diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..bdb0cabc8 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,17 @@ +# Auto detect text files and perform LF normalization +* text=auto + +# Custom for Visual Studio +*.cs diff=csharp + +# Standard to msysgit +*.doc diff=astextplain +*.DOC diff=astextplain +*.docx diff=astextplain +*.DOCX diff=astextplain +*.dot diff=astextplain +*.DOT diff=astextplain +*.pdf diff=astextplain +*.PDF diff=astextplain +*.rtf diff=astextplain +*.RTF diff=astextplain diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 000000000..c73c33be1 --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,21 @@ + + +[linuxserverurl]: https://linuxserver.io +[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl] + + + + + + + + + + + + + + + +## Thanks, team linuxserver.io + diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 000000000..f6a6381da --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,15 @@ + + +[linuxserverurl]: https://linuxserver.io +[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl] + + + + + + + + + +## Thanks, team linuxserver.io + diff --git a/README.md b/README.md deleted file mode 100644 index ab58ff0ee..000000000 --- a/README.md +++ /dev/null @@ -1 +0,0 @@ -# reverse-proxy-confs \ No newline at end of file diff --git a/_readme b/_readme new file mode 100644 index 000000000..1f234c916 --- /dev/null +++ b/_readme @@ -0,0 +1,36 @@ +This folder contains sample reverse proxy configs for various docker images linuxserver provides. They are grouped in two: +1. "subfolder" these will allow accessing services at https://yourdomain.com/servicename +2. "subdomain" these will allow accessing services at https://servicename.yourdomain.com + +To enable the reverse proxies: +1) rename the conf files and remove the ".sample" at the end (ie. "sonarr.subfolder.conf") and +2) restart the letsencrypt container + +Make sure that your default site config contains the following lines in the appropriate spots as seen in the default version: +1) for subfolder methods: "include /config/nginx/proxy-confs/*.subfolder.conf;" +2) for subdomain methods: "include /config/nginx/proxy-confs/*.subdomain.conf;" + +To disable the configs, simply rename the files to add back the ".sample" to the end, and restart letsencrypt. + +If you are reverse proxying linuxserver containers installed on the same host with the recommended options, you shouldn't +need to edit these conf files. However, some files require you to make changes to the service containers such as adding +base urls in their settings. Each conf file lists the required changes on the first line. + +These confs also assume that the letsencrypt container can reach other containers via their dns hostnames (defaults to +container name) resolved via docker's internal dns. This is achieved through having the containers attached to the same +user defined docker bridge network. +- If you are using docker-compose and the containers are managed through the same yaml file, docker-compose will automatically +create a custom network and attach all containers to it. You don't have to do anything extra. +- If you are starting the containers via command line, first create a bridge network via "docker network create [networkname]" +and define that network in the container run/create command via "--network [networkname]". +- If you are using a gui manager like portainer, you can create a custom bridge network in the gui, and select it when creating +a new container. +- If you are using unraid, create a custom network in command line via "docker network create [networkname]", then go to docker service settings (under advanced) and +set the option "Preserve user defined networks:" to "Yes". Then in each container setting, do one of the following: + 1) Unraid 6.5.0 or earlier - (under advanced) add "--network=[networkname]" into "Extra Parameters". + 2) Unraid 6.5.1 or later - in the network type dropdown, select "Custom : [networkname]". + You would have to do the above for the letsencrypt container as well, so they are all on the same custom network. The bridge +network that unraid uses by default does not allow container to container communication. + +If the reverse proxied containers are not reachable via dns or they are running on a different machine, you will have to modify +these confs to fit your needs. diff --git a/airsonic.subfolder.conf.sample b/airsonic.subfolder.conf.sample new file mode 100644 index 000000000..cda980885 --- /dev/null +++ b/airsonic.subfolder.conf.sample @@ -0,0 +1,16 @@ +# set the CONTEXT_PATH variable to /airsonic in airsonic container. + +location ^~ /airsonic { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_airsonic airsonic; + proxy_pass http://$upstream_airsonic:4040; +} diff --git a/bazarr.subdomain.conf.sample b/bazarr.subdomain.conf.sample new file mode 100644 index 000000000..b3990d2da --- /dev/null +++ b/bazarr.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for bazarr and that your bazarr container is not using a base url + +server { + listen 443 ssl; + + server_name bazarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_bazarr bazarr; + proxy_pass http://$upstream_bazarr:6767; + } +} diff --git a/bazarr.subfolder.conf.sample b/bazarr.subfolder.conf.sample new file mode 100644 index 000000000..50ac52a60 --- /dev/null +++ b/bazarr.subfolder.conf.sample @@ -0,0 +1,19 @@ +# first go into bazarr settings, under "General" set the URL Base to /bazarr/ and restart the bazarr container + +location /bazarr { + return 301 $scheme://$host/bazarr/; +} +location ^~ /bazarr/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_bazarr bazarr; + proxy_pass http://$upstream_bazarr:6767; +} diff --git a/couchpotato.subdomain.conf.sample b/couchpotato.subdomain.conf.sample new file mode 100644 index 000000000..72a3d74e3 --- /dev/null +++ b/couchpotato.