the whole server block is not needed. should be fine to use location section only. As well you need to disable HTTPS on vaultwarden, to allow HTTP connection. We did something similar for lighttpd Confused Reverse proxy and vaultwarden - #45 by IIMustangII1151 and Confused Reverse proxy and vaultwarden - #21 by Joulinar
nano /mnt/dietpi_userdata/vaultwarden/vaultwarden.env
change the following things
IP_HEADER=X-Forwarded-For
WEBSOCKET_ENABLED=true
WEBSOCKET_ADDRESS=0.0.0.0
WEBSOCKET_PORT=3012
DOMAIN=> [https://domain.com](https://domain.com/)
#ROCKET_TLS={certs="./cert.pem",key="./privkey.pem"}