Preparing for upcoming

Dear community,

I would like to prepare my setup for the upcoming change but I am afraid I need some help since I am not experienced enough to deal with it.

I am running vaultwarden (v.1.30) on a Rpi3 in a docker container using nginx as reserve proxy.

My current nginx config looks like this:

server {
    listen 80;
    listen [::]:80;
    server_name; #could be localhost
    return 301 https://$host$request_uri;

server {
  listen 443 ssl http2;
  server_name; #could be localhost
  ssl_certificate      /etc/ssl/certs/nginx-bitwarden.crt;
  ssl_certificate_key  /etc/ssl/private/nginx-bitwarden.key;

  ssl_dhparam /etc/ssl/certs/dhparam.pem;

  # Allow large attachments
  client_max_body_size 128M;

  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  location /notifications/hub {
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  location /notifications/hub/negotiate {

It’s working great since maybe two years, never touching the installation except for updating the docker image.

Is it feasible to simply remove the locations /notifications/hub and locations/hub/negotiate for the upgrade to v.1.31?
nginx from the raspi repo seems quite old - will this setup work for nginx 1.18? Would it be a much better option to run a more recent nginx in docker and follow the guide for nginx v.1.29+? Or upgrade the underlying raspbian from 11(bullseye) to 12 (bookworm)?

I am thankful for any hints or tips.

Some additional information:

uname -a

Linux pihole1 6.1.21-v7+ #1642 SMP Mon Apr 3 17:20:52 BST 2023 armv7l GNU/Linux

dpkg-query --show nginx

nginx 1.18.0-6.1+deb11u3`

lsb_release -a

No LSB modules are available.
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye

docker ps
CONTAINER ID   IMAGE                           COMMAND        CREATED       STATUS                 PORTS                                                           NAMES
da1e7e68a068   vaultwarden/server:latest       "/"    7 hours ago   Up 7 hours (healthy)   3012/tcp,>80/tcp                                vw

I removed /notifications/hub and …/negotiate a while ago, both in a server where the URL includes a path (/vaultwarden) and in another one which is at the root of the subdomain.

I used the nginx examples from the Wiki (Proxy examples · dani-garcia/vaultwarden Wiki · GitHub, “Nginx with sub-path” and “Nginx - v1.29.0+”), and both work perfectly.


Upgrading can be kinda hard, but here are a few suggestions:

  1. Removing those locations might cause issues. It’s better to test it on a staging setup first.
  2. Upgrading Nginx within Docker is a good idea, especially for compatibility.
  3. Check if the current Nginx version can support v1.31. If not, consider upgrading Raspbian or using a more recent Nginx version in Docker.

Good luck!