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for couchpotato and that your couchpotato container is not using a base url + +server { + listen 443 ssl; + + server_name couchpotato.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_couchpotato couchpotato; + proxy_pass http://$upstream_couchpotato:5050; + } +} diff --git a/couchpotato.subfolder.conf.sample b/couchpotato.subfolder.conf.sample new file mode 100644 index 000000000..99229d727 --- /dev/null +++ b/couchpotato.subfolder.conf.sample @@ -0,0 +1,16 @@ +# first go into couchpotato settings, under "General" set the URL Base to /couchpotato and restart the couchpotato container + +location ^~ /couchpotato { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_couchpotato couchpotato; + proxy_pass http://$upstream_couchpotato:5050; +} diff --git a/deluge.subdomain.conf.sample b/deluge.subdomain.conf.sample new file mode 100644 index 000000000..3e718f1b8 --- /dev/null +++ b/deluge.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for deluge and that your deluge container is not using a base url + +server { + listen 443 ssl; + + server_name deluge.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_deluge deluge; + proxy_pass http://$upstream_deluge:8112; + } +} diff --git a/deluge.subfolder.conf.sample b/deluge.subfolder.conf.sample new file mode 100644 index 000000000..f5004ef59 --- /dev/null +++ b/deluge.subfolder.conf.sample @@ -0,0 +1,21 @@ +# deluge does not require a base url setting + +location /deluge { + return 301 $scheme://$host/deluge/; +} +location ^~ /deluge/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_deluge deluge; + rewrite /deluge(.*) $1 break; + proxy_pass http://$upstream_deluge:8112; + proxy_set_header X-Deluge-Base "/deluge/"; +} diff --git a/duplicati.subdomain.conf.sample b/duplicati.subdomain.conf.sample new file mode 100644 index 000000000..bde26db9d --- /dev/null +++ b/duplicati.subdomain.conf.sample @@ -0,0 +1,28 @@ +# make sure that your dns has a cname set for duplicati and that your duplicati container is not using a base url + +server { + listen 443 ssl; + + server_name duplicati.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + resolver 127.0.0.11 valid=30s; + set $upstream_duplicati duplicati; + proxy_pass http://$upstream_duplicati:8200; + } +} diff --git a/duplicati.subfolder.conf.sample b/duplicati.subfolder.conf.sample new file mode 100644 index 000000000..1e6587615 --- /dev/null +++ b/duplicati.subfolder.conf.sample @@ -0,0 +1,19 @@ +# duplicati does not require a base url setting. DUPLICATI AUTH WILL NOT WORK WITH THIS CONFIG, use the auth options below + +location /duplicati { + return 301 $scheme://$host/duplicati/; +} +location ^~ /duplicati/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + resolver 127.0.0.11 valid=30s; + set $upstream_duplicati duplicati; + rewrite /duplicati(.*) $1 break; + proxy_pass http://$upstream_duplicati:8200; +} diff --git a/emby.subdomain.conf.sample b/emby.subdomain.conf.sample new file mode 100644 index 000000000..98f3a8319 --- /dev/null +++ b/emby.subdomain.conf.sample @@ -0,0 +1,26 @@ +# make sure that your dns has a cname set for emby, if emby is running in bridge mode, the below config should work as is, although, +# the container name is expected to be "emby", if not, replace the line "set $upstream_emby emby;" with "set $upstream_emby ;" +# for host mode, replace the line "proxy_pass http://$upstream_emby:8096;" with "proxy_pass http://HOSTIP:8096;" HOSTIP being the IP address of emby +# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url, +# and set the "Secure connection mode" to "Handled by reverse proxy" + +server { + listen 443 ssl; + + server_name emby.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_emby emby; + proxy_pass http://$upstream_emby:8096; + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} diff --git a/emby.subfolder.conf.sample b/emby.subfolder.conf.sample new file mode 100644 index 000000000..a6220df46 --- /dev/null +++ b/emby.subfolder.conf.sample @@ -0,0 +1,20 @@ +# if emby is running in bridge mode, the below config should work as is, although, the container name is expected to be "emby", +# if not, replace the line "set $upstream_emby emby;" with "set $upstream_emby ;" +# for host mode, replace the line "proxy_pass http://$upstream_emby:8096;" with "proxy_pass http://HOSTIP:8096;" HOSTIP being the IP address of emby +# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url and subdomain, +# and set the "Secure connection mode" to "Handled by reverse proxy" + +location /emby { + return 301 $scheme://$host/emby/; +} +location ^~ /emby/ { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_emby emby; + proxy_pass http://$upstream_emby:8096; + + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; +} diff --git a/flood.subdomain.conf.sample b/flood.subdomain.conf.sample new file mode 100644 index 000000000..9f88c59a0 --- /dev/null +++ b/flood.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for flood and that your flood container is not using a base url + +server { + listen 443 ssl; + + server_name flood.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_flood flood; + proxy_pass http://$upstream_flood:3000; + } +} diff --git a/flood.subfolder.conf.sample b/flood.subfolder.conf.sample new file mode 100644 index 000000000..90b5d76ac --- /dev/null +++ b/flood.subfolder.conf.sample @@ -0,0 +1,20 @@ +# flood does not require a base url setting + +location /flood { + return 301 $scheme://$host/flood/; +} +location ^~ /flood/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_flood flood; + rewrite /flood(.