Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #PLEX UPSTREAM FOR THE SUB DOMAIN
- upstream plex-upstream {
- server 192.168.1.34:32400;
- keepalive 32;
- }
- #ORGANIZR UPSTREAM
- upstream organizr-upstream {
- server 192.168.1.34:8282;
- keepalive 32;
- }
- #NETDATA UPSTREAM
- upstream backend {
- server 192.168.1.34:19999;
- keepalive 64;
- }
- #GRAFANA UPSTREAM
- upstream test-upstream {
- server 192.168.1.34:3000;
- keepalive 32;
- }
- #SUBSONIC UPSTREAM
- upstream stats-upstream {
- server 192.168.1.34:4040;
- keepalive 32;
- }
- # REDIRECT TRAFFIC TO https://[domain.com]
- server {
- listen 80;
- listen 443 ssl http2;
- server_name www.domain.com;
- return 301 https://domain.com$request_uri;
- }
- # MAIN SERVER BLOCK
- server {
- listen 443 ssl http2 default_server;
- server_name domain.com;
- # SSL settings
- ssl_certificate /config/keys/letsencrypt/fullchain.pem;
- ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
- ssl_dhparam /config/nginx/dhparams.pem;
- ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
- ssl_prefer_server_ciphers on;
- client_max_body_size 0;
- # Custom error pages
- error_page 400 401 402 403 404 405 /error.php?error=$status;
- # ORGANIZR CONTAINER
- location / {
- proxy_pass http://organizr-upstream;
- include /config/nginx/proxy.conf;
- }
- # PLEXPY CONTAINER
- # Do NOT check "Enable HTTP Proxy" in PlexPy
- # Oh And Domain.com/plexpy/auth is the address..
- location /plexpy/ {
- if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
- proxy_pass http://192.168.1.34:8181;
- include /config/nginx/proxy.conf;
- proxy_bind $server_addr;
- proxy_set_header X-Forwarded-Host $server_name;
- proxy_set_header X-Forwarded-Ssl on;
- }
- # RADARR CONTAINER
- location ^~ /radarr/ {
- if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
- proxy_pass http://192.168.1.34:7878/radarr/;
- add_header X-Frame-Options "SAMEORIGIN";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- # SONARR CONTAINER
- location ^~ /sonarr/ {
- if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
- proxy_pass http://192.168.1.34:8989/sonarr/;
- add_header X-Frame-Options "SAMEORIGIN";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- # JACKETT CONTAINER
- location ^~ /jackett/ {
- if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
- proxy_pass http://192.168.1.34:9117/;
- add_header X-Frame-Options "SAMEORIGIN";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- #NETDATA 301 REDIRECT
- location /netdata {
- return 301 /netdata/;
- }
- # NETDATA CONTAINER
- location ~ /netdata/(?<ndpath>.*) {
- if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Server $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_pass http://backend/$ndpath$is_args$args;
- proxy_http_version 1.1;
- proxy_pass_request_headers on;
- proxy_set_header Connection “keep-aliveâ€;
- proxy_store off;
- }
- # OMBI CONTAINER
- location ^~ /ombi {
- if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
- include /config/nginx/proxy.conf;
- proxy_pass http://192.168.1.34:3579/ombi;
- }
- }
- #PLEX SERVER
- server {
- listen 443 ssl http2;
- #listen [::]:4430 ssl http2;
- server_name plex plex.domain.com;
- location /error/ {
- alias /www/errorpages/;
- internal;
- }
- location / {
- # If a request to / comes in, 301 redirect to the main plex page,
- # but only if it doesn't contain the X-Plex-Device-Name header or query argument.
- # This fixes a bug where you get permission issues when accessing the web dashboard.
- set $test "";
- if ($http_x_plex_device_name = '') {
- set $test A;
- }
- if ($arg_X-Plex-Device-Name = '') {
- set $test "${test}B";
- }
- if ($test = AB) {
- rewrite ^/$ https://$host/web/index.html;
- }
- proxy_redirect off;
- proxy_buffering off;
- proxy_hide_header X-Frame-Options;
- # Spoof the request as coming from ourselves since otherwise Plex will block access, e.g. logging:
- # "Request came in with unrecognized domain / IP 'tv.example.com' in header Referer; treating as non-local"
- proxy_set_header Host $server_addr;
- proxy_set_header Referer $server_addr;
- proxy_set_header Origin $server_addr;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
- proxy_set_header Cookie $http_cookie;
- ## Required for Websockets
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_read_timeout 36000s; # Timeout after 10 hours
- proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
- proxy_pass http://plex-upstream;
- }
- }
- #BLOG SITE
- server {
- listen 80;
- listen 443 ssl http2;
- server_name blog.domain.com;
- root /config/www/grav/;
- index index.html index.php;
- location /error/ {
- alias /www/errorpages/;
- internal;
- }
- location / {
- try_files $uri $uri/ /index.php?_url=$uri&$query_string;
- }
- location ~ \.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- # With php7-cgi alone:
- fastcgi_pass 127.0.0.1:9000;
- # With php7-fpm:
- #fastcgi_pass unix:/var/run/php7-fpm.sock;
- fastcgi_index index.php;
- include /etc/nginx/fastcgi_params;
- }
- fastcgi_buffer_size 4K;
- fastcgi_buffers 64 4k;
- }
- #GRAFANA CONTAINER
- server {
- server_name test.domain.com;
- listen 80;
- listen 443 ssl;
- location / {
- if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
- proxy_pass http://test-upstream;
- include /config/nginx/proxy.conf;
- }
- }
- #SUBSONIC CONTAINER
- server {
- server_name stats.domain.com;
- listen 80;
- listen 443 ssl;
- # Custom error pages
- error_page 400 401 402 403 404 405 /error.php?error=$status;
- location / {
- if ($cookie_cookiePassword != "cookiepasswordhere") { return 401; }
- proxy_pass http://stats-upstream;
- include /config/nginx/proxy.conf;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement