From f2c8d54e2baed13262cb3da13cd227041585c8ef Mon Sep 17 00:00:00 2001
From: aptalca <aptalca@linuxserver.io>
Date: Mon, 19 Nov 2018 10:55:59 -0500
Subject: [PATCH] initial upload

---
 .gitattributes                      | 17 ++++++++++
 .github/ISSUE_TEMPLATE.md           | 21 ++++++++++++
 .github/PULL_REQUEST_TEMPLATE.md    | 15 +++++++++
 README.md                           |  1 -
 _readme                             | 36 ++++++++++++++++++++
 airsonic.subfolder.conf.sample      | 16 +++++++++
 bazarr.subdomain.conf.sample        | 29 ++++++++++++++++
 bazarr.subfolder.conf.sample        | 19 +++++++++++
 couchpotato.subdomain.conf.sample   | 29 ++++++++++++++++
 couchpotato.subfolder.conf.sample   | 16 +++++++++
 deluge.subdomain.conf.sample        | 29 ++++++++++++++++
 deluge.subfolder.conf.sample        | 21 ++++++++++++
 duplicati.subdomain.conf.sample     | 28 ++++++++++++++++
 duplicati.subfolder.conf.sample     | 19 +++++++++++
 emby.subdomain.conf.sample          | 26 +++++++++++++++
 emby.subfolder.conf.sample          | 20 +++++++++++
 flood.subdomain.conf.sample         | 29 ++++++++++++++++
 flood.subfolder.conf.sample         | 20 +++++++++++
 headphones.subdomain.conf.sample    | 29 ++++++++++++++++
 headphones.subfolder.conf.sample    | 16 +++++++++
 heimdall.subdomain.conf.sample      | 29 ++++++++++++++++
 jackett.subdomain.conf.sample       | 36 ++++++++++++++++++++
 jackett.subfolder.conf.sample       | 23 +++++++++++++
 lazylibrarian.subdomain.conf.sample | 29 ++++++++++++++++
 lazylibrarian.subfolder.conf.sample | 16 +++++++++
 lidarr.subdomain.conf.sample        | 29 ++++++++++++++++
 lidarr.subfolder.conf.sample        | 16 +++++++++
 medusa.subdomain.conf.sample        | 29 ++++++++++++++++
 medusa.subfolder.conf.sample        | 16 +++++++++
 monitorr.subdomain.conf.sample      | 29 ++++++++++++++++
 monitorr.subfolder.conf.sample      | 16 +++++++++
 mylar.subdomain.conf.sample         | 29 ++++++++++++++++
 mylar.subfolder.conf.sample         | 16 +++++++++
 netdata.subdomain.conf.sample       | 29 ++++++++++++++++
 netdata.subfolder.conf.sample       | 20 +++++++++++
 nextcloud.subdomain.conf.sample     | 31 ++++++++++++++++++
 nextcloud.subfolder.conf.sample     | 40 ++++++++++++++++++++++
 nzbget.subdomain.conf.sample        | 29 ++++++++++++++++
 nzbget.subfolder.conf.sample        | 16 +++++++++
 nzbhydra.subdomain.conf.sample      | 36 ++++++++++++++++++++
 nzbhydra.subfolder.conf.sample      | 23 +++++++++++++
 ombi.subdomain.conf.sample          | 39 ++++++++++++++++++++++
 ombi.subfolder.conf.sample          | 30 +++++++++++++++++
 organizr.subdomain.conf.sample      | 49 +++++++++++++++++++++++++++
 organizr.subfolder.conf.sample      | 36 ++++++++++++++++++++
 phpmyadmin.subdomain.conf.sample    | 29 ++++++++++++++++
 phpmyadmin.subfolder.conf.sample    | 20 +++++++++++
 pihole.subdomain.conf.sample        | 44 +++++++++++++++++++++++++
 pihole.subfolder.conf.sample        | 39 ++++++++++++++++++++++
 plex.subdomain.conf.sample          | 50 ++++++++++++++++++++++++++++
 plex.subfolder.conf.sample          | 39 ++++++++++++++++++++++
 plexwebtools.subdomain.conf.sample  | 29 ++++++++++++++++
 plexwebtools.subfolder.conf.sample  | 19 +++++++++++
 portainer.subdomain.conf.sample     | 49 +++++++++++++++++++++++++++
 portainer.subfolder.conf.sample     | 32 ++++++++++++++++++
 pydio.subdomain.conf.sample         | 29 ++++++++++++++++
 radarr.subdomain.conf.sample        | 36 ++++++++++++++++++++
 radarr.subfolder.conf.sample        | 23 +++++++++++++
 rutorrent.subdomain.conf.sample     | 36 ++++++++++++++++++++
 rutorrent.subfolder.conf.sample     | 28 ++++++++++++++++
 sabnzbd.subdomain.conf.sample       | 36 ++++++++++++++++++++
 sabnzbd.subfolder.conf.sample       | 23 +++++++++++++
 sickrage.subdomain.conf.sample      | 29 ++++++++++++++++
 sickrage.subfolder.conf.sample      | 16 +++++++++
 sonarr.subdomain.conf.sample        | 36 ++++++++++++++++++++
 sonarr.subfolder.conf.sample        | 23 +++++++++++++
 syncthing.subdomain.conf.sample     | 29 ++++++++++++++++
 tautulli.subdomain.conf.sample      | 36 ++++++++++++++++++++
 tautulli.subfolder.conf.sample      | 23 +++++++++++++
 thelounge.subdomain.conf.sample     | 29 ++++++++++++++++
 thelounge.subfolder.conf.sample     | 20 +++++++++++
 transmission.subdomain.conf.sample  | 36 ++++++++++++++++++++
 transmission.subfolder.conf.sample  | 23 +++++++++++++
 unifi.subdomain.conf.sample         | 51 +++++++++++++++++++++++++++++
 74 files changed, 2038 insertions(+), 1 deletion(-)
 create mode 100644 .gitattributes
 create mode 100644 .github/ISSUE_TEMPLATE.md
 create mode 100644 .github/PULL_REQUEST_TEMPLATE.md
 delete mode 100644 README.md
 create mode 100644 _readme
 create mode 100644 airsonic.subfolder.conf.sample
 create mode 100644 bazarr.subdomain.conf.sample
 create mode 100644 bazarr.subfolder.conf.sample
 create mode 100644 couchpotato.subdomain.conf.sample
 create mode 100644 couchpotato.subfolder.conf.sample
 create mode 100644 deluge.subdomain.conf.sample
 create mode 100644 deluge.subfolder.conf.sample
 create mode 100644 duplicati.subdomain.conf.sample
 create mode 100644 duplicati.subfolder.conf.sample
 create mode 100644 emby.subdomain.conf.sample
 create mode 100644 emby.subfolder.conf.sample
 create mode 100644 flood.subdomain.conf.sample
 create mode 100644 flood.subfolder.conf.sample
 create mode 100644 headphones.subdomain.conf.sample
 create mode 100644 headphones.subfolder.conf.sample
 create mode 100644 heimdall.subdomain.conf.sample
 create mode 100644 jackett.subdomain.conf.sample
 create mode 100644 jackett.subfolder.conf.sample
 create mode 100644 lazylibrarian.subdomain.conf.sample
 create mode 100644 lazylibrarian.subfolder.conf.sample
 create mode 100644 lidarr.subdomain.conf.sample
 create mode 100644 lidarr.subfolder.conf.sample
 create mode 100644 medusa.subdomain.conf.sample
 create mode 100644 medusa.subfolder.conf.sample
 create mode 100644 monitorr.subdomain.conf.sample
 create mode 100644 monitorr.subfolder.conf.sample
 create mode 100644 mylar.subdomain.conf.sample
 create mode 100644 mylar.subfolder.conf.sample
 create mode 100644 netdata.subdomain.conf.sample
 create mode 100644 netdata.subfolder.conf.sample
 create mode 100644 nextcloud.subdomain.conf.sample
 create mode 100644 nextcloud.subfolder.conf.sample
 create mode 100644 nzbget.subdomain.conf.sample
