API tools faq
paste
Guest User

nginx.conf

a guest
Feb 14th, 2022
162
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 56.58 KB | None | 0 0
raw download clone embed print report
  1. nginx: the configuration file /config/nginx/nginx.conf syntax is ok
  2. nginx: configuration file /config/nginx/nginx.conf test is successful
  3. # configuration file /config/nginx/nginx.conf:
  4. ## Version 2020/10/04 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf
  5.  
  6. user abc;
  7. worker_processes 4;
  8. pid /run/nginx.pid;
  9. include /etc/nginx/modules/*.conf;
  10.  
  11. events {
  12.         worker_connections 768;
  13.         # multi_accept on;
  14. }
  15.  
  16. http {
  17.  
  18.         ##
  19.         # Basic Settings
  20.         ##
  21.  
  22.         client_body_buffer_size 128k;
  23.         client_max_body_size 0;
  24.         keepalive_timeout 65;
  25.         large_client_header_buffers 4 16k;
  26.         send_timeout 5m;
  27.         sendfile on;
  28.         tcp_nodelay on;
  29.         tcp_nopush on;
  30.         types_hash_max_size 2048;
  31.         variables_hash_max_size 2048;
  32.  
  33.         # server_tokens off;
  34.         # server_names_hash_bucket_size 64;
  35.         # server_name_in_redirect off;
  36.  
  37.         include /etc/nginx/mime.types;
  38.         default_type application/octet-stream;
  39.  
  40.         ##
  41.         # Logging Settings
  42.         ##
  43.  
  44.         access_log /config/log/nginx/access.log;
  45.         error_log /config/log/nginx/error.log;
  46.  
  47.         ##
  48.         # Gzip Settings
  49.         ##
  50.  
  51.         gzip on;
  52.         gzip_disable "msie6";
  53.  
  54.         # gzip_vary on;
  55.         # gzip_proxied any;
  56.         # gzip_comp_level 6;
  57.         # gzip_buffers 16 8k;
  58.         # gzip_http_version 1.1;
  59.         # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
  60.  
  61.         ##
  62.         # nginx-naxsi config
  63.         ##
  64.         # Uncomment it if you installed nginx-naxsi
  65.         ##
  66.  
  67.         #include /etc/nginx/naxsi_core.rules;
  68.  
  69.         ##
  70.         # nginx-passenger config
  71.         ##
  72.         # Uncomment it if you installed nginx-passenger
  73.         ##
  74.  
  75.         #passenger_root /usr;
  76.         #passenger_ruby /usr/bin/ruby;
  77.  
  78.         ##
  79.         # WebSocket proxying
  80.         ##
  81.         map $http_upgrade $connection_upgrade {
  82.                 default upgrade;
  83.                 ''      close;
  84.         }
  85.  
  86.         ##
  87.         # Virtual Host Configs
  88.         ##
  89.         include /etc/nginx/conf.d/*.conf;
  90.         include /config/nginx/site-confs/*;
  91.         #Removed lua. Do not remove this comment
  92.  
  93.         ##
  94.         # Geoip2 config
  95.         ##
  96.         # Uncomment to add the Geoip2 configs needed to geo block countries/cities.
  97.         ##
  98.  
  99.         #include /config/nginx/geoip2.conf;
  100. }
  101.  
  102.  
  103. #mail {
  104. #       # See sample authentication script at:
  105. #       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
  106. #
  107. #       # auth_http localhost/auth.php;
  108. #       # pop3_capabilities "TOP" "USER";
  109. #       # imap_capabilities "IMAP4rev1" "UIDPLUS";
  110. #
  111. #       server {
  112. #               listen     localhost:110;
  113. #               protocol   pop3;
  114. #               proxy      on;
  115. #       }
  116. #
  117. #       server {
  118. #               listen     localhost:143;
  119. #               protocol   imap;
  120. #               proxy      on;
  121. #       }
  122. #}
  123. daemon off;
  124.  
  125. # configuration file /etc/nginx/modules/10_devel_kit.conf:
  126. load_module "modules/ndk_http_module.so";
  127.  
  128. # configuration file /etc/nginx/modules/10_http_brotli.conf:
  129. load_module "modules/ngx_http_brotli_filter_module.so";
  130. load_module "modules/ngx_http_brotli_static_module.so";
  131.  
