Hello
I recently added vaultwarden as a new virtualhost with proxy and websocket configured.
Now i want to restrict the "/admin" URI to the LAN subnet only.
So i added a static context with /admin, allowed the LAN and denied everything else with "ALL".
But instead it's just allowing every IP, as if the context was not even there.
What could be wrong ?
This is my full vhost config :
I recently added vaultwarden as a new virtualhost with proxy and websocket configured.
Now i want to restrict the "/admin" URI to the LAN subnet only.
So i added a static context with /admin, allowed the LAN and denied everything else with "ALL".
But instead it's just allowing every IP, as if the context was not even there.
What could be wrong ?
This is my full vhost config :
Code:
docRoot /empty
enableGzip 0
enableBr 0
enableIpGeo 0
errorlog {
useServer 1
logLevel ERROR
}
accesslog /dev/shm/logs/web/vaultwarden.log {
useServer 0
compressArchive 0
}
extprocessor vaultwarden_backend {
type proxy
address [::1]:3001
maxConns 100
pcKeepAliveTimeout -1
initTimeout 3
retryTimeout 3
respBuffer 0
}
context /admin {
autoIndex 0
accessControl {
allow fd00:0:0:1::/64
deny ALL
}
rewrite {
enable 0
inherit 0
}
addDefaultCharset off
}
context / {
type proxy
handler vaultwarden_backend
extraHeaders set Strict-Transport-Security "max-age=15552000; preload"
addDefaultCharset off
}
vhssl {
keyFile /mnt/ssd/encrypted/acme-sh-certs/vaultwarden/key.pem
certFile /mnt/ssd/encrypted/acme-sh-certs/vaultwarden/fullchain.crt
certChain 1
}
websocket / {
address [::1]:3001
}