initial upload

linuxserver · Nov 19, 2018 · f2c8d54 · f2c8d54
1 parent c91aa85
commit f2c8d54
Show file tree

Hide file tree

Showing 74 changed files with 2,038 additions and 1 deletion.
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,17 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Custom for Visual Studio
+*.cs     diff=csharp
+
+# Standard to msysgit
+*.doc	 diff=astextplain
+*.DOC	 diff=astextplain
+*.docx diff=astextplain
+*.DOCX diff=astextplain
+*.dot  diff=astextplain
+*.DOT  diff=astextplain
+*.pdf  diff=astextplain
+*.PDF	 diff=astextplain
+*.rtf	 diff=astextplain
+*.RTF	 diff=astextplain
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,21 @@
+<!--- Provide a general summary of the issue in the Title above -->
+
+[linuxserverurl]: https://linuxserver.io
+[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
+
+
+<!--- If you have an issue with the project, please provide us with the following information -->
+
+<!---  Host OS -->
+<!--- Command line users, your run/create command, GUI/Unraid users, a screenshot of your template settings. -->
+<!--- Docker log output, docker log <container-name>      -->
+<!--- Mention if you're using symlinks on any of the volume mounts. -->
+
+
+<!--- If you have a suggestion or fix for the project, please provide us with the following information -->
+
+<!--- What you think your suggestion brings to the project, or fixes with the project -->
+<!--- If it's a fix, would it be better suited as a Pull request to the repo ? -->
+
+##  Thanks, team linuxserver.io
+
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,15 @@
+<!--- Provide a general summary of your changes in the Title above -->
+
+[linuxserverurl]: https://linuxserver.io
+[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
+
+
+<!--- Before submitting a pull request please check the following -->
+
+<!---  That you have made a branch in your fork, we'd rather not merge from your master -->
+<!---  That if the PR is addressing an existing issue include, closes #<issue number> , in the body of the PR commit message   -->
+<!---  You have included links to any files / patches etc your PR may be using in the body of the PR commit message -->
+<!---  -->
+
+##  Thanks, team linuxserver.io
+
diff --git a/README.md b/README.md
diff --git a/_readme b/_readme
@@ -0,0 +1,36 @@
+This folder contains sample reverse proxy configs for various docker images linuxserver provides. They are grouped in two:
+1. "subfolder" these will allow accessing services at https://yourdomain.com/servicename
+2. "subdomain" these will allow accessing services at https://servicename.yourdomain.com
+
+To enable the reverse proxies:
+1) rename the conf files and remove the ".sample" at the end (ie. "sonarr.subfolder.conf") and 
+2) restart the letsencrypt container
+
+Make sure that your default site config contains the following lines in the appropriate spots as seen in the default version:
+1) for subfolder methods: "include /config/nginx/proxy-confs/*.subfolder.conf;"
+2) for subdomain methods: "include /config/nginx/proxy-confs/*.subdomain.conf;"
+
+To disable the configs, simply rename the files to add back the ".sample" to the end, and restart letsencrypt.
+
+If you are reverse proxying linuxserver containers installed on the same host with the recommended options, you shouldn't 
+need to edit these conf files. However, some files require you to make changes to the service containers such as adding 
+base urls in their settings. Each conf file lists the required changes on the first line.
+
+These confs also assume that the letsencrypt container can reach other containers via their dns hostnames (defaults to 
+container name) resolved via docker's internal dns. This is achieved through having the containers attached to the same 
+user defined docker bridge network. 
+- If you are using docker-compose and the containers are managed through the same yaml file, docker-compose will automatically 
+create a custom network and attach all containers to it. You don't have to do anything extra.
+- If you are starting the containers via command line, first create a bridge network via "docker network create [networkname]"
+and define that network in the container run/create command via "--network [networkname]".
+- If you are using a gui manager like portainer, you can create a custom bridge network in the gui, and select it when creating
+a new container.
+- If you are using unraid, create a custom network in command line via "docker network create [networkname]", then go to docker service settings (under advanced) and 
+set the option "Preserve user defined networks:" to "Yes". Then in each container setting, do one of the following:
+  1) Unraid 6.5.0 or earlier - (under advanced) add "--network=[networkname]" into "Extra Parameters".
+  2) Unraid 6.5.1 or later - in the network type dropdown, select "Custom : [networkname]".
+  You would have to do the above for the letsencrypt container as well, so they are all on the same custom network. The bridge 
+network that unraid uses by default does not allow container to container communication.
+
+If the reverse proxied containers are not reachable via dns or they are running on a different machine, you will have to modify
+these confs to fit your needs.
diff --git a/airsonic.subfolder.conf.sample b/airsonic.subfolder.conf.sample
@@ -0,0 +1,16 @@
+# set the CONTEXT_PATH variable to /airsonic in airsonic container.
