restrict vaultwarden admin page to LAN

linuxserver · Sep 7, 2024 · 9e4091a · 9e4091a
1 parent 3f5dd87
commit 9e4091a
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/vaultwarden.subdomain.conf.sample b/vaultwarden.subdomain.conf.sample
@@ -62,6 +62,13 @@ server {
         # enable for Authentik (requires authentik-server.conf in the server block)
         #include /config/nginx/authentik-location.conf;
 
+        # if you enable admin page via ADMIN_TOKEN env variable
+        # consider restricting access to LAN only via uncommenting the following lines
+        #allow 10.0.0.0/8;
+        #allow 172.16.0.0/12;
+        #allow 192.168.0.0/16;
+        #deny all;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app vaultwarden;

diff --git a/vaultwarden.subfolder.conf.sample b/vaultwarden.subfolder.conf.sample
@@ -49,6 +49,13 @@ location ~  ^(/vaultwarden)?/admin {
     # enable for Authentik (requires authentik-server.conf in the server block)
     #include /config/nginx/authentik-location.conf;
 
+    # if you enable admin page via ADMIN_TOKEN env variable
+    # consider restricting access to LAN only via uncommenting the following lines
+    #allow 10.0.0.0/8;
+    #allow 172.16.0.0/12;
+    #allow 192.168.0.0/16;
+    #deny all;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app vaultwarden;