*) $1 break; + proxy_pass http://$upstream_flood:3000; +} diff --git a/headphones.subdomain.conf.sample b/headphones.subdomain.conf.sample new file mode 100644 index 000000000..2a11a16d1 --- /dev/null +++ b/headphones.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for headphones + +server { + listen 443 ssl; + + server_name headphones.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_headphones headphones; + proxy_pass http://$upstream_headphones:8181; + } +} diff --git a/headphones.subfolder.conf.sample b/headphones.subfolder.conf.sample new file mode 100644 index 000000000..775aa3562 --- /dev/null +++ b/headphones.subfolder.conf.sample @@ -0,0 +1,16 @@ +# first stop the headphones container and edit the config.ini for headphones and set http_root to /headphones and then start the headphones container + +location ^~ /headphones { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_headphones headphones; + proxy_pass http://$upstream_headphones:8181; +} diff --git a/heimdall.subdomain.conf.sample b/heimdall.subdomain.conf.sample new file mode 100644 index 000000000..42c9582b5 --- /dev/null +++ b/heimdall.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for heimdall + +server { + listen 443 ssl; + + server_name heimdall.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_heimdall heimdall; + proxy_pass https://$upstream_heimdall:443; + } +} diff --git a/jackett.subdomain.conf.sample b/jackett.subdomain.conf.sample new file mode 100644 index 000000000..b2449a171 --- /dev/null +++ b/jackett.subdomain.conf.sample @@ -0,0 +1,36 @@ +# make sure that your dns has a cname set for jackett and that your jackett container is not using a base url + +server { + listen 443 ssl; + + server_name jackett.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_jackett jackett; + proxy_pass http://$upstream_jackett:9117; + } + + location ~ (/jackett)?/(api|dl) { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_jackett jackett; + proxy_pass http://$upstream_jackett:9117; + } +} diff --git a/jackett.subfolder.conf.sample b/jackett.subfolder.conf.sample new file mode 100644 index 000000000..42464caca --- /dev/null +++ b/jackett.subfolder.conf.sample @@ -0,0 +1,23 @@ +# first go into jackett settings, set the URL Base to /jackett and restart the jackett container + +location /jackett { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_jackett jackett; + proxy_pass http://$upstream_jackett:9117; +} + +location ~ /jackett/(api|dl) { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_jackett jackett; + proxy_pass http://$upstream_jackett:9117; +} diff --git a/lazylibrarian.subdomain.conf.sample b/lazylibrarian.subdomain.conf.sample new file mode 100644 index 000000000..ff9c4f43e --- /dev/null +++ b/lazylibrarian.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for lazylibrarian + +server { + listen 443 ssl; + + server_name lazylibrarian.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_lazylibrarian lazylibrarian; + proxy_pass http://$upstream_lazylibrarian:5299; + } +} diff --git a/lazylibrarian.subfolder.conf.sample b/lazylibrarian.subfolder.conf.sample new file mode 100644 index 000000000..5a4a8c7dc --- /dev/null +++ b/lazylibrarian.subfolder.conf.sample @@ -0,0 +1,16 @@ +# first go into lazylibrarian settings, under "Interface" set the URL Base to /lazylibrarian and restart the lazylibrarian container + +location ^~ /lazylibrarian { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_lazylibrarian lazylibrarian; + proxy_pass http://$upstream_lazylibrarian:5299; +} diff --git a/lidarr.subdomain.conf.sample b/lidarr.subdomain.conf.sample new file mode 100644 index 000000000..c28968c9a --- /dev/null +++ b/lidarr.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for lidarr and that your lidarr container is not using a base url + +server { + listen 443 ssl; + + server_name lidarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_lidarr lidarr; + proxy_pass http://$upstream_lidarr:8686; + } +} diff --git a/lidarr.subfolder.conf.sample b/lidarr.subfolder.conf.sample new file mode 100644 index 000000000..9aef69097 --- /dev/null +++ b/lidarr.subfolder.conf.sample @@ -0,0 +1,16 @@ +# first go into lidarr settings, under "General" set the URL Base to /lidarr and restart the lidarr container + +location ^~ /lidarr { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_lidarr lidarr; + proxy_pass http://$upstream_lidarr:8686; +} diff --git a/medusa.subdomain.conf.sample b/medusa.subdomain.conf.sample new file mode 100644 index 000000000..5dc2e6813 --- /dev/null +++ b/medusa.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for medusa + +server { + listen 443 ssl; + + server_name medusa.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_medusa medusa; + proxy_pass http://$upstream_medusa:8081; + } +} diff --git a/medusa.subfolder.conf.sample b/medusa.subfolder.conf.sample new file mode 100644 index 000000000..acda80170 --- /dev/null +++ b/medusa.subfolder.conf.sample @@ -0,0 +1,16 @@ +# first go into medusa settings, under "Interface" set the URL Base to /medusa and restart the medusa container + +location ^~ /medusa { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_medusa medusa; + proxy_pass http://$upstream_medusa:8081; +} diff --git a/monitorr.subdomain.conf.sample b/monitorr.subdomain.conf.sample new file mode 100644 index 000000000..7fe3f22ce --- /dev/null +++ b/monitorr.