bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2026-04-12 11:43:51 -05:00
Code Issues Packages Projects Releases 211 Wiki Activity
Files
rc
server/util/Setup/Templates/NginxConfig.hbs
Amy Galles c9a1f1e7ef create new dockerfile for SeederApi (#7072) 
* create new dockerfile for SeederApi

* troubleshoot cargo issues

* troubleshoot cargo issues

* Ensure Rustup run on build env for appropriate target

* Musl targets do not support cdylibs

* Ensure default triple set to target

* Set target triple rather than update default host

* Change build platforms per project

* Switch to debian since we can't use musl

* Debian build for seeder should work with arm targets

* Move app stage to distroless

* remove SeederApi from server publish section

* suppress unrelated warnings"

* ruling out builds as error source

* override platforms for SeederApi

* troubleshoot matrix

* add extra step for evaluating platforms

* fix syntax error

* exclude unrelated error

* exclude unrelated error

* exclude unrelated error

* exclude unrelated error

* exclude unrelated error

* temporarily reduce number of builds

* exclude unrelated error

* remove temporary block on other builds

* remove unused builds from dockerfile

* add nginx location for seeder, wrap it behind an if check defaulting to false. This was discuss with Matt G, as this will enable QA usage of it without repetitive intervention with config files and reloading the nginx service etc. Handlebars will continously overwrite the nginx conf file on update

* opted to remove conditional location to seederApi, instead include additional conf files in the same directory allowing for extensibility and not directly placing the non-prod seeder location in the config builder

---------

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: AJ Mabry <81774843+aj-bw@users.noreply.github.com>
2026-03-13 16:08:15 -04:00

179 lines
4.4 KiB
Handlebars
Raw Permalink Blame History

#######################################################################
# WARNING: This file is generated. Do not make changes to this file. #
# They will be overwritten on update. You can manage various settings #
# used in this file from the ./bwdata/config.yml file for your #
# installation. #
#######################################################################
server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name {{{Domain}}};
{{#if Ssl}}
return 301 {{{Url}}}$request_uri;
}
server {
listen 8443 ssl http2;
listen [::]:8443 ssl http2;
server_name {{{Domain}}};
ssl_certificate {{{CertificatePath}}};
ssl_certificate_key {{{KeyPath}}};
ssl_session_timeout 30m;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;
{{#if DiffieHellmanPath}}
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam {{{DiffieHellmanPath}}};
{{/if}}
ssl_protocols {{{SslProtocols}}};
ssl_ciphers "{{{SslCiphers}}}";
{{#if SslCurves}}
ssl_ecdh_curve {{{SslCurves}}};
{{/if}}
# Enables server-side protection from BEAST attacks
ssl_prefer_server_ciphers on;
{{#if CaPath}}
# OCSP Stapling ---
# Fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
# Verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate {{{CaPath}}};
resolver 1.1.1.1 1.0.0.1 9.9.9.9 149.112.112.112 valid=300s;
{{/if}}
include /etc/nginx/security-headers-ssl.conf;
{{/if}}
include /etc/nginx/security-headers.conf;
{{#if RealIps}}
{{#each RealIps}}
set_real_ip_from {{{this}}};
{{/each}}
real_ip_header X-Forwarded-For;
real_ip_recursive on;
{{/if}}
location / {
proxy_pass http://web:5000/;
{{#if Ssl}}
include /etc/nginx/security-headers-ssl.conf;
{{/if}}
include /etc/nginx/security-headers.conf;
add_header Content-Security-Policy "{{{ContentSecurityPolicy}}}";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Robots-Tag "noindex, nofollow";
}
location /alive {
return 200 'alive';
add_header Content-Type text/plain;
}
location = /app-id.json {
proxy_pass http://web:5000/app-id.json;
{{#if Ssl}}
include /etc/nginx/security-headers-ssl.conf;
{{/if}}
include /etc/nginx/security-headers.conf;
proxy_hide_header Content-Type;
add_header Content-Type $fido_content_type;
}
location = /duo-connector.html {
proxy_pass http://web:5000/duo-connector.html;
}
location = /webauthn-connector.html {
proxy_pass http://web:5000/webauthn-connector.html;
}
location = /webauthn-fallback-connector.html {
proxy_pass http://web:5000/webauthn-fallback-connector.html;
}
location = /sso-connector.html {
proxy_pass http://web:5000/sso-connector.html;
}
location /attachments/ {
proxy_pass http://attachments:5000/;
}
location /api/ {
proxy_pass http://api:5000/;
}
location /icons/ {
proxy_pass http://icons:5000/;
}
location /notifications/ {
proxy_pass http://notifications:5000/;
}
location /notifications/hub {
proxy_pass http://notifications:5000/hub;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
location /notifications/anonymous-hub {
proxy_pass http://notifications:5000/anonymous-hub;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
location /events/ {
proxy_pass http://events:5000/;
}
location /sso {
proxy_pass http://sso:5000;
{{#if Ssl}}
include /etc/nginx/security-headers-ssl.conf;
{{/if}}
include /etc/nginx/security-headers.conf;
add_header X-Frame-Options SAMEORIGIN;
}
location /identity {
proxy_pass http://identity:5000;
{{#if Ssl}}
include /etc/nginx/security-headers-ssl.conf;
{{/if}}
include /etc/nginx/security-headers.conf;
add_header X-Frame-Options SAMEORIGIN;
}
location /admin {
proxy_pass http://admin:5000;
{{#if Ssl}}
include /etc/nginx/security-headers-ssl.conf;
{{/if}}
include /etc/nginx/security-headers.conf;
add_header X-Frame-Options SAMEORIGIN;
}
{{#if EnableKeyConnector}}
location /key-connector/ {
proxy_pass http://key-connector:5000/;
}
{{/if}}
{{#if EnableScim}}
location /scim/ {
proxy_pass http://scim:5000/;
}
{{/if}}
include /etc/bitwarden/nginx/extra-locations/*.conf;
}
Reference in New Issue View Git Blame Copy Permalink