Vaultwarden suddenly fails behind nginx proxy manager

was running on an internal server behind with a certificate, and the setup worked for more than a year. A few days ago, access stopped from every device and browser.

Running curl against the address returns a TLS connection error that appears to involve SNI checking. The current setup runs on the host network and forwards HTTP traffic to 127.0.0.1 on port 18000.

The SSL settings have Force SSL, HTTP/2, HSTS, and HSTS subdomains enabled. Common exploit blocking and Websocket support are also enabled, and the advanced proxy settings include disabled buffering, no request body size limit, HTTP 1.1, and upgrade header forwarding.

Key points

  • is listening internally on port 18000.
  • forwards external HTTPS traffic to the internal HTTP service.
  • Access fails from all devices and browsers.
  • curl shows a TLS connection failure related to SNI.
  • Force SSL, HTTP/2, HSTS, and Websocket support are enabled.
Read original