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for monitorr + +server { + listen 443 ssl; + + server_name monitorr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_monitorr monitorr; + proxy_pass http://$upstream_monitorr:80; + } +} diff --git a/monitorr.subfolder.conf.sample b/monitorr.subfolder.conf.sample new file mode 100644 index 000000000..b3892252c --- /dev/null +++ b/monitorr.subfolder.conf.sample @@ -0,0 +1,16 @@ +# monitorr does not require a base url setting + +location ^~ /monitorr { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_monitorr monitorr; + proxy_pass http://$upstream_monitorr:80; +} diff --git a/mylar.subdomain.conf.sample b/mylar.subdomain.conf.sample new file mode 100644 index 000000000..d97cc6186 --- /dev/null +++ b/mylar.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for mylar + +server { + listen 443 ssl; + + server_name mylar.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_mylar mylar; + proxy_pass http://$upstream_mylar:8090; + } +} diff --git a/mylar.subfolder.conf.sample b/mylar.subfolder.conf.sample new file mode 100644 index 000000000..72d0e700d --- /dev/null +++ b/mylar.subfolder.conf.sample @@ -0,0 +1,16 @@ +# first stop the mylar container and edit the config.ini for mylar and set http_root to /mylar and then start the mylar container + +location ^~ /mylar { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_mylar mylar; + proxy_pass http://$upstream_mylar:8090; +} diff --git a/netdata.subdomain.conf.sample b/netdata.subdomain.conf.sample new file mode 100644 index 000000000..04f8ffba3 --- /dev/null +++ b/netdata.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for netdata + +server { + listen 443 ssl; + + server_name netdata.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_netdata netdata; + proxy_pass http://$upstream_netdata:19999; + } +} diff --git a/netdata.subfolder.conf.sample b/netdata.subfolder.conf.sample new file mode 100644 index 000000000..59c3837bd --- /dev/null +++ b/netdata.subfolder.conf.sample @@ -0,0 +1,20 @@ +# netdata does not require a base url setting + +location /netdata { + return 301 $scheme://$host/netdata/; +} +location ^~ /netdata/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_netdata netdata; + rewrite /netdata(.*) $1 break; + proxy_pass http://$upstream_netdata:19999; +} diff --git a/nextcloud.subdomain.conf.sample b/nextcloud.subdomain.conf.sample new file mode 100644 index 000000000..53b693775 --- /dev/null +++ b/nextcloud.subdomain.conf.sample @@ -0,0 +1,31 @@ +# make sure that your dns has a cname set for nextcloud +# assuming this container is called "letsencrypt", edit your nextcloud container's config +# located at /config/www/nextcloud/config/config.php and add the following lines before the ");": +# 'trusted_proxies' => ['letsencrypt'], +# 'overwrite.cli.url' => 'https://nextcloud.your-domain.com/', +# 'overwritehost' => 'nextcloud.your-domain.com', +# 'overwriteprotocol' => 'https', +# +# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: +# array ( +# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. +# 1 => 'nextcloud.your-domain.com', +# ), + +server { + listen 443 ssl; + + server_name nextcloud.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_nextcloud nextcloud; + proxy_max_temp_file_size 2048m; + proxy_pass https://$upstream_nextcloud:443; + } +} diff --git a/nextcloud.subfolder.conf.sample b/nextcloud.subfolder.conf.sample new file mode 100644 index 000000000..3d42ef2b2 --- /dev/null +++ b/nextcloud.subfolder.conf.sample @@ -0,0 +1,40 @@ +# Assuming this container is called "letsencrypt", edit your nextcloud container's config +# located at /config/www/nextcloud/config/config.php and add the following lines before the ");": +# 'trusted_proxies' => ['letsencrypt'], +# 'overwritewebroot' => '/nextcloud', +# 'overwrite.cli.url' => 'https://your-domain.com/nextcloud', +# +# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: +# array ( +# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. +# 1 => 'your-domain.com', +# ), + +# Redirects for DAV clients +location = /.well-known/carddav { + return 301 $scheme://$host/nextcloud/remote.php/dav; +} + +location = /.well-known/caldav { + return 301 $scheme://$host/nextcloud/remote.php/dav; +} + +location /nextcloud { + return 301 $scheme://$host/nextcloud/; +} + +location ^~ /nextcloud/ { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_nextcloud nextcloud; + rewrite /nextcloud(.*) $1 break; + proxy_pass https://$upstream_nextcloud:443; + + proxy_max_temp_file_size 2048m; + + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + proxy_set_header Connection $http_connection; + proxy_redirect off; + proxy_ssl_session_reuse off; +} diff --git a/nzbget.subdomain.conf.sample b/nzbget.subdomain.conf.sample new file mode 100644 index 000000000..5bfb58e43 --- /dev/null +++ b/nzbget.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for nzbget + +server { + listen 443 ssl; + + server_name nzbget.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_nzbget nzbget; + proxy_pass http://$upstream_nzbget:6789; + } +} diff --git a/nzbget.subfolder.conf.sample b/nzbget.subfolder.conf.sample new file mode 100644 index 000000000..ff8523dfb --- /dev/null +++ b/nzbget.subfolder.conf.sample @@ -0,0 +1,16 @@ +# nzbget does not require a base url setting + +location ^~ /nzbget { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_nzbget nzbget; + proxy_pass http://$upstream_nzbget:6789; +} diff --git a/nzbhydra.subdomain.conf.sample b/nzbhydra.subdomain.conf.sample new file mode 100644 index 000000000..1ee662809 --- /dev/null +++ b/nzbhydra.subdomain.conf.sample @@ -0,0 +1,36 @@ +# make sure that your dns has a cname set for nzbhydra and that your nzbhydra container is not using a base url + +server { + listen 443 ssl; + + server_name nzbhydra.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_nzbhydra hydra2; + proxy_pass http://$upstream_nzbhydra:5076; + } + + location ~ (/nzbhydra)?