+
+location ^~ /airsonic {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_airsonic airsonic;
+    proxy_pass http://$upstream_airsonic:4040;
+}
diff --git a/bazarr.subdomain.conf.sample b/bazarr.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for bazarr and that your bazarr container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name bazarr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_bazarr bazarr;
+        proxy_pass http://$upstream_bazarr:6767;
+    }
+}
diff --git a/bazarr.subfolder.conf.sample b/bazarr.subfolder.conf.sample
@@ -0,0 +1,19 @@
+# first go into bazarr settings, under "General" set the URL Base to /bazarr/ and restart the bazarr container
+
+location /bazarr {
+    return 301 $scheme://$host/bazarr/;
+}
+location ^~ /bazarr/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_bazarr bazarr;
+    proxy_pass http://$upstream_bazarr:6767;
+}
diff --git a/couchpotato.subdomain.conf.sample b/couchpotato.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for couchpotato and that your couchpotato container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name couchpotato.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_couchpotato couchpotato;
+        proxy_pass http://$upstream_couchpotato:5050;
+    }
+}
diff --git a/couchpotato.subfolder.conf.sample b/couchpotato.subfolder.conf.sample
@@ -0,0 +1,16 @@
+# first go into couchpotato settings, under "General" set the URL Base to /couchpotato and restart the couchpotato container
+
+location ^~ /couchpotato {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_couchpotato couchpotato;
+    proxy_pass http://$upstream_couchpotato:5050;
+}
diff --git a/deluge.subdomain.conf.sample b/deluge.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for deluge and that your deluge container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name deluge.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_deluge deluge;
+        proxy_pass http://$upstream_deluge:8112;
+    }
+}
diff --git a/deluge.subfolder.conf.sample b/deluge.subfolder.conf.sample
@@ -0,0 +1,21 @@
+# deluge does not require a base url setting
+
+location /deluge {
+    return 301 $scheme://$host/deluge/;
+}
+location ^~ /deluge/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_deluge deluge;
+    rewrite /deluge(.*) $1 break;
+    proxy_pass http://$upstream_deluge:8112;
+    proxy_set_header X-Deluge-Base "/deluge/";
+}
diff --git a/duplicati.subdomain.conf.sample b/duplicati.subdomain.conf.sample
@@ -0,0 +1,28 @@
+# make sure that your dns has a cname set for duplicati and that your duplicati container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name duplicati.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_duplicati duplicati;
+        proxy_pass http://$upstream_duplicati:8200;
+    }
+}
diff --git a/duplicati.subfolder.conf.sample b/duplicati.subfolder.conf.sample
@@ -0,0 +1,19 @@
+# duplicati does not require a base url setting. DUPLICATI AUTH WILL NOT WORK WITH THIS CONFIG, use the auth options below
+
+location /duplicati {
+    return 301 $scheme://$host/duplicati/;
+}
+location ^~ /duplicati/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_duplicati duplicati;
+    rewrite /duplicati(.*) $1 break;
+    proxy_pass http://$upstream_duplicati:8200;
+}
diff --git a/emby.subdomain.conf.sample b/emby.subdomain.conf.sample
@@ -0,0 +1,26 @@
+# make sure that your dns has a cname set for emby, if emby is running in bridge mode, the below config should work as is, although, 
+# the container name is expected to be "emby", if not, replace the line "set $upstream_emby emby;" with "set $upstream_emby <containername>;"
+# for host mode, replace the line "proxy_pass http://$upstream_emby:8096;" with "proxy_pass http://HOSTIP:8096;" HOSTIP being the IP address of emby
+# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url,
+# and set the "Secure connection mode" to "Handled by reverse proxy"
+
+server {
+    listen 443 ssl;
+
+    server_name emby.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_emby emby;
+        proxy_pass http://$upstream_emby:8096;
+        proxy_set_header Range $http_range;
+        proxy_set_header If-Range $http_if_range;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
diff --git a/emby.subfolder.conf.sample b/emby.subfolder.conf.sample
@@ -0,0 +1,20 @@
+# if emby is running in bridge mode, the below config should work as is, although, the container name is expected to be "emby",
+# if not, replace the line "set $upstream_emby emby;" with "set $upstream_emby <containername>;"
+# for host mode, replace the line "proxy_pass http://$upstream_emby:8096;" with "proxy_pass http://HOSTIP:8096;" HOSTIP being the IP address of emby
+# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url and subdomain,
+# and set the "Secure connection mode" to "Handled by reverse proxy"
+
+location /emby {
+    return 301 $scheme://$host/emby/;
+}
+location ^~ /emby/ {
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_emby emby;
+    proxy_pass http://$upstream_emby:8096;
+
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+}
diff --git a/flood.subdomain.conf.sample b/flood.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for flood and that your flood container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name flood.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_flood flood;
+        proxy_pass http://$upstream_flood:3000;
+    }
+}