Hello Guys,
I set up a Vaultwarden and a caddy reverse proxy (for the SSL part) on the same host, as described in this part of the wiki, and it is working perfectly fine ! (Thank you guys for the documentation!).
This vaultwarden “full server box” is hosted in the Private DMZ and can be normally accessed from inside the LAN using https
Until here, everything is perfect !
But now, here is now my problem:
I also need to make it accessible from the outside (Internet), and for this, the entrance point is through the main NGINX WAF reverse proxy located in the Public DMZ. This NGINX reverse proxy then must follow the different flows to the original Caddy reverse proxy on the VW server box inside the Private DMZ.
That finally makes flows passing through two successive reverse proxies.
I don’t want to jump over the caddy https by directing all the flows in http from de public DMZ directly to vaultwarden (http) in the private DMZ. Not clean.
So I started using the typical nginx reverse-proxy template in the wiki to build my sites-enabled/conf file, but I quickly saw this was not adapted, and here I’m stumped !
I made some searches on this forum and on Internet, but was not able to find such a case with this scenario of one first nginx proxy in a public DMZ, and a second vaultwarden+caddy reverse-proxy in the private DMZ.
My main thinking would be to redirect in this way, but it’s not working.
----------------------------
| nginx in | caddy in |
| public DMZ | private DMZ |
|---------------------------
| http --> http |
----------------------------
| https --> https |
----------------------------
I’m not understanding what are the different flows embeded to be able to direct them correctly.
Could you please point me in the right direction for the frontal nginx configuration ?
Many thanks evrybody !!