/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_nzbhydra hydra2; + proxy_pass http://$upstream_nzbhydra:5076; + } +} diff --git a/nzbhydra.subfolder.conf.sample b/nzbhydra.subfolder.conf.sample new file mode 100644 index 000000000..3a9cdc021 --- /dev/null +++ b/nzbhydra.subfolder.conf.sample @@ -0,0 +1,23 @@ +# first go into nzbhydra settings, set the URL Base to /nzbhydra and restart the nzbhydra container + +location ^~ /nzbhydra { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_nzbhydra hydra2; + proxy_pass http://$upstream_nzbhydra:5076; +} + +location ^~ /nzbhydra/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_nzbhydra hydra2; + proxy_pass http://$upstream_nzbhydra:5076; +} diff --git a/ombi.subdomain.conf.sample b/ombi.subdomain.conf.sample new file mode 100644 index 000000000..237dda78d --- /dev/null +++ b/ombi.subdomain.conf.sample @@ -0,0 +1,39 @@ +# make sure that your dns has a cname set for ombi and that your ombi container is not using a base url + +server { + listen 443 ssl; + + server_name ombi.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_ombi ombi; + proxy_pass http://$upstream_ombi:3579; + } + + location ~ (/ombi)?/swagger { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_ombi ombi; + proxy_pass http://$upstream_ombi:3579; + } + if ($http_referer ~* /ombi) { + rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect; + } +} diff --git a/ombi.subfolder.conf.sample b/ombi.subfolder.conf.sample new file mode 100644 index 000000000..97edf3a03 --- /dev/null +++ b/ombi.subfolder.conf.sample @@ -0,0 +1,30 @@ +# first go into ombi settings, under the menu "Ombi" set the base url to /ombi and restart the ombi container + +location /ombi { + return 301 $scheme://$host/ombi/; +} + +location ^~ /ombi/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_ombi ombi; + proxy_pass http://$upstream_ombi:3579; +} + +location ^~ /ombi/swagger { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_ombi ombi; + proxy_pass http://$upstream_ombi:3579; +} +if ($http_referer ~* /ombi) { + rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect; +} diff --git a/organizr.subdomain.conf.sample b/organizr.subdomain.conf.sample new file mode 100644 index 000000000..ee1a71833 --- /dev/null +++ b/organizr.subdomain.conf.sample @@ -0,0 +1,49 @@ +# make sure that your dns has a cname set for organizr + +server { + listen 443 ssl; + + server_name organizr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_organizr organizr; + proxy_pass http://$upstream_organizr:80; + } + + location ~ /auth-(admin|user) { + # This is used for Organizr V1 + internal; + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_organizr organizr; + proxy_pass http://$upstream_organizr:80/auth.php?$1; + proxy_set_header Content-Length ""; + } + + location ~ /auth-([0-9]+) { + # This is used for Organizr V2 + internal; + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_organizr organizr; + proxy_pass http://$upstream_organizr:80/api/?v1/auth&group=$1; + proxy_set_header Content-Length ""; + } +} diff --git a/organizr.subfolder.conf.sample b/organizr.subfolder.conf.sample new file mode 100644 index 000000000..ee66a122e --- /dev/null +++ b/organizr.subfolder.conf.sample @@ -0,0 +1,36 @@ +# In order to use this location block you need to edit the default file one folder up and comment out the / location + +location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_organizr organizr; + proxy_pass http://$upstream_organizr:80; +} + +location ~ /auth-(admin|user) { + # This is used for Organizr V1 + internal; + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_organizr organizr; + proxy_pass http://$upstream_organizr:80/auth.php?$1; + proxy_set_header Content-Length ""; +} + +location ~ /auth-([0-9]+) { + # This is used for Organizr V2 + internal; + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_organizr organizr; + proxy_pass http://$upstream_organizr:80/api/?v1/auth&group=$1; + proxy_set_header Content-Length ""; +} diff --git a/phpmyadmin.subdomain.conf.sample b/phpmyadmin.subdomain.conf.sample new file mode 100644 index 000000000..5d9b864f2 --- /dev/null +++ b/phpmyadmin.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for phpmyadmin and that your phpmyadmin container is not using a base url + +server { + listen 443 ssl; + + server_name phpmyadmin.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_phpmyadmin phpmyadmin; + proxy_pass http://$upstream_phpmyadmin:80; + } +} diff --git a/phpmyadmin.subfolder.conf.sample b/phpmyadmin.subfolder.conf.sample new file mode 100644 index 000000000..22e2b430f --- /dev/null +++ b/phpmyadmin.subfolder.conf.sample @@ -0,0 +1,20 @@ +# phpmyadmin does not require a base url setting + +location /phpmyadmin { + return 301 $scheme://$host/phpmyadmin/; +} +location ^~ /phpmyadmin/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_phpmyadmin phpmyadmin; + rewrite /phpmyadmin(.*) $1 break; + proxy_pass http://$upstream_phpmyadmin:80; +} diff --git a/pihole.subdomain.conf.sample b/pihole.subdomain.conf.sample new file mode 100644 index 000000000..6dfd77373 --- /dev/null +++ b/pihole.subdomain.conf.sample @@ -0,0 +1,44 @@ +# make sure that your dns has a cname set for pihole and that your pihole container is not using a base url + +server { + listen 443 ssl; + + server_name pihole.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_pihole pihole; + proxy_pass http://$upstream_pihole:80; + } + + location /admin { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_pihole pihole; + proxy_pass http://$upstream_pihole:80; + } +} diff --git a/pihole.subfolder.conf.sample b/pihole.subfolder.conf.sample new file mode 100644 index 000000000..9ab4508ae --- /dev/null +++ b/pihole.subfolder.conf.sample @@ -0,0 +1,39 @@ +# pihole does not require a base url setting + +location /pihole { + return 301 $scheme://$host/pihole/; +} +location ^~ /pihole/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_pihole pihole; + rewrite /pihole(.