bitwarden_rs: Deploy Bitwarden_rs using Docker

The *bitwarden_rs* role sets up the Bitwarden_rs server using its official Docker container. It sets up Apache as a reverse proxy for TLS support.
2019-09-19 17:21:09 -05:00
parent 1f535e980f
commit 14cb924ba7
7 changed files with 88 additions and 0 deletions
--- a/roles/bitwarden_rs/templates/bitwarden.httpd.conf.j2
+++ b/roles/bitwarden_rs/templates/bitwarden.httpd.conf.j2
@@ -0,0 +1,27 @@
+RewriteEngine On
+RewriteCond %{HTTPS} !on
+RewriteRule /.* https://%{SERVER_NAME}$0
+
+<VirtualHost _default_:443>
+Include conf.d/ssl.include
+
+SSLCertificateFile {{ apache_ssl_certificate }}
+SSLCertificateKeyFile {{ apache_ssl_certificate_key }}
+SSLCertificateChainFile {{ apache_ssl_certificate }}
+{% if apache_ssl_ca_certificate is defined %}
+SSLCACertificateFile {{ apache_ssl_ca_certificate }}
+{% endif %}
+
+Header always set \
+	Strict-Transport-Security "max-age=63072000; includeSubDomains"
+
+RewriteEngine On
+RewriteCond %{HTTP:Upgrade} =websocket [NC]
+RewriteRule /notifications/hub(.*) ws://localhost:3012/$1 [QSA,P,L]
+
+ProxyPreserveHost On
+ProxyRequests Off
+ProxyPass / http://localhost:8080/
+ProxyPassReverse / http://localhost:8080/
+RequestHeader set X-Real-IP %{REMOTE_ADDR}s
+</VirtualHost>