Caddy notes

1. Vaultwarden

If using Cloudflare proxy, we need to set X-Real-IP header to that of the remote host (not Cloudflare):

@vw host bitwarden.domain.com
handle @vw {
  handle_path /notifications/hub/negotiate/ {
	 reverse_proxy localhost:9000
	 header_up X-Real-IP {http.request.header.CF-Connecting-IP}
  }

  handle_path /notifications/hub/ {
	 reverse_proxy localhost:3012
	 header_up X-Real-IP {http.request.header.CF-Connecting-IP}
  }

  reverse_proxy localhost:9000 {
	 header_up X-Real-IP {http.request.header.CF-Connecting-IP}
  }
}

This also appears to let websockets work properly as well (no errors from vaultwarden::api::notifications.

2. Rewriting headers for Cloudflare (ref)

reverse_proxy localhost:9999 {

header_up X-Real-IP {http.request.header.CF-Connecting-IP}
header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
header_up X-Forwarded-Host {http.request.hostport}
}

Eddie Chua

Caddy notes

1. Vaultwarden

2. Rewriting headers for Cloudflare (ref)

You May Also Enjoy

Serving Python Flask App with Gunicorn and Nginx

decrypt pdf

fail2ban notes

Installing dockerized Mailcow with custom ssl certificates