Minor updates / tweaks

Fix nginx headers for vaultwarden
2026-01-19 18:55:02 -06:00 · 2026-01-19 18:54:31 -06:00
4 changed files with 27 additions and 14 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 .env
+*.env
 authelia/secrets/
 authelia/notification.txt
 authelia/db.sqlite3
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -222,6 +222,7 @@ services:
      SMTP_FROM: bitwarden@loadingm.xyz
      SMTP_SECURITY: off
      SIGNUPS_ALLOWED: false
+      # ADMIN_TOKEN: "google straining barracuda prescribe augmented bucket"
    networks:
      - bitwarden
      - mail
--- a/jellyfin-compose.yaml
+++ b/jellyfin-compose.yaml
@@ -151,8 +151,8 @@ services:
    restart: unless-stopped
    group_add:
      - '993'
-    # devices:
-    #   - /dev/dri/renderD128:/dev/dri/renderD128
+    devices:
+      - /dev/dri/renderD128:/dev/dri/renderD128
    # runtime: nvidia
    # deploy:
    #   resources:
--- a/nginx/sites-enabled/bitwarden
+++ b/nginx/sites-enabled/bitwarden
@@ -40,21 +40,33 @@ server {
    # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
    # Enforces https content and restricts JS/CSS to origin
    # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
-    set $CSP "default-src https: data: blob:";
-    set $CSP "$CSP; img-src 'self' https://* data:";
-    set $CSP "$CSP; style-src 'self' 'unsafe-inline' data:";
-    set $CSP "$CSP; style-src-elem 'self' 'unsafe-inline' data:";
-    set $CSP "$CSP; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtubse.com blob: data:";
-    set $CSP "$CSP; worker-src 'self' blob: data:";
-    set $CSP "$CSP; connect-src 'self' data:";
-    set $CSP "$CSP; object-src 'none' data:";
-    set $CSP "$CSP; frame-ancestors 'self' data:";
-    set $CSP "$CSP; font-src 'self' data:";
-    add_header Content-Security-Policy $CSP;
+    # set $CSP "default-src https: data: blob:";
+    # set $CSP "$CSP; img-src 'self' https://* data:";
+    # set $CSP "$CSP; style-src 'self' 'unsafe-inline' data:";
+    # set $CSP "$CSP; style-src-elem 'self' 'unsafe-inline' data:";
+    # set $CSP "$CSP; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtubse.com blob: data:";
+    # set $CSP "$CSP; worker-src 'self' blob: data:";
+    # set $CSP "$CSP; connect-src 'self' data:";
+    # set $CSP "$CSP; object-src 'none' data:";
+    # set $CSP "$CSP; frame-ancestors 'self' data:";
+    # set $CSP "$CSP; font-src 'self' data:";
+    # add_header Content-Security-Policy $CSP;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
+    location /notifications/hub {
+        proxy_pass http://bitwarden:80;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }

    location / {
        # Proxy main bitwarden traffic
@@ -65,7 +77,6 @@ server {
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
-        proxy_hide_header Content-Security-Policy;

        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
        proxy_buffering off;
Author	SHA1	Message	Date
Matthew Pomes	437de6be67	Minor updates / tweaks	2026-01-19 18:55:02 -06:00
Matthew Pomes	bf652175f9	Fix nginx headers for vaultwarden	2026-01-19 18:54:31 -06:00