diff --git a/qbittorrent.subdomain.conf.sample b/qbittorrent.subdomain.conf.sample index c7c8dd6f1..4dd6135c7 100644 --- a/qbittorrent.subdomain.conf.sample +++ b/qbittorrent.subdomain.conf.sample @@ -1,6 +1,14 @@ -## Version 2023/09/05 +## Version 2023/10/10 # make sure that your qbittorrent container is named qbittorrent # make sure that your dns has a cname set for qbittorrent +# Api and related location bypasses are now commented out by default +# due to users easily misconfiguring qbittorrent to allow +# public access through the api endpoint by including SWAG in +# "Bypass authentication for clients in whitelisted IP subnets", +# which results in all connections through SWAG to be considered +# local and bypassing auth, which also applies to qbittorrent's +# api endpoint (webui api) +# enable at your own risk server { listen 443 ssl http2; @@ -47,108 +55,108 @@ server { proxy_set_header X-Forwarded-Host $host; } - location ~ (/qbittorrent)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } - - location ~ (/qbittorrent)?/command { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } - - location ~ (/qbittorrent)?/css { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } - - location ~ (/qbittorrent)?/query { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } - - location ~ (/qbittorrent)?/login { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } - - location ~ (/qbittorrent)?/sync { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } - - location ~ (/qbittorrent)?/scripts { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } + # location ~ (/qbittorrent)?/api { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # rewrite /qbittorrent(.*) $1 break; + + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } + + # location ~ (/qbittorrent)?/command { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # rewrite /qbittorrent(.*) $1 break; + + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } + + # location ~ (/qbittorrent)?/css { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # rewrite /qbittorrent(.*) $1 break; + + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } + + # location ~ (/qbittorrent)?/query { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # rewrite /qbittorrent(.*) $1 break; + + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } + + # location ~ (/qbittorrent)?/login { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # rewrite /qbittorrent(.*) $1 break; + + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } + + # location ~ (/qbittorrent)?/sync { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # rewrite /qbittorrent(.*) $1 break; + + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } + + # location ~ (/qbittorrent)?/scripts { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # rewrite /qbittorrent(.*) $1 break; + + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } } diff --git a/qbittorrent.subfolder.conf.sample b/qbittorrent.subfolder.conf.sample index a1bc0c6ad..d0bd429bc 100644 --- a/qbittorrent.subfolder.conf.sample +++ b/qbittorrent.subfolder.conf.sample @@ -1,6 +1,14 @@ -## Version 2023/09/05 +## Version 2023/10/10 # make sure that your qbittorrent container is named qbittorrent # qbittorrent does not require a base url setting +# Api and related location bypasses are now commented out by default +# due to users easily misconfiguring qbittorrent to allow +# public access through the api endpoint by including SWAG in +# "Bypass authentication for clients in whitelisted IP subnets", +# which results in all connections through SWAG to be considered +# local and bypassing auth, which also applies to qbittorrent's +# api endpoint (webui api) +# enable at your own risk location /qbittorrent { return 301 $scheme://$host/qbittorrent/; @@ -34,107 +42,107 @@ location ^~ /qbittorrent/ { proxy_set_header X-Forwarded-Host $host; } -location ^~ /qbittorrent/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} - -location ^~ /qbittorrent/command { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} - -location ^~ /qbittorrent/css { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} - -location ^~ /qbittorrent/query { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} - -location ^~ /qbittorrent/login { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} - -location ^~ /qbittorrent/sync { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} - -location ^~ /qbittorrent/scripts { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} +# location ^~ /qbittorrent/api { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +# rewrite /qbittorrent(.*) $1 break; + +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } + +# location ^~ /qbittorrent/command { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +# rewrite /qbittorrent(.*) $1 break; + +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } + +# location ^~ /qbittorrent/css { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +# rewrite /qbittorrent(.*) $1 break; + +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } + +# location ^~ /qbittorrent/query { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +# rewrite /qbittorrent(.*) $1 break; + +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } + +# location ^~ /qbittorrent/login { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +# rewrite /qbittorrent(.*) $1 break; + +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } + +# location ^~ /qbittorrent/sync { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +# rewrite /qbittorrent(.*) $1 break; + +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } + +# location ^~ /qbittorrent/scripts { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +# rewrite /qbittorrent(.*) $1 break; + +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# }