 create mode 100644 nzbget.subfolder.conf.sample
 create mode 100644 nzbhydra.subdomain.conf.sample
 create mode 100644 nzbhydra.subfolder.conf.sample
 create mode 100644 ombi.subdomain.conf.sample
 create mode 100644 ombi.subfolder.conf.sample
 create mode 100644 organizr.subdomain.conf.sample
 create mode 100644 organizr.subfolder.conf.sample
 create mode 100644 phpmyadmin.subdomain.conf.sample
 create mode 100644 phpmyadmin.subfolder.conf.sample
 create mode 100644 pihole.subdomain.conf.sample
 create mode 100644 pihole.subfolder.conf.sample
 create mode 100644 plex.subdomain.conf.sample
 create mode 100644 plex.subfolder.conf.sample
 create mode 100644 plexwebtools.subdomain.conf.sample
 create mode 100644 plexwebtools.subfolder.conf.sample
 create mode 100644 portainer.subdomain.conf.sample
 create mode 100644 portainer.subfolder.conf.sample
 create mode 100644 pydio.subdomain.conf.sample
 create mode 100644 radarr.subdomain.conf.sample
 create mode 100644 radarr.subfolder.conf.sample
 create mode 100644 rutorrent.subdomain.conf.sample
 create mode 100644 rutorrent.subfolder.conf.sample
 create mode 100644 sabnzbd.subdomain.conf.sample
 create mode 100644 sabnzbd.subfolder.conf.sample
 create mode 100644 sickrage.subdomain.conf.sample
 create mode 100644 sickrage.subfolder.conf.sample
 create mode 100644 sonarr.subdomain.conf.sample
 create mode 100644 sonarr.subfolder.conf.sample
 create mode 100644 syncthing.subdomain.conf.sample
 create mode 100644 tautulli.subdomain.conf.sample
 create mode 100644 tautulli.subfolder.conf.sample
 create mode 100644 thelounge.subdomain.conf.sample
 create mode 100644 thelounge.subfolder.conf.sample
 create mode 100644 transmission.subdomain.conf.sample
 create mode 100644 transmission.subfolder.conf.sample
 create mode 100644 unifi.subdomain.conf.sample

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 000000000..bdb0cabc8
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,17 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Custom for Visual Studio
+*.cs     diff=csharp
+
+# Standard to msysgit
+*.doc	 diff=astextplain
+*.DOC	 diff=astextplain
+*.docx diff=astextplain
+*.DOCX diff=astextplain
+*.dot  diff=astextplain
+*.DOT  diff=astextplain
+*.pdf  diff=astextplain
+*.PDF	 diff=astextplain
+*.rtf	 diff=astextplain
+*.RTF	 diff=astextplain
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
new file mode 100644
index 000000000..c73c33be1
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,21 @@
+<!--- Provide a general summary of the issue in the Title above -->
+
+[linuxserverurl]: https://linuxserver.io
+[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
+	
+
+<!--- If you have an issue with the project, please provide us with the following information -->
+
+<!---  Host OS -->
+<!--- Command line users, your run/create command, GUI/Unraid users, a screenshot of your template settings. -->
+<!--- Docker log output, docker log <container-name>      -->
+<!--- Mention if you're using symlinks on any of the volume mounts. -->
+
+
+<!--- If you have a suggestion or fix for the project, please provide us with the following information -->
+
+<!--- What you think your suggestion brings to the project, or fixes with the project -->
+<!--- If it's a fix, would it be better suited as a Pull request to the repo ? -->
+
+##  Thanks, team linuxserver.io
+
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 000000000..f6a6381da
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,15 @@
+<!--- Provide a general summary of your changes in the Title above -->
+
+[linuxserverurl]: https://linuxserver.io
+[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
+	
+
+<!--- Before submitting a pull request please check the following -->
+
+<!---  That you have made a branch in your fork, we'd rather not merge from your master -->
+<!---  That if the PR is addressing an existing issue include, closes #<issue number> , in the body of the PR commit message   -->
+<!---  You have included links to any files / patches etc your PR may be using in the body of the PR commit message -->
+<!---  -->
+
+##  Thanks, team linuxserver.io
+
diff --git a/README.md b/README.md
deleted file mode 100644
index ab58ff0ee..000000000
--- a/README.md
+++ /dev/null
@@ -1 +0,0 @@
-# reverse-proxy-confs
\ No newline at end of file
diff --git a/_readme b/_readme
new file mode 100644
index 000000000..1f234c916
--- /dev/null
+++ b/_readme
@@ -0,0 +1,36 @@
+This folder contains sample reverse proxy configs for various docker images linuxserver provides. They are grouped in two:
+1. "subfolder" these will allow accessing services at https://yourdomain.com/servicename
+2. "subdomain" these will allow accessing services at https://servicename.yourdomain.com
+
+To enable the reverse proxies:
+1) rename the conf files and remove the ".sample" at the end (ie. "sonarr.subfolder.conf") and 
+2) restart the letsencrypt container
+
+Make sure that your default site config contains the following lines in the appropriate spots as seen in the default version:
+1) for subfolder methods: "include /config/nginx/proxy-confs/*.subfolder.conf;"
+2) for subdomain methods: "include /config/nginx/proxy-confs/*.subdomain.conf;"
+
+To disable the configs, simply rename the files to add back the ".sample" to the end, and restart letsencrypt.
+
+If you are reverse proxying linuxserver containers installed on the same host with the recommended options, you shouldn't 
+need to edit these conf files. However, some files require you to make changes to the service containers such as adding 
+base urls in their settings. Each conf file lists the required changes on the first line.
+
+These confs also assume that the letsencrypt container can reach other containers via their dns hostnames (defaults to 
+container name) resolved via docker's internal dns. This is achieved through having the containers attached to the same 
+user defined docker bridge network. 
+- If you are using docker-compose and the containers are managed through the same yaml file, docker-compose will automatically 
+create a custom network and attach all containers to it. You don't have to do anything extra.
+- If you are starting the containers via command line, first create a bridge network via "docker network create [networkname]"
+and define that network in the container run/create command via "--network [networkname]".