  132. # configuration file /etc/nginx/modules/10_http_dav_ext.conf:
  133. load_module "modules/ngx_http_dav_ext_module.so";
  134.  
  135. # configuration file /etc/nginx/modules/10_http_echo.conf:
  136. load_module "modules/ngx_http_echo_module.so";
  137.  
  138. # configuration file /etc/nginx/modules/10_http_fancyindex.conf:
  139. load_module "modules/ngx_http_fancyindex_module.so";
  140.  
  141. # configuration file /etc/nginx/modules/10_http_geoip2.conf:
  142. load_module "modules/ngx_http_geoip2_module.so";
  143.  
  144. # configuration file /etc/nginx/modules/10_http_headers_more.conf:
  145. load_module "modules/ngx_http_headers_more_filter_module.so";
  146.  
  147. # configuration file /etc/nginx/modules/10_http_image_filter.conf:
  148. load_module "modules/ngx_http_image_filter_module.so";
  149.  
  150. # configuration file /etc/nginx/modules/10_http_nchan.conf:
  151. load_module "modules/ngx_nchan_module.so";
  152.  
  153. # configuration file /etc/nginx/modules/10_http_perl.conf:
  154. load_module "modules/ngx_http_perl_module.so";
  155.  
  156. # configuration file /etc/nginx/modules/10_http_redis2.conf:
  157. load_module "modules/ngx_http_redis2_module.so";
  158.  
  159. # configuration file /etc/nginx/modules/10_http_upload_progress.conf:
  160. load_module "modules/ngx_http_uploadprogress_module.so";
  161.  
  162. # configuration file /etc/nginx/modules/10_http_xslt_filter.conf:
  163. load_module "modules/ngx_http_xslt_filter_module.so";
  164.  
  165. # configuration file /etc/nginx/modules/10_mail.conf:
  166. load_module "modules/ngx_mail_module.so";
  167.  
  168. # configuration file /etc/nginx/modules/10_rtmp.conf:
  169. load_module "modules/ngx_rtmp_module.so";
  170.  
  171. # configuration file /etc/nginx/modules/10_stream.conf:
  172. load_module "modules/ngx_stream_module.so";
  173.  
  174. # configuration file /etc/nginx/modules/20_http_set_misc.conf:
  175. load_module "modules/ngx_http_set_misc_module.so";
  176.  
  177. # configuration file /etc/nginx/modules/20_stream_geoip2.conf:
  178. load_module "modules/ngx_stream_geoip2_module.so";
  179.  
  180. # configuration file /etc/nginx/mime.types:
  181.  
  182. types {
  183.     text/html                                        html htm shtml;
  184.     text/css                                         css;
  185.     text/xml                                         xml;
  186.     image/gif                                        gif;
  187.     image/jpeg                                       jpeg jpg;
  188.     application/javascript                           js;
  189.     application/atom+xml                             atom;
  190.     application/rss+xml                              rss;
  191.  
  192.     text/mathml                                      mml;
  193.     text/plain                                       txt;
  194.     text/vnd.sun.j2me.app-descriptor                 jad;
  195.     text/vnd.wap.wml                                 wml;
  196.     text/x-component                                 htc;
  197.  
  198.     image/png                                        png;
  199.     image/svg+xml                                    svg svgz;
  200.     image/tiff                                       tif tiff;
  201.     image/vnd.wap.wbmp                               wbmp;
  202.     image/webp                                       webp;
  203.     image/x-icon                                     ico;
  204.     image/x-jng                                      jng;
  205.     image/x-ms-bmp                                   bmp;
  206.  
  207.     font/woff                                        woff;
  208.     font/woff2                                       woff2;
  209.  
