Reverse Proxy

1. # Send all HTTP to HTTPS
2. server {
3. listen 80 default_server;
4. server_name 127.0.0.1 192.168.1.XXX DOMAIN.com www.DOMAIN.com deluge.DOMAIN.com radarr.DOMAIN.com sonarr.DOMAIN.com music.DOMAIN.com plexpy.DOMAIN.com plex.DOMAIN.com stats.DOMAIN.com comics.DOMAIN.com;
5.  
6. location / {
7. #return 301 https://$server_name$request_uri;
8. return 301 https://$host$request_uri;
9.  
10. }
11. }
12.  
13. ssl_session_cache shared:SSL:10m;
14. ssl_session_timeout 10m;
15.  
16. #####################
17. # SSL
18. #####################
19.  
20. server {
21. listen 443 ssl http2 default_server;
22. server_name DOMAIN.com www.DOMAIN.com;
23.  
24. root /var/www/html;
25. index index.php index.html index.htm index.nginx-debian.html;
26. ssl_certificate /etc/letsencrypt/live/DOMAIN.com-0002/fullchain.pem; # managed by Certbot
27. ssl_certificate_key /etc/letsencrypt/live/DOMAIN.com-0002/privkey.pem; # managed by Certbot
28.  
29. error_log /var/log/nginx/error.log notice;
30. proxy_http_version 1.1;
31. proxy_buffers 16 16k;
32. proxy_buffer_size 16k;
33.  
34. include snippets/ssl-params.conf;
35. add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
36.  
37. location ~ \.php$ {
38. include snippets/fastcgi-php.conf;
39. #try_files $uri =404;
40. #fastcgi_split_path_info ^(.+\.php)(/.+)$;
41. #fastcgi_pass unix:/var/run/php7.0-fpm.sock;
42. #fastcgi_index index.php;
43. #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
44. include fastcgi_params;
45. }
46.  
47. location / {
48. auth_basic "Restricted Content";
49. auth_basic_user_file /etc/nginx/.htpasswd;
50. #proxy_pass http://192.168.1.205$request_uri;
51. #proxy_redirect http:// https://;
52. #proxy_set_header Host $host;
53. #proxy_set_header X-Real-IP $remote_addr;
54. #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
55. #proxy_set_header X-Forwarded-Proto "https";
56. }
57.  
58. location /tfs {
59. proxy_pass http://192.168.1.205:8080/tfs;
60. proxy_set_header Host $host;
61. proxy_set_header X-Real-IP $remote_addr;
62. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
63. }
64.  
65. }
66.  
67. #####################
68. # Radar
69. #####################
70.  
71. server {
72. listen 443 ssl http2;
73. server_name 192.168.1.XXX:7878 radarr.DOMAIN.com;
74. ssl_certificate /etc/letsencrypt/live/DOMAIN.com-0002/fullchain.pem; # managed by Certbot
75. ssl_certificate_key /etc/letsencrypt/live/DOMAIN.com-0002/privkey.pem; # managed by Certbot
76. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
77.  
78. location / {
79. proxy_pass http://127.0.0.1:7878;
80. proxy_set_header Host $host;
81. proxy_set_header X-Real-IP $remote_addr;
82. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
83. }
84.  
85.  
86.  
87. }
88.  
89. #####################
90. # Sonarr
91. #####################
92.  
93. server {
94. listen 443 ssl http2;
95. server_name 192.168.1.XXX:8989 sonarr.DOMAIN.com;
96. ssl_certificate /etc/letsencrypt/live/DOMAIN.com-0002/fullchain.pem; # managed by Certbot
97. ssl_certificate_key /etc/letsencrypt/live/DOMAIN.com-0002/privkey.pem; # managed by Certbot
98. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
99.  
100. location / {
101. proxy_pass http://127.0.0.1:8989;
102. proxy_set_header Host $host;
103. proxy_set_header X-Real-IP $remote_addr;
104. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
105. }
106.  
107.  
108.  
109. }
110.  
111. #####################
112. # Plexpy
113. #####################
114.  
115. server {
116. listen 443 ssl http2;
117. server_name 192.168.1.XXX:8181 plexpy.DOMAIN.com;
118. ssl_certificate /etc/letsencrypt/live/DOMAIN.com-0002/fullchain.pem; # managed by Certbot
119. ssl_certificate_key /etc/letsencrypt/live/DOMAIN.com-0002/privkey.pem; # managed by Certbot
120. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
121.  
122. location / {
123. proxy_pass http://127.0.0.1:8181;
124. #proxy_set_header Host $host;
125. #proxy_set_header X-Real-IP $remote_addr;
126. #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
127. #proxy_set_header X-Forwarded-Host $server_name;
128. #proxy_set_header X-Forwarded-Proto $scheme;
129. #proxy_set_header X-Forwarded-Ssl on;
130. }
131. }
132.  
133. #####################
134. # Music
135. #####################
136.  