+- If you are using a gui manager like portainer, you can create a custom bridge network in the gui, and select it when creating
+a new container.
+- If you are using unraid, create a custom network in command line via "docker network create [networkname]", then go to docker service settings (under advanced) and 
+set the option "Preserve user defined networks:" to "Yes". Then in each container setting, do one of the following:
+  1) Unraid 6.5.0 or earlier - (under advanced) add "--network=[networkname]" into "Extra Parameters".
+  2) Unraid 6.5.1 or later - in the network type dropdown, select "Custom : [networkname]".
+  You would have to do the above for the letsencrypt container as well, so they are all on the same custom network. The bridge 
+network that unraid uses by default does not allow container to container communication.
+
+If the reverse proxied containers are not reachable via dns or they are running on a different machine, you will have to modify
+these confs to fit your needs.
diff --git a/airsonic.subfolder.conf.sample b/airsonic.subfolder.conf.sample
new file mode 100644
index 000000000..cda980885
--- /dev/null
+++ b/airsonic.subfolder.conf.sample
@@ -0,0 +1,16 @@
+# set the CONTEXT_PATH variable to /airsonic in airsonic container.
+
+location ^~ /airsonic {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_airsonic airsonic;
+    proxy_pass http://$upstream_airsonic:4040;
+}
diff --git a/bazarr.subdomain.conf.sample b/bazarr.subdomain.conf.sample
new file mode 100644
index 000000000..b3990d2da
--- /dev/null
+++ b/bazarr.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for bazarr and that your bazarr container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name bazarr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_bazarr bazarr;
+        proxy_pass http://$upstream_bazarr:6767;
+    }
+}
diff --git a/bazarr.subfolder.conf.sample b/bazarr.subfolder.conf.sample
new file mode 100644
index 000000000..50ac52a60
--- /dev/null
+++ b/bazarr.subfolder.conf.sample
@@ -0,0 +1,19 @@
+# first go into bazarr settings, under "General" set the URL Base to /bazarr/ and restart the bazarr container
+
+location /bazarr {
+    return 301 $scheme://$host/bazarr/;
+}
+location ^~ /bazarr/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_bazarr bazarr;
+    proxy_pass http://$upstream_bazarr:6767;
+}
diff --git a/couchpotato.subdomain.conf.sample b/couchpotato.subdomain.conf.sample
new file mode 100644
index 000000000..72a3d74e3
--- /dev/null
+++ b/couchpotato.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for couchpotato and that your couchpotato container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name couchpotato.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_couchpotato couchpotato;
+        proxy_pass http://$upstream_couchpotato:5050;
+    }
+}
diff --git a/couchpotato.subfolder.conf.sample b/couchpotato.subfolder.conf.sample
new file mode 100644
index 000000000..99229d727
--- /dev/null
+++ b/couchpotato.subfolder.conf.sample
@@ -0,0 +1,16 @@
+# first go into couchpotato settings, under "General" set the URL Base to /couchpotato and restart the couchpotato container
+
+location ^~ /couchpotato {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_couchpotato couchpotato;
+    proxy_pass http://$upstream_couchpotato:5050;
+}
diff --git a/deluge.subdomain.conf.sample b/deluge.subdomain.conf.sample
new file mode 100644
index 000000000..3e718f1b8
--- /dev/null
+++ b/deluge.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for deluge and that your deluge container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name deluge.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_deluge deluge;
+        proxy_pass http://$upstream_deluge:8112;
+    }
+}
diff --git a/deluge.subfolder.conf.sample b/deluge.subfolder.conf.sample
new file mode 100644
index 000000000..f5004ef59
--- /dev/null
+++ b/deluge.subfolder.conf.sample
@@ -0,0 +1,21 @@
+# deluge does not require a base url setting
+
+location /deluge {
+    return 301 $scheme://$host/deluge/;
+}
+location ^~ /deluge/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_deluge deluge;
+    rewrite /deluge(.*) $1 break;
+    proxy_pass http://$upstream_deluge:8112;
+    proxy_set_header X-Deluge-Base "/deluge/";
+}
diff --git a/duplicati.subdomain.conf.sample b/duplicati.subdomain.conf.sample
new file mode 100644
index 000000000..bde26db9d
--- /dev/null
+++ b/duplicati.subdomain.conf.sample
@@ -0,0 +1,28 @@
+# make sure that your dns has a cname set for duplicati and that your duplicati container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name duplicati.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_duplicati duplicati;
+        proxy_pass http://$upstream_duplicati:8200;
+    }
+}
diff --git a/duplicati.subfolder.conf.sample b/duplicati.subfolder.conf.sample
new file mode 100644
index 000000000..1e6587615
--- /dev/null
+++ b/duplicati.subfolder.conf.sample
@@ -0,0 +1,19 @@
+# duplicati does not require a base url setting. DUPLICATI AUTH WILL NOT WORK WITH THIS CONFIG, use the auth options below
+
+location /duplicati {
+    return 301 $scheme://$host/duplicati/;
+}
+location ^~ /duplicati/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_duplicati duplicati;
+    rewrite /duplicati(.*) $1 break;
+    proxy_pass http://$upstream_duplicati:8200;
+}
diff --git a/emby.subdomain.conf.sample b/emby.subdomain.conf.sample
new file mode 100644
index 000000000..98f3a8319
--- /dev/null
+++ b/emby.subdomain.conf.sample
@@ -0,0 +1,26 @@
+# make sure that your dns has a cname set for emby, if emby is running in bridge mode, the below config should work as is, although, 
+# the container name is expected to be "emby", if not, replace the line "set $upstream_emby emby;" with "set $upstream_emby <containername>;"
+# for host mode, replace the line "proxy_pass http://$upstream_emby:8096;" with "proxy_pass http://HOSTIP:8096;" HOSTIP being the IP address of emby
+# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url,
+# and set the "Secure connection mode" to "Handled by reverse proxy"
+
+server {
+    listen 443 ssl;
+
+    server_name emby.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_emby emby;
+        proxy_pass http://$upstream_emby:8096;
+        proxy_set_header Range $http_range;
+        proxy_set_header If-Range $http_if_range;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
diff --git a/emby.subfolder.conf.sample b/emby.subfolder.conf.sample
new file mode 100644
index 000000000..a6220df46
--- /dev/null
+++ b/emby.subfolder.conf.sample
@@ -0,0 +1,20 @@
+# if emby is running in bridge mode, the below config should work as is, although, the container name is expected to be "emby",
+# if not, replace the line "set $upstream_emby emby;" with "set $upstream_emby <containername>;"
+# for host mode, replace the line "proxy_pass http://$upstream_emby:8096;" with "proxy_pass http://HOSTIP:8096;" HOSTIP being the IP address of emby
+# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url and subdomain,