  210.     application/java-archive                         jar war ear;
  211.     application/json                                 json;
  212.     application/mac-binhex40                         hqx;
  213.     application/msword                               doc;
  214.     application/pdf                                  pdf;
  215.     application/postscript                           ps eps ai;
  216.     application/rtf                                  rtf;
  217.     application/vnd.apple.mpegurl                    m3u8;
  218.     application/vnd.google-earth.kml+xml             kml;
  219.     application/vnd.google-earth.kmz                 kmz;
  220.     application/vnd.ms-excel                         xls;
  221.     application/vnd.ms-fontobject                    eot;
  222.     application/vnd.ms-powerpoint                    ppt;
  223.     application/vnd.oasis.opendocument.graphics      odg;
  224.     application/vnd.oasis.opendocument.presentation  odp;
  225.     application/vnd.oasis.opendocument.spreadsheet   ods;
  226.     application/vnd.oasis.opendocument.text          odt;
  227.     application/vnd.openxmlformats-officedocument.presentationml.presentation
  228.                                                      pptx;
  229.     application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
  230.                                                      xlsx;
  231.     application/vnd.openxmlformats-officedocument.wordprocessingml.document
  232.                                                      docx;
  233.     application/vnd.wap.wmlc                         wmlc;
  234.     application/x-7z-compressed                      7z;
  235.     application/x-cocoa                              cco;
  236.     application/x-java-archive-diff                  jardiff;
  237.     application/x-java-jnlp-file                     jnlp;
  238.     application/x-makeself                           run;
  239.     application/x-perl                               pl pm;
  240.     application/x-pilot                              prc pdb;
  241.     application/x-rar-compressed                     rar;
  242.     application/x-redhat-package-manager             rpm;
  243.     application/x-sea                                sea;
  244.     application/x-shockwave-flash                    swf;
  245.     application/x-stuffit                            sit;
  246.     application/x-tcl                                tcl tk;
  247.     application/x-x509-ca-cert                       der pem crt;
  248.     application/x-xpinstall                          xpi;
  249.     application/xhtml+xml                            xhtml;
  250.     application/xspf+xml                             xspf;
  251.     application/zip                                  zip;
  252.  
  253.     application/octet-stream                         bin exe dll;
  254.     application/octet-stream                         deb;
  255.     application/octet-stream                         dmg;
  256.     application/octet-stream                         iso img;
  257.     application/octet-stream                         msi msp msm;
  258.  
  259.     audio/midi                                       mid midi kar;
  260.     audio/mpeg                                       mp3;
  261.     audio/ogg                                        ogg;
  262.     audio/x-m4a                                      m4a;
  263.     audio/x-realaudio                                ra;
  264.  
  265.     video/3gpp                                       3gpp 3gp;
  266.     video/mp2t                                       ts;
  267.     video/mp4                                        mp4;
  268.     video/mpeg                                       mpeg mpg;
  269.     video/quicktime                                  mov;
  270.     video/webm                                       webm;
  271.     video/x-flv                                      flv;
  272.     video/x-m4v                                      m4v;
  273.     video/x-mng                                      mng;
  274.     video/x-ms-asf                                   asx asf;
  275.     video/x-ms-wmv                                   wmv;
  276.     video/x-msvideo                                  avi;
  277. }
  278.  
  279. # configuration file /config/nginx/site-confs/default:
  280. ## Version 2020/05/23 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/default
  281.  
  282. # redirect all traffic to https
  283. server {
  284.         listen 80 default_server;
  285.         listen [::]:80 default_server;
  286.         server_name _;
  287.         return 301 https://$host$request_uri;
  288. }
  289.  
  290. # main server block
  291. server {
  292.         listen 443 ssl http2 default_server;
  293.         listen [::]:443 ssl http2 default_server;
  294.  
  295.         root /config/www;
  296.         index index.html index.htm index.php;
  297.  
  298.         server_name _;
  299.  
  300.         # enable subfolder method reverse proxy confs
  301.         include /config/nginx/proxy-confs/*.subfolder.conf;
  302.  
  303.         # all ssl related config moved to ssl.conf
  304.         include /config/nginx/ssl.conf;
  305.  
  306.         # enable for ldap auth
  307.         #include /config/nginx/ldap.conf;
  308.  
  309.         # enable for Authelia
  310.         #include /config/nginx/authelia-server.conf;
  311.  
  312.         # enable for geo blocking
  313.         # See /config/nginx/geoip2.conf for more information.
  314.         #if ($allowed_country = no) {
  315.         #return 444;
  316.         #}
  317.  
  318.         client_max_body_size 0;
  319.  
  320.         location / {
  321.                 try_files $uri $uri/ /index.html /index.php?$args =404;
  322.         }
  323.  