*) $1 break; + proxy_pass http://$upstream_pihole:80; +} + +location /pihole/admin { + return 301 $scheme://$host/pihole/admin/; +} +location ^~ /pihole/admin/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_pihole pihole; + rewrite /pihole(.*) $1 break; + proxy_pass http://$upstream_pihole:80; +} diff --git a/plex.subdomain.conf.sample b/plex.subdomain.conf.sample new file mode 100644 index 000000000..5a9b79f42 --- /dev/null +++ b/plex.subdomain.conf.sample @@ -0,0 +1,50 @@ +# make sure that your dns has a cname set for plex, if plex is running in bridge mode, the below config should work as is, for host mode, +# replace the line "proxy_pass https://$upstream_plex:32400;" with "proxy_pass https://HOSTIP:32400;" HOSTIP being the IP address of plex +# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443") + +server { + listen 443 ssl; + + server_name plex.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + proxy_redirect off; + proxy_buffering off; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_plex plex; + proxy_pass http://$upstream_plex:32400; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; + proxy_set_header X-Plex-Device $http_x_plex_device; + proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; + proxy_set_header X-Plex-Platform $http_x_plex_platform; + proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; + proxy_set_header X-Plex-Product $http_x_plex_product; + proxy_set_header X-Plex-Token $http_x_plex_token; + proxy_set_header X-Plex-Version $http_x_plex_version; + proxy_set_header X-Plex-Nocache $http_x_plex_nocache; + proxy_set_header X-Plex-Provides $http_x_plex_provides; + proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; + proxy_set_header X-Plex-Model $http_x_plex_model; + } +} diff --git a/plex.subfolder.conf.sample b/plex.subfolder.conf.sample new file mode 100644 index 000000000..7648ad529 --- /dev/null +++ b/plex.subfolder.conf.sample @@ -0,0 +1,39 @@ +# plex does not require a base url setting +# if plex is running in bridge mode, the below config should work as is. +# for host mode, replace the line "proxy_pass https://$upstream_plex:32400;" with "proxy_pass https://HOSTIP:32400;" HOSTIP being the IP address of plex +# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://yourdomain.url/plex:443") + +location /plex { + return 301 $scheme://$host/plex/; +} +location ^~ /plex/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_plex plex; + rewrite /plex(.*) $1 break; + proxy_pass http://$upstream_plex:32400; + + proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; + proxy_set_header X-Plex-Device $http_x_plex_device; + proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; + proxy_set_header X-Plex-Platform $http_x_plex_platform; + proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; + proxy_set_header X-Plex-Product $http_x_plex_product; + proxy_set_header X-Plex-Token $http_x_plex_token; + proxy_set_header X-Plex-Version $http_x_plex_version; + proxy_set_header X-Plex-Nocache $http_x_plex_nocache; + proxy_set_header X-Plex-Provides $http_x_plex_provides; + proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; + proxy_set_header X-Plex-Model $http_x_plex_model; +} +if ($http_referer ~* /plex) { + rewrite ^/web/(.*) /plex/web/$1? redirect; +} diff --git a/plexwebtools.subdomain.conf.sample b/plexwebtools.subdomain.conf.sample new file mode 100644 index 000000000..df3713a6a --- /dev/null +++ b/plexwebtools.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for plexwebtools and that your plexwebtools container is not using a base url + +server { + listen 443 ssl; + + server_name plexwebtools.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_plex plex; + proxy_pass http://$upstream_plex:33400; + } +} diff --git a/plexwebtools.subfolder.conf.sample b/plexwebtools.subfolder.conf.sample new file mode 100644 index 000000000..87ecfc8f9 --- /dev/null +++ b/plexwebtools.subfolder.conf.sample @@ -0,0 +1,19 @@ +# first go into plexwebtools settings, set the URL Base to /plexwebtools and restart the plex container + +location /plexwebtools { + return 301 $scheme://$host/plexwebtools/; +} +location ^~ /plexwebtools/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_plex plex; + proxy_pass http://$upstream_plex:33400; +} diff --git a/portainer.subdomain.conf.sample b/portainer.subdomain.conf.sample new file mode 100644 index 000000000..4d82264cf --- /dev/null +++ b/portainer.subdomain.conf.sample @@ -0,0 +1,49 @@ +# make sure that your dns has a cname set for portainer + +server { + listen 443 ssl; + + server_name portainer.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + resolver 127.0.0.11 valid=30s; + set $upstream_portainer portainer; + proxy_pass http://$upstream_portainer:9000; + proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_hide_header X-Frame-Options; # Possibly nott needed after Portainer 1.20.0 + } + + location /api/websocket/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + resolver 127.0.0.11 valid=30s; + set $upstream_portainer portainer; + proxy_pass http://$upstream_portainer:9000; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_http_version 1.1; + proxy_hide_header X-Frame-Options; # Possibly nott needed after Portainer 1.20.0 + } +} diff --git a/portainer.subfolder.conf.sample b/portainer.subfolder.conf.sample new file mode 100644 index 000000000..39ca4d640 --- /dev/null +++ b/portainer.subfolder.conf.sample @@ -0,0 +1,32 @@ +# portainer does not require a base url setting + +location /portainer { + return 301 $scheme://$host/portainer/; +} +location ^~ /portainer/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_portainer portainer; + rewrite /portainer(.