+# and set the "Secure connection mode" to "Handled by reverse proxy"
+
+location /emby {
+    return 301 $scheme://$host/emby/;
+}
+location ^~ /emby/ {
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_emby emby;
+    proxy_pass http://$upstream_emby:8096;
+    
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+}
diff --git a/flood.subdomain.conf.sample b/flood.subdomain.conf.sample
new file mode 100644
index 000000000..9f88c59a0
--- /dev/null
+++ b/flood.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for flood and that your flood container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name flood.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_flood flood;
+        proxy_pass http://$upstream_flood:3000;
+    }
+}
diff --git a/flood.subfolder.conf.sample b/flood.subfolder.conf.sample
new file mode 100644
index 000000000..90b5d76ac
--- /dev/null
+++ b/flood.subfolder.conf.sample
@@ -0,0 +1,20 @@
+# flood does not require a base url setting
+
+location /flood {
+    return 301 $scheme://$host/flood/;
+}
+location ^~ /flood/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_flood flood;
+    rewrite /flood(.*) $1 break;
+    proxy_pass http://$upstream_flood:3000;
+}
diff --git a/headphones.subdomain.conf.sample b/headphones.subdomain.conf.sample
new file mode 100644
index 000000000..2a11a16d1
--- /dev/null
+++ b/headphones.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for headphones
+
+server {
+    listen 443 ssl;
+
+    server_name headphones.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_headphones headphones;
+        proxy_pass http://$upstream_headphones:8181;
+    }
+}
diff --git a/headphones.subfolder.conf.sample b/headphones.subfolder.conf.sample
new file mode 100644
index 000000000..775aa3562
--- /dev/null
+++ b/headphones.subfolder.conf.sample
@@ -0,0 +1,16 @@
+# first stop the headphones container and edit the config.ini for headphones and set http_root to /headphones and then start the headphones container
+
+location ^~ /headphones {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_headphones headphones;
+    proxy_pass http://$upstream_headphones:8181;
+}
diff --git a/heimdall.subdomain.conf.sample b/heimdall.subdomain.conf.sample
new file mode 100644
index 000000000..42c9582b5
--- /dev/null
+++ b/heimdall.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for heimdall
+
+server {
+    listen 443 ssl;
+
+    server_name heimdall.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_heimdall heimdall;
+        proxy_pass https://$upstream_heimdall:443;
+    }
+}
diff --git a/jackett.subdomain.conf.sample b/jackett.subdomain.conf.sample
new file mode 100644
index 000000000..b2449a171
--- /dev/null
+++ b/jackett.subdomain.conf.sample
@@ -0,0 +1,36 @@
+# make sure that your dns has a cname set for jackett and that your jackett container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name jackett.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_jackett jackett;
+        proxy_pass http://$upstream_jackett:9117;
+    }
+
+    location ~ (/jackett)?/(api|dl) {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_jackett jackett;
+        proxy_pass http://$upstream_jackett:9117;
+    }
+}
diff --git a/jackett.subfolder.conf.sample b/jackett.subfolder.conf.sample
new file mode 100644
index 000000000..42464caca
--- /dev/null
+++ b/jackett.subfolder.conf.sample
@@ -0,0 +1,23 @@
+# first go into jackett settings, set the URL Base to /jackett and restart the jackett container
+
+location /jackett {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_jackett jackett;
+    proxy_pass http://$upstream_jackett:9117;
+}
+
+location ~ /jackett/(api|dl) {
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_jackett jackett;
+    proxy_pass http://$upstream_jackett:9117;
+}
diff --git a/lazylibrarian.subdomain.conf.sample b/lazylibrarian.subdomain.conf.sample
new file mode 100644
index 000000000..ff9c4f43e
--- /dev/null
+++ b/lazylibrarian.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for lazylibrarian
+
+server {
+    listen 443 ssl;
+
+    server_name lazylibrarian.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_lazylibrarian lazylibrarian;
+        proxy_pass http://$upstream_lazylibrarian:5299;
+    }
+}
diff --git a/lazylibrarian.subfolder.conf.sample b/lazylibrarian.subfolder.conf.sample
new file mode 100644
index 000000000..5a4a8c7dc
--- /dev/null
+++ b/lazylibrarian.subfolder.conf.sample
@@ -0,0 +1,16 @@
+# first go into lazylibrarian settings, under "Interface" set the URL Base to /lazylibrarian and restart the lazylibrarian container
+
+location ^~ /lazylibrarian {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_lazylibrarian lazylibrarian;
+    proxy_pass http://$upstream_lazylibrarian:5299;
+}
diff --git a/lidarr.subdomain.conf.sample b/lidarr.subdomain.conf.sample
new file mode 100644
index 000000000..c28968c9a
--- /dev/null
+++ b/lidarr.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for lidarr and that your lidarr container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name lidarr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_lidarr lidarr;
+        proxy_pass http://$upstream_lidarr:8686;
+    }
+}
diff --git a/lidarr.subfolder.conf.sample b/lidarr.subfolder.conf.sample
new file mode 100644
index 000000000..9aef69097
--- /dev/null
+++ b/lidarr.subfolder.conf.sample
@@ -0,0 +1,16 @@
+# first go into lidarr settings, under "General" set the URL Base to /lidarr and restart the lidarr container
+
+location ^~ /lidarr {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_lidarr lidarr;
+    proxy_pass http://$upstream_lidarr:8686;
+}
diff --git a/medusa.subdomain.conf.sample b/medusa.subdomain.conf.sample
new file mode 100644
index 000000000..5dc2e6813
--- /dev/null
+++ b/medusa.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for medusa
+
+server {
+    listen 443 ssl;
+
+    server_name medusa.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_medusa medusa;
+        proxy_pass http://$upstream_medusa:8081;
+    }
+}
diff --git a/medusa.subfolder.conf.sample b/medusa.subfolder.conf.sample
new file mode 100644
index 000000000..acda80170
--- /dev/null
+++ b/medusa.subfolder.conf.sample
@@ -0,0 +1,16 @@
+# first go into medusa settings, under "Interface" set the URL Base to /medusa and restart the medusa container
+
+location ^~ /medusa {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_medusa medusa;
+    proxy_pass http://$upstream_medusa:8081;
+}
diff --git a/monitorr.subdomain.conf.sample b/monitorr.subdomain.conf.sample
new file mode 100644
index 000000000..7fe3f22ce
--- /dev/null
+++ b/monitorr.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for monitorr
+
+server {
+    listen 443 ssl;
+
+    server_name monitorr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_monitorr monitorr;
+        proxy_pass http://$upstream_monitorr:80;
+    }
+}
diff --git a/monitorr.subfolder.conf.sample b/monitorr.subfolder.conf.sample
