Include more proxy examples - vw_small

commit 9cdb605659f557ecfd5a90e00154fb0b58c8ec9b
parent 928e2424c0bfa00bee5d392609a27cb4d08cdf27
Author: Daniel García <dani-garcia@users.noreply.github.com>
Date:   Thu, 13 Sep 2018 17:08:16 +0200

Include more proxy examples

Diffstat:
A PROXY.md  | 81 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
M README.md  | 23 ++---------------------

2 files changed, 83 insertions(+), 21 deletions(-)
diff --git a/PROXY.md b/PROXY.md
@@ -0,0 +1,80 @@
+# Proxy examples
+
+In this document, `<SERVER>` refers to the IP or domain where bitwarden_rs is accessible from. If both the proxy and bitwarden_rs are running in the same system, simply use `localhost`.
+The ports proxied by default are `80` for the web server and `3012` for the WebSocket server. The proxies are configured to listen in port `443` with HTTPS enabled, which is recommended.
+
+When using a proxy, it's preferrable to configure HTTPS at the proxy level and not at the application level, this way the WebSockets connection is also secured.
+
+## Caddy
+
+```nginx
+localhost:443 {
+    # The negotiation endpoint is also proxied to Rocket
+    proxy /notifications/hub/negotiate <SERVER>:80 {
+        transparent
+    }
+    
+    # Notifications redirected to the websockets server
+    proxy /notifications/hub <SERVER>:3012 {
+        websocket
+    }
+    
+    # Proxy the Root directory to Rocket
+    proxy / <SERVER>:80 {
+        transparent
+    }
+
+    tls ${SSLCERTIFICATE} ${SSLKEY}
+}
+```
+
+## Nginx (by shauder)
+```nginx
+server {
+  include conf.d/ssl/ssl.conf;
+
+  listen 443 ssl http2;
+  server_name vault.*;
+
+  location /notifications/hub/negotiate {
+    include conf.d/proxy-confs/proxy.conf;
+    proxy_pass http://<SERVER>:80;
+  }
+
+  location / {
+    include conf.d/proxy-confs/proxy.conf;
+    proxy_pass http://<SERVER>:80;
+  }
+
+  location /notifications/hub {
+    proxy_pass http://<SERVER>:3012/api/websocket;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+  }
+}
+```
+
+## Apache (by fbartels)
+```apache
+<VirtualHost *:443>
+    SSLEngine on
+    ServerName bitwarden.$hostname.$domainname
+
+    SSLCertificateFile ${SSLCERTIFICATE}
+    SSLCertificateKeyFile ${SSLKEY}
+    SSLCACertificateFile ${SSLCA}
+    ${SSLCHAIN}
+
+    ErrorLog \${APACHE_LOG_DIR}/bitwarden-error.log
+    CustomLog \${APACHE_LOG_DIR}/bitwarden-access.log combined
+
+    RewriteEngine On
+    RewriteCond %{HTTP:Upgrade} =websocket [NC]
+    RewriteRule /(.*)           ws://<SERVER>:3012/$1 [P,L]
+
+    ProxyPass / http://<SERVER>:80/
+
+    ProxyPreserveHost On
+    ProxyRequests Off
+</VirtualHost>
+```
+\ No newline at end of file
diff --git a/README.md b/README.md
@@ -184,26 +184,7 @@ To enable WebSockets notifications, an external reverse proxy is necessary, and 
 - Route everything else, including `/notifications/hub/negotiate`, to the standard Rocket server, by default at port `80`.
 - If using Docker, you may need to map both ports with the `-p` flag
 
-An example configuration is included next for a [Caddy](https://caddyserver.com/) proxy server, and assumes the proxy is running in the same computer as `bitwarden_rs`:
-
-```r
-localhost:2015 {
-    # The negotiation endpoint is also proxied to Rocket
-    proxy /notifications/hub/negotiate 0.0.0.0:80 {
-        transparent
-    }
-    
-    # Notifications redirected to the websockets server
-    proxy /notifications/hub 0.0.0.0:3012 {
-        websocket
-    }
-    
-    # Proxy the Root directory to Rocket
-    proxy / 0.0.0.0:80 {
-        transparent
-    }
-}
-```
+Example configurations are included in the [PROXY.md](https://github.com/dani-garcia/bitwarden_rs/blob/master/PROXY.md) file.
 
 Note: The reason for this workaround is the lack of support for WebSockets from Rocket (though [it's a planned feature](https://github.com/SergioBenitez/Rocket/issues/90)), which forces us to launch a secondary server on a separate port.
 
@@ -380,7 +361,7 @@ docker build -t bitwarden_rs .
 
 ## Building binary
 
-For building binary outside the Docker environment and running it locally without docker, please see [build instructions](BUILD.md).
+For building binary outside the Docker environment and running it locally without docker, please see [build instructions](https://github.com/dani-garcia/bitwarden_rs/blob/master/BUILD.md).
 
 ## Available packages

	vw_small Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
	git clone https://git.philomathiclife.com/repos/vw_small
	Log \| Files \| Refs \| README

A	PROXY.md	\|	81	+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
M	README.md	\|	23	++---------------------