*) $1 break; + proxy_pass http://$upstream_portainer:9000; + proxy_hide_header X-Frame-Options; # Possibly nott needed after Portainer 1.20.0 +} + +location ^~ /portainer/api/websocket/ { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_portainer portainer; + rewrite /portainer(.*) $1 break; + proxy_pass http://$upstream_portainer:9000; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_hide_header X-Frame-Options; # Possibly nott needed after Portainer 1.20.0 +} diff --git a/pydio.subdomain.conf.sample b/pydio.subdomain.conf.sample new file mode 100644 index 000000000..14b3b4f63 --- /dev/null +++ b/pydio.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for pydio and that your pydio container is not using a base url + +server { + listen 443 ssl; + + server_name pydio.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_pydio pydio; + proxy_pass https://$upstream_pydio:443; + } +} diff --git a/radarr.subdomain.conf.sample b/radarr.subdomain.conf.sample new file mode 100644 index 000000000..9ea505754 --- /dev/null +++ b/radarr.subdomain.conf.sample @@ -0,0 +1,36 @@ +# make sure that your dns has a cname set for radarr and that your radarr container is not using a base url + +server { + listen 443 ssl; + + server_name radarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_radarr radarr; + proxy_pass http://$upstream_radarr:7878; + } + + location ~ (/radarr)?/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_radarr radarr; + proxy_pass http://$upstream_radarr:7878; + } +} diff --git a/radarr.subfolder.conf.sample b/radarr.subfolder.conf.sample new file mode 100644 index 000000000..54ac4560d --- /dev/null +++ b/radarr.subfolder.conf.sample @@ -0,0 +1,23 @@ +# first go into radarr settings, under "General" set the URL Base to /radarr and restart the radarr container + +location ^~ /radarr { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_radarr radarr; + proxy_pass http://$upstream_radarr:7878; +} + +location ^~ /radarr/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_radarr radarr; + proxy_pass http://$upstream_radarr:7878; +} diff --git a/rutorrent.subdomain.conf.sample b/rutorrent.subdomain.conf.sample new file mode 100644 index 000000000..a834a12cf --- /dev/null +++ b/rutorrent.subdomain.conf.sample @@ -0,0 +1,36 @@ +# make sure that your dns has a cname set for rutorrent + +server { + listen 443 ssl; + + server_name rutorrent.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_rutorrent rutorrent; + proxy_pass http://$upstream_rutorrent:80; + } + + location /RPC2 { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_rutorrent rutorrent; + proxy_pass http://$upstream_rutorrent:80; + } +} diff --git a/rutorrent.subfolder.conf.sample b/rutorrent.subfolder.conf.sample new file mode 100644 index 000000000..ced06004b --- /dev/null +++ b/rutorrent.subfolder.conf.sample @@ -0,0 +1,28 @@ +# rutorrent does not require a base url setting + +location /rutorrent { + return 301 $scheme://$host/rutorrent/; +} +location ^~ /rutorrent/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_rutorrent rutorrent; + rewrite /rutorrent(.*) $1 break; + proxy_pass http://$upstream_rutorrent:80; +} + +location ^~ /rutorrent/RPC2 { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_rutorrent rutorrent; + rewrite /rutorrent(.*) $1 break; + proxy_pass http://$upstream_rutorrent:80; +} diff --git a/sabnzbd.subdomain.conf.sample b/sabnzbd.subdomain.conf.sample new file mode 100644 index 000000000..85bb14b73 --- /dev/null +++ b/sabnzbd.subdomain.conf.sample @@ -0,0 +1,36 @@ +# make sure that your dns has a cname set for sabnzbd + +server { + listen 443 ssl; + + server_name sabnzbd.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_sabnzbd sabnzbd; + proxy_pass http://$upstream_sabnzbd:8080; + } + + location ~ (/sabnzbd)?/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_sabnzbd sabnzbd; + proxy_pass http://$upstream_sabnzbd:8080; + } +} diff --git a/sabnzbd.subfolder.conf.sample b/sabnzbd.subfolder.conf.sample new file mode 100644 index 000000000..8648d1208 --- /dev/null +++ b/sabnzbd.subfolder.conf.sample @@ -0,0 +1,23 @@ +# sabnzbd already uses the base url /sabnzbd by default so you don't need to do anything extra + +location ^~ /sabnzbd { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_sabnzbd sabnzbd; + proxy_pass http://$upstream_sabnzbd:8080; +} + +location ^~ /sabnzbd/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_sabnzbd sabnzbd; + proxy_pass http://$upstream_sabnzbd:8080; +} diff --git a/sickrage.subdomain.conf.sample b/sickrage.subdomain.conf.sample new file mode 100644 index 000000000..e829b15fd --- /dev/null +++ b/sickrage.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for sickrage + +server { + listen 443 ssl; + + server_name sickrage.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_sickrage sickrage; + proxy_pass http://$upstream_sickrage:8081; + } +} diff --git a/sickrage.subfolder.conf.sample b/sickrage.subfolder.conf.sample new file mode 100644 index 000000000..44afad695 --- /dev/null +++ b/sickrage.subfolder.conf.sample @@ -0,0 +1,16 @@ +# first stop the sickrage container and edit the config.ini for sickrage and set web_root to /sickrage and then start the sickrage container + +location ^~ /sickrage { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_sickrage sickrage; + proxy_pass http://$upstream_sickrage:8081; +} diff --git a/sonarr.subdomain.conf.sample b/sonarr.subdomain.conf.sample new file mode 100644 index 000000000..dcd854faf --- /dev/null +++ b/sonarr.subdomain.conf.sample @@ -0,0 +1,36 @@ +# make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url + +server { + listen 443 ssl; + + server_name sonarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_sonarr sonarr; + proxy_pass http://$upstream_sonarr:8989; + } + + location ~ (/sonarr)?