#PLEX UPSTREAM FOR THE SUB DOMAINupstream plex-upstream {server 192.168.1.

1. #PLEX UPSTREAM FOR THE SUB DOMAIN
2. upstream plex-upstream {
3.  
4. server 192.168.1.34:32400;
5.     keepalive 32;
6. }
7.  
8. #ORGANIZR UPSTREAM
9. upstream organizr-upstream {
10.  
11. server 192.168.1.34:8282;
12.     keepalive 32;
13. }
14.  
15. #NETDATA UPSTREAM
16. upstream backend {
17. server 192.168.1.34:19999;
18. keepalive 64;
19. }
20.  
21. #GRAFANA UPSTREAM
22. upstream test-upstream {
23.  
24. server 192.168.1.34:3000;
25.     keepalive 32;
26. }
27.  
28. #SUBSONIC UPSTREAM
29. upstream stats-upstream {
30.  
31. server 192.168.1.34:4040;
32.     keepalive 32;
33. }
34.  
35. # REDIRECT TRAFFIC TO https://[domain.com]
36. server {
37.     listen 80;
38.     listen 443 ssl http2;
39.     server_name www.domain.com;
40.     return 301 https://domain.com$request_uri;
41. }
42.  
43. # MAIN SERVER BLOCK
44. server {
45.     listen 443 ssl http2 default_server;
46.     server_name domain.com;
47.        
48.     # SSL settings
49.     ssl_certificate /config/keys/letsencrypt/fullchain.pem;
50.     ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
51.     ssl_dhparam /config/nginx/dhparams.pem;
52.     ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
53.     ssl_prefer_server_ciphers on;
54.        
55.     client_max_body_size 0;
56.  
57.     # Custom error pages
58.     error_page 400 401 402 403 404 405 /error.php?error=$status;
59.    
60.     # ORGANIZR CONTAINER
61.     location / {
62.         proxy_pass http://organizr-upstream;
63.         include /config/nginx/proxy.conf;
64.     }
65.    
66.     # PLEXPY CONTAINER
67.     # Do NOT check "Enable HTTP Proxy" in PlexPy
68.     # Oh And Domain.com/plexpy/auth is the address..
69.     location /plexpy/ {
70.         if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
71.         proxy_pass http://192.168.1.34:8181;
72.         include /config/nginx/proxy.conf;
73.         proxy_bind $server_addr;
74.         proxy_set_header X-Forwarded-Host $server_name;
75.         proxy_set_header X-Forwarded-Ssl     on;
76.     }  
77.    
78.     # RADARR CONTAINER
79.     location ^~ /radarr/ {
80.         if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
81.         proxy_pass http://192.168.1.34:7878/radarr/;
82.         add_header X-Frame-Options "SAMEORIGIN";
83.         proxy_set_header Host $host;
84.         proxy_set_header X-Real-IP $remote_addr;
85.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
86.     }
87.    
88.     # SONARR CONTAINER
89.     location ^~ /sonarr/ {
90.         if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
91.         proxy_pass http://192.168.1.34:8989/sonarr/;
92.         add_header X-Frame-Options "SAMEORIGIN";
93.         proxy_set_header Host $host;
94.         proxy_set_header X-Real-IP $remote_addr;
95.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
96.     }
97.  
98.     # JACKETT CONTAINER
99.     location ^~ /jackett/ {
100.         if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
101.         proxy_pass http://192.168.1.34:9117/;
102.         add_header X-Frame-Options "SAMEORIGIN";
103.         proxy_set_header Host $host;
104.         proxy_set_header X-Real-IP $remote_addr;
105.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
106.     }  
107.    
108.     #NETDATA 301 REDIRECT
109.     location /netdata {
110.         return 301 /netdata/;
111.     }
112.    
113.     # NETDATA CONTAINER
114.     location ~ /netdata/(?<ndpath>.*) {
115.         if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
116.         proxy_set_header X-Forwarded-Host $host;
117.         proxy_set_header X-Forwarded-Server $host;
118.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
119.         proxy_pass http://backend/$ndpath$is_args$args;
120.         proxy_http_version 1.1;
121.         proxy_pass_request_headers on;
122.         proxy_set_header Connection “keep-alive”;
123.         proxy_store off;
124.     }
125.  