new file mode 100644
index 000000000..b3892252c
--- /dev/null
+++ b/monitorr.subfolder.conf.sample
@@ -0,0 +1,16 @@
+# monitorr does not require a base url setting
+
+location ^~ /monitorr {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_monitorr monitorr;
+    proxy_pass http://$upstream_monitorr:80;
+}
diff --git a/mylar.subdomain.conf.sample b/mylar.subdomain.conf.sample
new file mode 100644
index 000000000..d97cc6186
--- /dev/null
+++ b/mylar.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for mylar
+
+server {
+    listen 443 ssl;
+
+    server_name mylar.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_mylar mylar;
+        proxy_pass http://$upstream_mylar:8090;
+    }
+}
diff --git a/mylar.subfolder.conf.sample b/mylar.subfolder.conf.sample
new file mode 100644
index 000000000..72d0e700d
--- /dev/null
+++ b/mylar.subfolder.conf.sample
@@ -0,0 +1,16 @@
+# first stop the mylar container and edit the config.ini for mylar and set http_root to /mylar and then start the mylar container
+
+location ^~ /mylar {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_mylar mylar;
+    proxy_pass http://$upstream_mylar:8090;
+}
diff --git a/netdata.subdomain.conf.sample b/netdata.subdomain.conf.sample
new file mode 100644
index 000000000..04f8ffba3
--- /dev/null
+++ b/netdata.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for netdata
+
+server {
+    listen 443 ssl;
+
+    server_name netdata.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_netdata netdata;
+        proxy_pass http://$upstream_netdata:19999;
+    }
+}
diff --git a/netdata.subfolder.conf.sample b/netdata.subfolder.conf.sample
new file mode 100644
index 000000000..59c3837bd
--- /dev/null
+++ b/netdata.subfolder.conf.sample
@@ -0,0 +1,20 @@
+# netdata does not require a base url setting
+
+location /netdata {
+    return 301 $scheme://$host/netdata/;
+}
+location ^~ /netdata/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_netdata netdata;
+    rewrite /netdata(.*) $1 break;
+    proxy_pass http://$upstream_netdata:19999;
+}
diff --git a/nextcloud.subdomain.conf.sample b/nextcloud.subdomain.conf.sample
new file mode 100644
index 000000000..53b693775
--- /dev/null
+++ b/nextcloud.subdomain.conf.sample
@@ -0,0 +1,31 @@
+# make sure that your dns has a cname set for nextcloud
+# assuming this container is called "letsencrypt", edit your nextcloud container's config
+# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
+#  'trusted_proxies' => ['letsencrypt'],
+#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
+#  'overwritehost' => 'nextcloud.your-domain.com',
+#  'overwriteprotocol' => 'https',
+#
+# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
+#  array (
+#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
+#    1 => 'nextcloud.your-domain.com',
+#  ),
+
+server {
+    listen 443 ssl;
+
+    server_name nextcloud.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_nextcloud nextcloud;
+        proxy_max_temp_file_size 2048m;
+        proxy_pass https://$upstream_nextcloud:443;
+    }
+}
diff --git a/nextcloud.subfolder.conf.sample b/nextcloud.subfolder.conf.sample
new file mode 100644
index 000000000..3d42ef2b2
--- /dev/null
+++ b/nextcloud.subfolder.conf.sample
@@ -0,0 +1,40 @@
+# Assuming this container is called "letsencrypt", edit your nextcloud container's config
+# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
+#  'trusted_proxies' => ['letsencrypt'],
+#  'overwritewebroot' => '/nextcloud',
+#  'overwrite.cli.url' => 'https://your-domain.com/nextcloud',
+#
+# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
+#  array (
+#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
+#    1 => 'your-domain.com',
+#  ),
+
+# Redirects for DAV clients
+location = /.well-known/carddav {
+    return 301 $scheme://$host/nextcloud/remote.php/dav;
+}
+
+location = /.well-known/caldav {
+    return 301 $scheme://$host/nextcloud/remote.php/dav;
+}
+
+location /nextcloud {
+    return 301 $scheme://$host/nextcloud/;
+}
+
+location ^~ /nextcloud/ {
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_nextcloud nextcloud;
+    rewrite /nextcloud(.*) $1 break;
+    proxy_pass https://$upstream_nextcloud:443;
+    
+    proxy_max_temp_file_size 2048m;
+
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range;
+    proxy_set_header Connection $http_connection;
+    proxy_redirect off;
+    proxy_ssl_session_reuse off;
+} 
diff --git a/nzbget.subdomain.conf.sample b/nzbget.subdomain.conf.sample
new file mode 100644
index 000000000..5bfb58e43
--- /dev/null
+++ b/nzbget.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for nzbget
+
+server {
+    listen 443 ssl;
+
+    server_name nzbget.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_nzbget nzbget;
+        proxy_pass http://$upstream_nzbget:6789;
+    }
+}
diff --git a/nzbget.subfolder.conf.sample b/nzbget.subfolder.conf.sample
new file mode 100644
index 000000000..ff8523dfb
--- /dev/null
+++ b/nzbget.subfolder.conf.sample
@@ -0,0 +1,16 @@
+# nzbget does not require a base url setting
+
+location ^~ /nzbget {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_nzbget nzbget;
+    proxy_pass http://$upstream_nzbget:6789;
+}
diff --git a/nzbhydra.subdomain.conf.sample b/nzbhydra.subdomain.conf.sample
new file mode 100644
index 000000000..1ee662809
--- /dev/null
+++ b/nzbhydra.subdomain.conf.sample
@@ -0,0 +1,36 @@
+# make sure that your dns has a cname set for nzbhydra and that your nzbhydra container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name nzbhydra.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_nzbhydra hydra2;
+        proxy_pass http://$upstream_nzbhydra:5076;
+    }
+
+    location ~ (/nzbhydra)?/api {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_nzbhydra hydra2;
+        proxy_pass http://$upstream_nzbhydra:5076;
+    }
+}
diff --git a/nzbhydra.subfolder.conf.sample b/nzbhydra.subfolder.conf.sample
new file mode 100644
index 000000000..3a9cdc021
--- /dev/null
+++ b/nzbhydra.subfolder.conf.sample
@@ -0,0 +1,23 @@
+# first go into nzbhydra settings, set the URL Base to /nzbhydra and restart the nzbhydra container
+
+location ^~ /nzbhydra {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_nzbhydra hydra2;
+    proxy_pass http://$upstream_nzbhydra:5076;
+}
+
+location ^~ /nzbhydra/api {
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_nzbhydra hydra2;
+    proxy_pass http://$upstream_nzbhydra:5076;
+}
diff --git a/ombi.subdomain.conf.sample b/ombi.subdomain.conf.sample
new file mode 100644
index 000000000..237dda78d
--- /dev/null
+++ b/ombi.subdomain.conf.sample
@@ -0,0 +1,39 @@
+# make sure that your dns has a cname set for ombi and that your ombi container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name ombi.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_ombi ombi;
+        proxy_pass http://$upstream_ombi:3579;
+    }
+
+    location ~ (/ombi)?/swagger {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_ombi ombi;
+        proxy_pass http://$upstream_ombi:3579;
+   }
