Preparing for upcoming

pete · November 15, 2023, 9:42pm

Dear community,

I would like to prepare my setup for the upcoming change but I am afraid I need some help since I am not experienced enough to deal with it.

I am running vaultwarden (v.1.30) on a Rpi3 in a docker container using nginx as reserve proxy.

My current nginx config looks like this:

server {
    listen 80;
    listen [::]:80;
    server_name 10.7.8.8; #could be localhost
    return 301 https://$host$request_uri;
}

server {
  listen 443 ssl http2;
  server_name 10.7.8.8; #could be localhost
  
  ssl_certificate      /etc/ssl/certs/nginx-bitwarden.crt;
  ssl_certificate_key  /etc/ssl/private/nginx-bitwarden.key;

  ssl_dhparam /etc/ssl/certs/dhparam.pem;

  # Allow large attachments
  client_max_body_size 128M;

  location / {
    proxy_pass http://0.0.0.0:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  
  location /notifications/hub {
    proxy_pass http://0.0.0.0:3012;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  
  location /notifications/hub/negotiate {
    proxy_pass http://0.0.0.0:8080;
  }
}

It’s working great since maybe two years, never touching the installation except for updating the docker image.

Is it feasible to simply remove the locations /notifications/hub and locations/hub/negotiate for the upgrade to v.1.31?
nginx from the raspi repo seems quite old - will this setup work for nginx 1.18? Would it be a much better option to run a more recent nginx in docker and follow the guide for nginx v.1.29+? Or upgrade the underlying raspbian from 11(bullseye) to 12 (bookworm)?

I am thankful for any hints or tips.

Some additional information:

uname -a

Linux pihole1 6.1.21-v7+ #1642 SMP Mon Apr 3 17:20:52 BST 2023 armv7l GNU/Linux

dpkg-query --show nginx

nginx 1.18.0-6.1+deb11u3`

lsb_release -a

No LSB modules are available.
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye

docker ps

CONTAINER ID   IMAGE                           COMMAND        CREATED       STATUS                 PORTS                                                           NAMES
da1e7e68a068   vaultwarden/server:latest       "/start.sh"    7 hours ago   Up 7 hours (healthy)   3012/tcp, 127.0.0.1:8080->80/tcp                                vw

reinob · November 17, 2023, 4:06pm

I removed /notifications/hub and …/negotiate a while ago, both in a server where the URL includes a path (/vaultwarden) and in another one which is at the root of the subdomain.

I used the nginx examples from the Wiki (Proxy examples · dani-garcia/vaultwarden Wiki · GitHub, “Nginx with sub-path” and “Nginx - v1.29.0+”), and both work perfectly.

ShadowPulse · November 24, 2023, 1:14pm

Hello.

Upgrading can be kinda hard, but here are a few suggestions:

Removing those locations might cause issues. It’s better to test it on a staging setup first.
Upgrading Nginx within Docker is a good idea, especially for compatibility.
Check if the current Nginx version can support v1.31. If not, consider upgrading Raspbian or using a more recent Nginx version in Docker.

Good luck!

Topic		Replies	Views
Vaultwarden and Nginx Proxy Manager Help	33	32989	November 16, 2023
Vaultwarden nginx user-agent filter Help	0	433	February 16, 2023
(SOLVED) OPNsense - Nginx reverse proxy -> Vaultwarden docker synology Third Party Help	6	5679	January 15, 2022
Ok lets install it Help	5	650	October 12, 2023
Reverse proxy nginx 502 bad gateway Help	2	1910	May 27, 2023

Preparing for upcoming

Related Topics