notifications/hub/negotiate {
    include conf.d/proxy-confs/proxy.conf;
    proxy_pass http://<SERVER>:80;
  }
  location / {
    include conf.d/proxy-confs/proxy.conf;
    proxy_pass http://<SERVER>:80;
  }
  location /notifications/hub {
    proxy_pass http://<SERVER>:3012/api/websocket;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
 }
 ```
 ## Apache (by fbartels)
 ```apache
 <VirtualHost *:443>
    SSLEngine on
    ServerName bitwarden.$hostname.$domainname
    SSLCertificateFile ${SSLCERTIFICATE}
    SSLCertificateKeyFile ${SSLKEY}
    SSLCACertificateFile ${SSLCA}
    ${SSLCHAIN}
    ErrorLog \${APACHE_LOG_DIR}/bitwarden-error.log
    CustomLog \${APACHE_LOG_DIR}/bitwarden-access.log combined
    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*)           ws://<SERVER>:3012/$1 [P,L]
    ProxyPass / http://<SERVER>:80/
    ProxyPreserveHost On
    ProxyRequests Off
 </VirtualHost>
 ```
--- a/README.md
+++ b/README.md
@ -184,26 +184,7 @@ To enable WebSockets notifications, an external reverse proxy is necessary, and
 - Route everything else, including `/notifications/hub/negotiate`, to the standard Rocket server, by default at port `80`.
 - If using Docker, you may need to map both ports with the `-p` flag
-An example configuration is included next for a [Caddy](https://caddyserver.com/) proxy server, and assumes the proxy is running in the same computer as `bitwarden_rs`:
+Example configurations are included in the [PROXY.md](https://github.com/dani-garcia/bitwarden_rs/blob/master/PROXY.md) file.
 ```r
 localhost:2015 {
    # The negotiation endpoint is also proxied to Rocket
    proxy /notifications/hub/negotiate 0.0.0.0:80 {
        transparent
    }
    # Notifications redirected to the websockets server
    proxy /notifications/hub 0.0.0.0:3012 {
        websocket
    }
    # Proxy the Root directory to Rocket
    proxy / 0.0.0.0:80 {
        transparent
    }
 }
 ```
 Note: The reason for this workaround is the lack of support for WebSockets from Rocket (though [it's a planned feature](https://github.com/SergioBenitez/Rocket/issues/90)), which forces us to launch a secondary server on a separate port.
@ -380,7 +361,7 @@ docker build -t bitwarden_rs .
 ## Building binary
-For building binary outside the Docker environment and running it locally without docker, please see [build instructions](BUILD.md).
+For building binary outside the Docker environment and running it locally without docker, please see [build instructions](https://github.com/dani-garcia/bitwarden_rs/blob/master/BUILD.md).
 ## Available packages