+   if ($http_referer ~* /ombi) {
+       rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect;
+   }
+}
diff --git a/ombi.subfolder.conf.sample b/ombi.subfolder.conf.sample
new file mode 100644
index 000000000..97edf3a03
--- /dev/null
+++ b/ombi.subfolder.conf.sample
@@ -0,0 +1,30 @@
+# first go into ombi settings, under the menu "Ombi" set the base url to /ombi and restart the ombi container
+
+location /ombi {
+    return 301 $scheme://$host/ombi/;
+}
+
+location ^~ /ombi/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_ombi ombi;
+    proxy_pass http://$upstream_ombi:3579;
+}
+
+location ^~ /ombi/swagger {
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_ombi ombi;
+    proxy_pass http://$upstream_ombi:3579;
+}
+if ($http_referer ~* /ombi) {
+    rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect;
+}
diff --git a/organizr.subdomain.conf.sample b/organizr.subdomain.conf.sample
new file mode 100644
index 000000000..ee1a71833
--- /dev/null
+++ b/organizr.subdomain.conf.sample
@@ -0,0 +1,49 @@
+# make sure that your dns has a cname set for organizr
+
+server {
+    listen 443 ssl;
+
+    server_name organizr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_organizr organizr;
+        proxy_pass http://$upstream_organizr:80;
+    }
+
+    location ~ /auth-(admin|user) {
+        # This is used for Organizr V1
+        internal;
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_organizr organizr;
+        proxy_pass http://$upstream_organizr:80/auth.php?$1;
+        proxy_set_header Content-Length "";
+    }
+
+    location ~ /auth-([0-9]+) {
+        # This is used for Organizr V2
+        internal;
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_organizr organizr;
+        proxy_pass http://$upstream_organizr:80/api/?v1/auth&group=$1;
+        proxy_set_header Content-Length "";
+    }
+}
diff --git a/organizr.subfolder.conf.sample b/organizr.subfolder.conf.sample
new file mode 100644
index 000000000..ee66a122e
--- /dev/null
+++ b/organizr.subfolder.conf.sample
@@ -0,0 +1,36 @@
+# In order to use this location block you need to edit the default file one folder up and comment out the / location
+
+location / {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_organizr organizr;
+    proxy_pass http://$upstream_organizr:80;
+}
+
+location ~ /auth-(admin|user) {
+    # This is used for Organizr V1
+    internal;
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_organizr organizr;
+    proxy_pass http://$upstream_organizr:80/auth.php?$1;
+    proxy_set_header Content-Length "";
+}
+
+location ~ /auth-([0-9]+) {
+    # This is used for Organizr V2
+    internal;
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_organizr organizr;
+    proxy_pass http://$upstream_organizr:80/api/?v1/auth&group=$1;
+    proxy_set_header Content-Length "";
+}
diff --git a/phpmyadmin.subdomain.conf.sample b/phpmyadmin.subdomain.conf.sample
new file mode 100644
index 000000000..5d9b864f2
--- /dev/null
+++ b/phpmyadmin.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for phpmyadmin and that your phpmyadmin container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name phpmyadmin.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_phpmyadmin phpmyadmin;
+        proxy_pass http://$upstream_phpmyadmin:80;
+    }
+}
diff --git a/phpmyadmin.subfolder.conf.sample b/phpmyadmin.subfolder.conf.sample
new file mode 100644
index 000000000..22e2b430f
--- /dev/null
+++ b/phpmyadmin.subfolder.conf.sample
@@ -0,0 +1,20 @@
+# phpmyadmin does not require a base url setting
+
+location /phpmyadmin {
+    return 301 $scheme://$host/phpmyadmin/;
+}
+location ^~ /phpmyadmin/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_phpmyadmin phpmyadmin;
+    rewrite /phpmyadmin(.*) $1 break;
+    proxy_pass http://$upstream_phpmyadmin:80;
+}
diff --git a/pihole.subdomain.conf.sample b/pihole.subdomain.conf.sample
new file mode 100644
index 000000000..6dfd77373
--- /dev/null
+++ b/pihole.subdomain.conf.sample
@@ -0,0 +1,44 @@
+# make sure that your dns has a cname set for pihole and that your pihole container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name pihole.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_pihole pihole;
+        proxy_pass http://$upstream_pihole:80;
+    }
+
+    location /admin {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_pihole pihole;
+        proxy_pass http://$upstream_pihole:80;
+    }
+}
diff --git a/pihole.subfolder.conf.sample b/pihole.subfolder.conf.sample
new file mode 100644
index 000000000..9ab4508ae
--- /dev/null
+++ b/pihole.subfolder.conf.sample
@@ -0,0 +1,39 @@
+# pihole does not require a base url setting
+
+location /pihole {
+    return 301 $scheme://$host/pihole/;
+}
+location ^~ /pihole/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_pihole pihole;
+    rewrite /pihole(.*) $1 break;
+    proxy_pass http://$upstream_pihole:80;
+}
+
+location /pihole/admin {
+    return 301 $scheme://$host/pihole/admin/;
+}
+location ^~ /pihole/admin/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_pihole pihole;
+    rewrite /pihole(.*) $1 break;
+    proxy_pass http://$upstream_pihole:80;
+}
diff --git a/plex.subdomain.conf.sample b/plex.subdomain.conf.sample
new file mode 100644
index 000000000..5a9b79f42
--- /dev/null
+++ b/plex.subdomain.conf.sample
@@ -0,0 +1,50 @@
+# make sure that your dns has a cname set for plex, if plex is running in bridge mode, the below config should work as is, for host mode,
+# replace the line "proxy_pass https://$upstream_plex:32400;" with "proxy_pass https://HOSTIP:32400;" HOSTIP being the IP address of plex
+# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443")
+
+server {
+    listen 443 ssl;
+
+    server_name plex.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    proxy_redirect off;
+    proxy_buffering off;
+    
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_plex plex;
+        proxy_pass http://$upstream_plex:32400;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
+        proxy_set_header X-Plex-Device $http_x_plex_device;
+        proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
+        proxy_set_header X-Plex-Platform $http_x_plex_platform;
+        proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
+        proxy_set_header X-Plex-Product $http_x_plex_product;
+        proxy_set_header X-Plex-Token $http_x_plex_token;
+        proxy_set_header X-Plex-Version $http_x_plex_version;
+        proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
+        proxy_set_header X-Plex-Provides $http_x_plex_provides;
+        proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
+        proxy_set_header X-Plex-Model $http_x_plex_model;
+    }
+}
diff --git a/plex.subfolder.conf.sample b/plex.subfolder.conf.sample
new file mode 100644
index 000000000..7648ad529
--- /dev/null
+++ b/plex.subfolder.conf.sample
@@ -0,0 +1,39 @@
+# plex does not require a base url setting
+# if plex is running in bridge mode, the below config should work as is. 