137. server {
138. listen 443 ssl http2;
139. server_name 192.168.1.XXX:4040 music.DOMAIN.com;
140. ssl_certificate /etc/letsencrypt/live/DOMAIN.com-0002/fullchain.pem; # managed by Certbot
141. ssl_certificate_key /etc/letsencrypt/live/DOMAIN.com-0002/privkey.pem; # managed by Certbot
142. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
143.  
144. location / {
145. proxy_pass http://127.0.0.1:4040/;
146. error_log /var/log/nginx/music_log.log notice;
147. proxy_set_header X-Real-IP $remote_addr;
148. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
149. proxy_set_header Host $host;
150. proxy_redirect http:// https://;
151. }
152.  
153.  
154.  
155. }
156.  
157. #####################
158. # Deluge
159. #####################
160.  
161. server {
162. listen 443 ssl http2;
163. server_name 192.168.1.XXX:8112 deluge.DOMAIN.com;
164. ssl_certificate /etc/letsencrypt/live/DOMAIN.com-0002/fullchain.pem; # managed by Certbot
165. ssl_certificate_key /etc/letsencrypt/live/DOMAIN.com-0002/privkey.pem; # managed by Certbot
166. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
167.  
168. location / {
169. proxy_pass http://192.168.1.205:8112/;
170. proxy_set_header X-Deluge-Base "/";
171. add_header X-Frame-Options SAMEORIGIN;
172. }
173.  
174.  
175.  
176. }
177.  
178. #####################
179. # Stats
180. #####################
181.  
182. server {
183. listen 443 ssl http2;
184. server_name 192.168.1.XXX:19999 stats.DOMAIN.com;
185. ssl_certificate /etc/letsencrypt/live/DOMAIN.com-0002/fullchain.pem; # managed by Certbot
186. ssl_certificate_key /etc/letsencrypt/live/DOMAIN.com-0002/privkey.pem; # managed by Certbot
187. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
188.  
189. location / {
190. error_log /var/log/nginx/stats_log.log notice;
191. auth_basic "Restricted Content";
192. auth_basic_user_file /etc/nginx/.htpasswd;
193. proxy_pass http://127.0.0.1:19999/;
194. proxy_set_header Host $host;
195. proxy_set_header X-Real-IP $remote_addr;
196. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
197. }
198.  
199.  
200.  
201. }
202.  
203. #####################
204. # Comics
205. #####################
206.  
207. server {
208. listen 443 ssl http2;
209. server_name 192.168.1.XXX:2202 comics.DOMAIN.com;
210. ssl_certificate /etc/letsencrypt/live/DOMAIN.com-0002/fullchain.pem; # managed by Certbot
211. ssl_certificate_key /etc/letsencrypt/live/DOMAIN.com-0002/privkey.pem; # managed by Certbot
212. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
213.  
214. location / {
215. #error_log /var/log/nginx/stats_log.log notice;
216. #auth_basic "Restricted Content";
217. #auth_basic_user_file /etc/nginx/.htpasswd;
218. proxy_pass http://127.0.0.1:2202/;
219. proxy_set_header Host $host;
220. proxy_set_header X-Real-IP $remote_addr;
221. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
222. }
223.  
224. location /admin {
225. rewrite ^/admin/(.*) /$1 break;
226. proxy_pass http://127.0.0.1:2022/admin;
227. #proxy_set_header Host $host;
228. #proxy_set_header X-Real-IP $remote_addr;
229. #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
230. }
231.  
232.  
233.  
234. }
235.  
236.  
237. #####################
238. # Plex
239. #####################
240.  
241. server {
242. listen 443 ssl http2;
243. server_name 192.168.1.XXX:32400 plex.DOMAIN.com;
244. send_timeout 100m;
245. resolver 8.8.4.4 8.8.8.8 valid=300s;
246. resolver_timeout 10s;
247. ssl_certificate /etc/letsencrypt/live/DOMAIN.com-0002/fullchain.pem; # managed by Certbot
248. ssl_certificate_key /etc/letsencrypt/live/DOMAIN.com-0002/privkey.pem; # managed by Certbot
249. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
250. ssl_stapling on;
251. ssl_stapling_verify on;
252.  
253. gzip on;
254. gzip_vary on;
255. gzip_min_length 1000;
256. gzip_proxied any;
257. gzip_types text/plain text/html text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
258. gzip_disable "MSIE [1-6]\.";
259.  
260. proxy_set_header Host $host;
261. proxy_set_header X-Real-IP $remote_addr;
262. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
263. proxy_set_header X-Forwarded-Proto $scheme;
264.  
265. proxy_http_version 1.1;
266. proxy_set_header Upgrade $http_upgrade;
267. proxy_set_header Connection "upgrade";
268.  
269. proxy_redirect off;
270. proxy_buffering off;
271.  
272. location / {
273. # if ($http_x_plex_device_name = '') {
274. # rewrite ^/$ http://$http_host/web/index.html;
275. # }
276. proxy_pass http://192.168.1.205:32400/;
277. }
278.  
279.  
280.  
281. }