/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_sonarr sonarr; + proxy_pass http://$upstream_sonarr:8989; + } +} diff --git a/sonarr.subfolder.conf.sample b/sonarr.subfolder.conf.sample new file mode 100644 index 000000000..1ef6f8ca4 --- /dev/null +++ b/sonarr.subfolder.conf.sample @@ -0,0 +1,23 @@ +# first go into sonarr settings, under "General" set the URL Base to /sonarr and restart the sonarr container + +location ^~ /sonarr { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_sonarr sonarr; + proxy_pass http://$upstream_sonarr:8989; +} + +location ^~ /sonarr/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_sonarr sonarr; + proxy_pass http://$upstream_sonarr:8989; +} diff --git a/syncthing.subdomain.conf.sample b/syncthing.subdomain.conf.sample new file mode 100644 index 000000000..e7359b50d --- /dev/null +++ b/syncthing.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for syncthing and that your syncthing container is not using a base url + +server { + listen 443 ssl; + + server_name syncthing.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_syncthing syncthing; + proxy_pass http://$upstream_syncthing:8384; + } +} diff --git a/tautulli.subdomain.conf.sample b/tautulli.subdomain.conf.sample new file mode 100644 index 000000000..300561c46 --- /dev/null +++ b/tautulli.subdomain.conf.sample @@ -0,0 +1,36 @@ +# make sure that your dns has a cname set for tautulli and that your tautulli container is not using a base url + +server { + listen 443 ssl; + + server_name tautulli.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_tautulli tautulli; + proxy_pass http://$upstream_tautulli:8181; + } + + location ~ (/tautulli)?/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_tautulli tautulli; + proxy_pass http://$upstream_tautulli:8181; + } +} diff --git a/tautulli.subfolder.conf.sample b/tautulli.subfolder.conf.sample new file mode 100644 index 000000000..b64cf12fc --- /dev/null +++ b/tautulli.subfolder.conf.sample @@ -0,0 +1,23 @@ +# first go into tautulli settings, under "Web Interface", click on show advanced, set the HTTP root to /tautulli and restart the tautulli container + +location ^~ /tautulli { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_tautulli tautulli; + proxy_pass http://$upstream_tautulli:8181; +} + +location ^~ /tautulli/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_tautulli tautulli; + proxy_pass http://$upstream_tautulli:8181; +} diff --git a/thelounge.subdomain.conf.sample b/thelounge.subdomain.conf.sample new file mode 100644 index 000000000..b2eb7d1d8 --- /dev/null +++ b/thelounge.subdomain.conf.sample @@ -0,0 +1,29 @@ +# make sure that your dns has a cname set for thelounge + +server { + listen 443 ssl; + + server_name thelounge.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_thelounge thelounge; + proxy_pass http://$upstream_thelounge:9000; + } +} diff --git a/thelounge.subfolder.conf.sample b/thelounge.subfolder.conf.sample new file mode 100644 index 000000000..bca21e48d --- /dev/null +++ b/thelounge.subfolder.conf.sample @@ -0,0 +1,20 @@ +# thelounge does not require a base url setting + +location /thelounge { + return 301 $scheme://$host/thelounge/; +} +location ^~ /thelounge/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_thelounge thelounge; + rewrite /thelounge(.*) $1 break; + proxy_pass http://$upstream_thelounge:9000; +} diff --git a/transmission.subdomain.conf.sample b/transmission.subdomain.conf.sample new file mode 100644 index 000000000..415a7d2bf --- /dev/null +++ b/transmission.subdomain.conf.sample @@ -0,0 +1,36 @@ +# make sure that your dns has a cname set for transmission + +server { + listen 443 ssl; + + server_name transmission.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_transmission transmission; + proxy_pass http://$upstream_transmission:9091; + } + + location ~ (/transmission)?/rpc { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_transmission transmission; + proxy_pass http://$upstream_transmission:9091; + } +} diff --git a/transmission.subfolder.conf.sample b/transmission.subfolder.conf.sample new file mode 100644 index 000000000..a0ebc5318 --- /dev/null +++ b/transmission.subfolder.conf.sample @@ -0,0 +1,23 @@ +# transmission does not require a base url setting + +location ^~ /transmission { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_transmission transmission; + proxy_pass http://$upstream_transmission:9091; +} + +location ^~ /transmission/rpc { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_transmission transmission; + proxy_pass http://$upstream_transmission:9091; +} diff --git a/unifi.subdomain.conf.sample b/unifi.subdomain.conf.sample new file mode 100644 index 000000000..b5c7bcfe0 --- /dev/null +++ b/unifi.subdomain.conf.sample @@ -0,0 +1,51 @@ +# make sure that your dns has a cname set for unifi and that your unifi container is not using a base url + +server { + listen 443 ssl; + + server_name unifi.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_unifi unifi; + proxy_pass https://$upstream_unifi:8443; + } + + location /wss { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_unifi unifi; + proxy_pass https://$upstream_unifi:8443; + proxy_redirect off; + proxy_buffering off; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_ssl_verify off; + } + +}