+# for host mode, replace the line "proxy_pass https://$upstream_plex:32400;" with "proxy_pass https://HOSTIP:32400;" HOSTIP being the IP address of plex
+# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://yourdomain.url/plex:443")
+
+location /plex {
+    return 301 $scheme://$host/plex/;
+}
+location ^~ /plex/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_plex plex;
+    rewrite /plex(.*) $1 break;
+    proxy_pass http://$upstream_plex:32400;
+
+    proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
+    proxy_set_header X-Plex-Device $http_x_plex_device;
+    proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
+    proxy_set_header X-Plex-Platform $http_x_plex_platform;
+    proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
+    proxy_set_header X-Plex-Product $http_x_plex_product;
+    proxy_set_header X-Plex-Token $http_x_plex_token;
+    proxy_set_header X-Plex-Version $http_x_plex_version;
+    proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
+    proxy_set_header X-Plex-Provides $http_x_plex_provides;
+    proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
+    proxy_set_header X-Plex-Model $http_x_plex_model;
+}
+if ($http_referer ~* /plex) {
+    rewrite ^/web/(.*) /plex/web/$1? redirect;
+}
diff --git a/plexwebtools.subdomain.conf.sample b/plexwebtools.subdomain.conf.sample
new file mode 100644
index 000000000..df3713a6a
--- /dev/null
+++ b/plexwebtools.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for plexwebtools and that your plexwebtools container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name plexwebtools.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_plex plex;
+        proxy_pass http://$upstream_plex:33400;
+    }
+}
diff --git a/plexwebtools.subfolder.conf.sample b/plexwebtools.subfolder.conf.sample
new file mode 100644
index 000000000..87ecfc8f9
--- /dev/null
+++ b/plexwebtools.subfolder.conf.sample
@@ -0,0 +1,19 @@
+# first go into plexwebtools settings, set the URL Base to /plexwebtools and restart the plex container
+
+location /plexwebtools {
+    return 301 $scheme://$host/plexwebtools/;
+}
+location ^~ /plexwebtools/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_plex plex;
+    proxy_pass http://$upstream_plex:33400;
+}
diff --git a/portainer.subdomain.conf.sample b/portainer.subdomain.conf.sample
new file mode 100644
index 000000000..4d82264cf
--- /dev/null
+++ b/portainer.subdomain.conf.sample
@@ -0,0 +1,49 @@
+# make sure that your dns has a cname set for portainer
+
+server {
+    listen 443 ssl;
+
+    server_name portainer.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_portainer portainer;
+        proxy_pass http://$upstream_portainer:9000;
+        proxy_set_header Connection "";
+        proxy_http_version 1.1;
+        proxy_hide_header X-Frame-Options; # Possibly nott needed after Portainer 1.20.0
+    }
+
+    location /api/websocket/ {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_portainer portainer;
+        proxy_pass http://$upstream_portainer:9000;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_http_version 1.1;
+        proxy_hide_header X-Frame-Options; # Possibly nott needed after Portainer 1.20.0
+    }
+}
diff --git a/portainer.subfolder.conf.sample b/portainer.subfolder.conf.sample
new file mode 100644
index 000000000..39ca4d640
--- /dev/null
+++ b/portainer.subfolder.conf.sample
@@ -0,0 +1,32 @@
+# portainer does not require a base url setting
+
+location /portainer {
+    return 301 $scheme://$host/portainer/;
+}
+location ^~ /portainer/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_portainer portainer;
+    rewrite /portainer(.*) $1 break;
+    proxy_pass http://$upstream_portainer:9000;
+    proxy_hide_header X-Frame-Options; # Possibly nott needed after Portainer 1.20.0
+}
+
+location ^~ /portainer/api/websocket/ {
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_portainer portainer;
+    rewrite /portainer(.*) $1 break;
+    proxy_pass http://$upstream_portainer:9000;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_hide_header X-Frame-Options; # Possibly nott needed after Portainer 1.20.0
+}
diff --git a/pydio.subdomain.conf.sample b/pydio.subdomain.conf.sample
new file mode 100644
index 000000000..14b3b4f63
--- /dev/null
+++ b/pydio.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for pydio and that your pydio container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name pydio.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_pydio pydio;
+        proxy_pass https://$upstream_pydio:443;
+    }
+}
diff --git a/radarr.subdomain.conf.sample b/radarr.subdomain.conf.sample
new file mode 100644
index 000000000..9ea505754
--- /dev/null
+++ b/radarr.subdomain.conf.sample
@@ -0,0 +1,36 @@
+# make sure that your dns has a cname set for radarr and that your radarr container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name radarr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_radarr radarr;
+        proxy_pass http://$upstream_radarr:7878;
+    }
+
+    location ~ (/radarr)?/api {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_radarr radarr;
+        proxy_pass http://$upstream_radarr:7878;
+    }
+}
diff --git a/radarr.subfolder.conf.sample b/radarr.subfolder.conf.sample
new file mode 100644
index 000000000..54ac4560d
--- /dev/null
+++ b/radarr.subfolder.conf.sample
@@ -0,0 +1,23 @@
+# first go into radarr settings, under "General" set the URL Base to /radarr and restart the radarr container
+
+location ^~ /radarr {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_radarr radarr;
+    proxy_pass http://$upstream_radarr:7878;
+}
+
+location ^~ /radarr/api {
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_radarr radarr;
+    proxy_pass http://$upstream_radarr:7878;
+}
diff --git a/rutorrent.subdomain.conf.sample b/rutorrent.subdomain.conf.sample
new file mode 100644
index 000000000..a834a12cf
--- /dev/null
+++ b/rutorrent.subdomain.conf.sample
@@ -0,0 +1,36 @@
+# make sure that your dns has a cname set for rutorrent
+
+server {
+    listen 443 ssl;
+
+    server_name rutorrent.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_rutorrent rutorrent;
+        proxy_pass http://$upstream_rutorrent:80;
+    }
+
+    location /RPC2 {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_rutorrent rutorrent;
+        proxy_pass http://$upstream_rutorrent:80;
+    }
+}
diff --git a/rutorrent.subfolder.conf.sample b/rutorrent.subfolder.conf.sample
new file mode 100644
index 000000000..ced06004b
--- /dev/null
+++ b/rutorrent.subfolder.conf.sample
@@ -0,0 +1,28 @@
+# rutorrent does not require a base url setting
+
+location /rutorrent {
+    return 301 $scheme://$host/rutorrent/;
+}
+location ^~ /rutorrent/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_rutorrent rutorrent;
+    rewrite /rutorrent(.*) $1 break;
+    proxy_pass http://$upstream_rutorrent:80;
+}
+
+location ^~ /rutorrent/RPC2 {
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_rutorrent rutorrent;
+    rewrite /rutorrent(.*) $1 break;
+    proxy_pass http://$upstream_rutorrent:80;
+}
diff --git a/sabnzbd.subdomain.conf.sample b/sabnzbd.subdomain.conf.sample
new file mode 100644
index 000000000..85bb14b73
--- /dev/null
+++ b/sabnzbd.subdomain.conf.sample
@@ -0,0 +1,36 @@
+# make sure that your dns has a cname set for sabnzbd
+
+server {
+    listen 443 ssl;
+
+    server_name sabnzbd.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_sabnzbd sabnzbd;
+        proxy_pass http://$upstream_sabnzbd:8080;
+    }
+
+    location ~ (/sabnzbd)?/api {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_sabnzbd sabnzbd;
