androidovshchik/.conf

## .conf
# Needed to support websocket connections
# See: https://nginx.org/en/docs/http/websocket.html
# Instead of "close" as stated in the above link we send an empty value.
# Else all keepalive connections will not work.
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      "";
}

# Redirect HTTP to HTTPS
server {
    listen 8000;
    listen [::]:8000;
    server_name localhost;
    return 301 https://$host$request_uri;
}

server {
    # For older versions of nginx appened http2 to the listen line after ssl and remove `http2 on`
    listen 8443 ssl;
    listen [::]:8443 ssl;
    http2 on;
    server_name localhost;

    # Specify SSL Config when needed
    #ssl_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;
    #ssl_certificate_key /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/privkey.pem;
    #ssl_trusted_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;

    client_max_body_size 128M;

    location / {
      proxy_pass http://127.0.0.1:8000;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /notifications/hub {
      proxy_pass http://127.0.0.1:3012;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }

    location /notifications/hub/negotiate {
      proxy_pass http://127.0.0.1:8000;
    }

    # Optionally add extra authentication besides the ADMIN_TOKEN
    # Remove the comments below `#` and create the htpasswd_file to have it active
    #
    #location /admin {
    #  # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
    #  auth_basic "Private";
    #  auth_basic_user_file /path/to/htpasswd_file;
    #
    #  proxy_http_version 1.1;
    #  proxy_set_header Upgrade $http_upgrade;
    #  proxy_set_header Connection $connection_upgrade;
    #
    #  proxy_set_header Host $host;
    #  proxy_set_header X-Real-IP $remote_addr;
    #  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #  proxy_set_header X-Forwarded-Proto $scheme;
    #
    #  proxy_pass http://vaultwarden-default;
    #}
}

## gistfile1.txt
apt update
apt -y install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
apt update
apt -y install docker-ce

apt -y install git
adduser git
mkdir /usr/local/git
chown git:git /usr/local/git
su -l git
cd /usr/local/git
git init --bare secret.git

docker pull vaultwarden/server:latest
docker run -d --name vaultwarden -e WEBSOCKET_ENABLED=true -v /vw-data:/data -p 127.0.0.1:8000:80 -p 127.0.0.1:8443:443 --restart always vaultwarden/server:latest

apt -y install nginx
nano /etc/nginx/conf.d/vaultwarden.conf

mkdir ~/vaultwarden
cd ~/vaultwarden
nano docker-compose.yml
nano Caddyfile
docker-compose up -d
	# Needed to support websocket connections
	# See: https://nginx.org/en/docs/http/websocket.html
	# Instead of "close" as stated in the above link we send an empty value.
	# Else all keepalive connections will not work.
	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' "";
	}

	# Redirect HTTP to HTTPS
	server {
	listen 8000;
	listen [::]:8000;
	server_name localhost;
	return 301 https://$host$request_uri;
	}

	server {
	# For older versions of nginx appened http2 to the listen line after ssl and remove `http2 on`
	listen 8443 ssl;
	listen [::]:8443 ssl;
	http2 on;
	server_name localhost;

	# Specify SSL Config when needed
	#ssl_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;
	#ssl_certificate_key /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/privkey.pem;
	#ssl_trusted_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;

	client_max_body_size 128M;

	location / {
	proxy_pass http://127.0.0.1:8000;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}

	location /notifications/hub {
	proxy_pass http://127.0.0.1:3012;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	}

	location /notifications/hub/negotiate {
	proxy_pass http://127.0.0.1:8000;
	}

	# Optionally add extra authentication besides the ADMIN_TOKEN
	# Remove the comments below `#` and create the htpasswd_file to have it active
	#
	#location /admin {
	# # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
	# auth_basic "Private";
	# auth_basic_user_file /path/to/htpasswd_file;
	#
	# proxy_http_version 1.1;
	# proxy_set_header Upgrade $http_upgrade;
	# proxy_set_header Connection $connection_upgrade;
	#
	# proxy_set_header Host $host;
	# proxy_set_header X-Real-IP $remote_addr;
	# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	# proxy_set_header X-Forwarded-Proto $scheme;
	#
	# proxy_pass http://vaultwarden-default;
	#}
	}
	apt update
	apt -y install apt-transport-https ca-certificates curl software-properties-common
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| sudo apt-key add -
	add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
	apt update
	apt -y install docker-ce

	apt -y install git
	adduser git
	mkdir /usr/local/git
	chown git:git /usr/local/git
	su -l git
	cd /usr/local/git
	git init --bare secret.git

	docker pull vaultwarden/server:latest
	docker run -d --name vaultwarden -e WEBSOCKET_ENABLED=true -v /vw-data:/data -p 127.0.0.1:8000:80 -p 127.0.0.1:8443:443 --restart always vaultwarden/server:latest

	apt -y install nginx
	nano /etc/nginx/conf.d/vaultwarden.conf

	mkdir ~/vaultwarden
	cd ~/vaultwarden
	nano docker-compose.yml
	nano Caddyfile
	docker-compose up -d