126.     # OMBI CONTAINER
127.     location ^~ /ombi {
128.         if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
129.         include /config/nginx/proxy.conf;
130.         proxy_pass http://192.168.1.34:3579/ombi;
131.     }
132. }
133.  
134. #PLEX SERVER
135.    server {
136.      listen 443 ssl http2;
137.      #listen [::]:4430 ssl http2;
138.      server_name plex plex.domain.com;
139.  
140.      location /error/ {
141.        alias /www/errorpages/;
142.        internal;
143.        }
144.  
145.      location / {
146.        # If a request to / comes in, 301 redirect to the main plex page,
147.        # but only if it doesn't contain the X-Plex-Device-Name header or query argument.
148.        # This fixes a bug where you get permission issues when accessing the web dashboard.
149.        set $test "";
150.  
151.        if ($http_x_plex_device_name = '') {
152.          set $test A;
153.        }
154.        if ($arg_X-Plex-Device-Name = '') {
155.          set $test "${test}B";
156.        }
157.        if ($test = AB) {
158.          rewrite ^/$ https://$host/web/index.html;
159.        }
160.  
161.        proxy_redirect off;
162.        proxy_buffering off;
163.        proxy_hide_header X-Frame-Options;
164.  
165.        # Spoof the request as coming from ourselves since otherwise Plex will block access, e.g. logging:
166.        # "Request came in with unrecognized domain / IP 'tv.example.com' in header Referer; treating as non-local"
167.        proxy_set_header        Host                      $server_addr;
168.        proxy_set_header        Referer                   $server_addr;
169.        proxy_set_header        Origin                    $server_addr;
170.  
171.        proxy_set_header        X-Real-IP                 $remote_addr;
172.        proxy_set_header        X-Forwarded-For           $proxy_add_x_forwarded_for;
173.        proxy_set_header        X-Plex-Client-Identifier  $http_x_plex_client_identifier;
174.        proxy_set_header        Cookie                    $http_cookie;
175.  
176.        ## Required for Websockets
177.        proxy_http_version      1.1;
178.        proxy_set_header        Upgrade                   $http_upgrade;
179.        proxy_set_header        Connection                "upgrade";
180.        proxy_read_timeout      36000s;                   # Timeout after 10 hours
181.  
182.        proxy_next_upstream     error timeout invalid_header http_500 http_502 http_503 http_504;
183.  
184.        proxy_pass http://plex-upstream;
185.      }
186.    }
187.  
188. #BLOG SITE
189. server {
190.         listen 80; 
191.         listen 443 ssl http2;
192.         server_name blog.domain.com;
193.  
194.       root /config/www/grav/;
195.       index index.html index.php;
196.  
197.     location /error/ {
198.         alias /www/errorpages/;
199.         internal;
200.         }
201.        
202.     location / {
203.                 try_files $uri $uri/ /index.php?_url=$uri&$query_string;
204.         }
205.  
206.     location ~ \.php$ {
207.         fastcgi_split_path_info ^(.+\.php)(/.+)$;
208.         # With php7-cgi alone:
209.         fastcgi_pass 127.0.0.1:9000;
210.         # With php7-fpm:
211.         #fastcgi_pass unix:/var/run/php7-fpm.sock;
212.         fastcgi_index index.php;
213.         include /etc/nginx/fastcgi_params;
214.     }
215.  
216.     fastcgi_buffer_size 4K;
217.     fastcgi_buffers 64 4k;
218. }
219.  
220. #GRAFANA CONTAINER
221. server {
222.     server_name  test.domain.com;
223.         listen 80;
224.         listen 443 ssl;
225.  
226.     location / {
227.         if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
228.         proxy_pass http://test-upstream;
229.         include /config/nginx/proxy.conf;
230.     }
231. }
232.  
233. #SUBSONIC CONTAINER
234. server {
235.     server_name  stats.domain.com;
236.         listen 80;
237.         listen 443 ssl;
238.        
239.         # Custom error pages
240.         error_page 400 401 402 403 404 405 /error.php?error=$status;
241.  
242.     location / {
243.         if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
244.         proxy_pass http://stats-upstream;
245.         include /config/nginx/proxy.conf;
246.     }
247. }