+        proxy_pass http://$upstream_sabnzbd:8080;
+    }
+}
diff --git a/sabnzbd.subfolder.conf.sample b/sabnzbd.subfolder.conf.sample
new file mode 100644
index 000000000..8648d1208
--- /dev/null
+++ b/sabnzbd.subfolder.conf.sample
@@ -0,0 +1,23 @@
+# sabnzbd already uses the base url /sabnzbd by default so you don't need to do anything extra
+
+location ^~ /sabnzbd {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_sabnzbd sabnzbd;
+    proxy_pass http://$upstream_sabnzbd:8080;
+}
+
+location ^~ /sabnzbd/api {
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_sabnzbd sabnzbd;
+    proxy_pass http://$upstream_sabnzbd:8080;
+}
diff --git a/sickrage.subdomain.conf.sample b/sickrage.subdomain.conf.sample
new file mode 100644
index 000000000..e829b15fd
--- /dev/null
+++ b/sickrage.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for sickrage
+
+server {
+    listen 443 ssl;
+
+    server_name sickrage.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_sickrage sickrage;
+        proxy_pass http://$upstream_sickrage:8081;
+    }
+}
diff --git a/sickrage.subfolder.conf.sample b/sickrage.subfolder.conf.sample
new file mode 100644
index 000000000..44afad695
--- /dev/null
+++ b/sickrage.subfolder.conf.sample
@@ -0,0 +1,16 @@
+# first stop the sickrage container and edit the config.ini for sickrage and set web_root to /sickrage and then start the sickrage container
+
+location ^~ /sickrage {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_sickrage sickrage;
+    proxy_pass http://$upstream_sickrage:8081;
+}
diff --git a/sonarr.subdomain.conf.sample b/sonarr.subdomain.conf.sample
new file mode 100644
index 000000000..dcd854faf
--- /dev/null
+++ b/sonarr.subdomain.conf.sample
@@ -0,0 +1,36 @@
+# make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name sonarr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_sonarr sonarr;
+        proxy_pass http://$upstream_sonarr:8989;
+    }
+
+    location ~ (/sonarr)?/api {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_sonarr sonarr;
+        proxy_pass http://$upstream_sonarr:8989;
+   } 
+}
diff --git a/sonarr.subfolder.conf.sample b/sonarr.subfolder.conf.sample
new file mode 100644
index 000000000..1ef6f8ca4
--- /dev/null
+++ b/sonarr.subfolder.conf.sample
@@ -0,0 +1,23 @@
+# first go into sonarr settings, under "General" set the URL Base to /sonarr and restart the sonarr container
+
+location ^~ /sonarr {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_sonarr sonarr;
+    proxy_pass http://$upstream_sonarr:8989;
+}
+
+location ^~ /sonarr/api {
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_sonarr sonarr;
+    proxy_pass http://$upstream_sonarr:8989;
+}
diff --git a/syncthing.subdomain.conf.sample b/syncthing.subdomain.conf.sample
new file mode 100644
index 000000000..e7359b50d
--- /dev/null
+++ b/syncthing.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for syncthing and that your syncthing container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name syncthing.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_syncthing syncthing;
+        proxy_pass http://$upstream_syncthing:8384;
+    }
+}
diff --git a/tautulli.subdomain.conf.sample b/tautulli.subdomain.conf.sample
new file mode 100644
index 000000000..300561c46
--- /dev/null
+++ b/tautulli.subdomain.conf.sample
@@ -0,0 +1,36 @@
+# make sure that your dns has a cname set for tautulli and that your tautulli container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name tautulli.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_tautulli tautulli;
+        proxy_pass http://$upstream_tautulli:8181;
+    }
+
+    location ~ (/tautulli)?/api {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_tautulli tautulli;
+        proxy_pass http://$upstream_tautulli:8181;
+    }
+}
diff --git a/tautulli.subfolder.conf.sample b/tautulli.subfolder.conf.sample
new file mode 100644
index 000000000..b64cf12fc
--- /dev/null
+++ b/tautulli.subfolder.conf.sample
@@ -0,0 +1,23 @@
+# first go into tautulli settings, under "Web Interface", click on show advanced, set the HTTP root to /tautulli and restart the tautulli container
+
+location ^~ /tautulli {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_tautulli tautulli;
+    proxy_pass http://$upstream_tautulli:8181;
+}
+
+location ^~ /tautulli/api {
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_tautulli tautulli;
+    proxy_pass http://$upstream_tautulli:8181;
+}
diff --git a/thelounge.subdomain.conf.sample b/thelounge.subdomain.conf.sample
new file mode 100644
index 000000000..b2eb7d1d8
--- /dev/null
+++ b/thelounge.subdomain.conf.sample
@@ -0,0 +1,29 @@
+# make sure that your dns has a cname set for thelounge
+
+server {
+    listen 443 ssl;
+
+    server_name thelounge.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_thelounge thelounge;
+        proxy_pass http://$upstream_thelounge:9000;
+    }
+}
diff --git a/thelounge.subfolder.conf.sample b/thelounge.subfolder.conf.sample
new file mode 100644
index 000000000..bca21e48d
--- /dev/null
+++ b/thelounge.subfolder.conf.sample
@@ -0,0 +1,20 @@
+# thelounge does not require a base url setting
+
+location /thelounge {
+    return 301 $scheme://$host/thelounge/;
+}
+location ^~ /thelounge/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_thelounge thelounge;
+    rewrite /thelounge(.*) $1 break;
+    proxy_pass http://$upstream_thelounge:9000;
+}
diff --git a/transmission.subdomain.conf.sample b/transmission.subdomain.conf.sample
new file mode 100644
index 000000000..415a7d2bf
--- /dev/null
+++ b/transmission.subdomain.conf.sample
@@ -0,0 +1,36 @@
+# make sure that your dns has a cname set for transmission
+
+server {
+    listen 443 ssl;
+
+    server_name transmission.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_transmission transmission;
+        proxy_pass http://$upstream_transmission:9091;
+    }
+
+    location ~ (/transmission)?/rpc {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_transmission transmission;
+        proxy_pass http://$upstream_transmission:9091;
+    }
+}
diff --git a/transmission.subfolder.conf.sample b/transmission.subfolder.conf.sample
new file mode 100644
index 000000000..a0ebc5318
--- /dev/null
+++ b/transmission.subfolder.conf.sample
@@ -0,0 +1,23 @@
+# transmission does not require a base url setting
+
+location ^~ /transmission {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /login;
+
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_transmission transmission;
+    proxy_pass http://$upstream_transmission:9091;
+}
+
+location ^~ /transmission/rpc {
+    include /config/nginx/proxy.conf;
+    resolver 127.0.0.11 valid=30s;
+    set $upstream_transmission transmission;
+    proxy_pass http://$upstream_transmission:9091;
+}
diff --git a/unifi.subdomain.conf.sample b/unifi.subdomain.conf.sample
new file mode 100644
index 000000000..b5c7bcfe0
--- /dev/null
+++ b/unifi.subdomain.conf.sample
@@ -0,0 +1,51 @@
+# make sure that your dns has a cname set for unifi and that your unifi container is not using a base url
+
+server {
+    listen 443 ssl;
+
+    server_name unifi.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    
+    # enable for ldap auth, fill in ldap details in ldap.conf 
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_unifi unifi;
+        proxy_pass https://$upstream_unifi:8443;
+    }
+    
+    location /wss {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_unifi unifi;
+        proxy_pass https://$upstream_unifi:8443;
+        proxy_redirect off;
+        proxy_buffering off;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_ssl_verify off;
+    }
+
+}