  324.         location ~ \.php$ {
  325.                 fastcgi_split_path_info ^(.+\.php)(/.+)$;
  326.                 fastcgi_pass 127.0.0.1:9000;
  327.                 fastcgi_index index.php;
  328.                 include /etc/nginx/fastcgi_params;
  329.         }
  330.         }
  331. server {
  332.         listen 443 ssl;
  333.         listen [::]:443 ssl;
  334.         server_name exampleABC.com; #change this to your subdomain
  335.         #include /config/nginx/ssl.conf;
  336.         client_max_body_size 0;
  337.         location / {
  338.         #include /config/nginx/proxy.conf;
  339.         resolver 127.0.0.11 valid=30s;
  340.         #set $upstream_app 192.168.0.10;
  341.         #set $upstream_port 443;
  342.         #set $upstream_proto https;
  343.         #proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  344.         proxy_pass https://192.168.0.10:443;
  345.         proxy_max_temp_file_size 2048m;
  346.        }
  347.  
  348.  
  349. # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
  350. # notice this is within the same server block as the base
  351. # don't forget to generate the .htpasswd file as described on docker hub
  352. #       location ^~ /cp {
  353. #               auth_basic "Restricted";
  354. #               auth_basic_user_file /config/nginx/.htpasswd;
  355. #               include /config/nginx/proxy.conf;
  356. #               proxy_pass http://192.168.1.50:5050/cp;
  357. #       }
  358.  
  359. }
  360.  
  361. # sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
  362. # notice this is a new server block, you need a new server block for each subdomain
  363. #server {
  364. #       listen 443 ssl http2;
  365. #       listen [::]:443 ssl http2;
  366. #
  367. #       root /config/www;
  368. #       index index.html index.htm index.php;
  369. #
  370. #       server_name cp.*;
  371. #
  372. #       include /config/nginx/ssl.conf;
  373. #
  374. #       client_max_body_size 0;
  375. #
  376. #       location / {
  377. #               auth_basic "Restricted";
  378. #               auth_basic_user_file /config/nginx/.htpasswd;
  379. #               include /config/nginx/proxy.conf;
  380. #               proxy_pass http://192.168.1.50:5050;
  381. #       }
  382. #}
  383.  
  384. # sample reverse proxy config for "heimdall" via subdomain, with ldap authentication
  385. # ldap-auth container has to be running and the /config/nginx/ldap.conf file should be filled with ldap info
  386. # notice this is a new server block, you need a new server block for each subdomain
  387. #server {
  388. #       listen 443 ssl http2;
  389. #       listen [::]:443 ssl http2;
  390. #
  391. #       root /config/www;
  392. #       index index.html index.htm index.php;
  393. #
  394. #       server_name heimdall.*;
  395. #
  396. #       include /config/nginx/ssl.conf;
  397. #
  398. #       include /config/nginx/ldap.conf;
  399. #
  400. #       client_max_body_size 0;
  401. #
  402. #       location / {
  403. #               # the next two lines will enable ldap auth along with the included ldap.conf in the server block
  404. #               auth_request /auth;
  405. #               error_page 401 =200 /ldaplogin;
  406. #
  407. #               include /config/nginx/proxy.conf;
  408. #               resolver 127.0.0.11 valid=30s;
  409. #               set $upstream_app heimdall;
  410. #               set $upstream_port 443;
  411. #               set $upstream_proto https;
  412. #               proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  413. #       }
  414. #}
  415.  
  416. # sample reverse proxy config for "heimdall" via subdomain, with Authelia
  417. # Authelia container has to be running in the same user defined bridge network, with container name "authelia", and with 'path: "authelia"' set in its configuration.yml
  418. # notice this is a new server block, you need a new server block for each subdomain
  419. #server {
  420. #       listen 443 ssl http2;
  421. #       listen [::]:443 ssl http2;
  422. #
  423. #       root /config/www;
  424. #       index index.html index.htm index.php;
  425. #
  426. #       server_name heimdall.*;
  427. #
  428. #       include /config/nginx/ssl.conf;
  429. #
  430. #       include /config/nginx/authelia-server.conf;
  431. #
  432. #       client_max_body_size 0;
  433. #
  434. #       location / {
  435. #               # the next line will enable Authelia along with the included authelia-server.conf in the server block
  436. #               include /config/nginx/authelia-location.conf;
  437. #
  438. #               include /config/nginx/proxy.conf;
  439. #               resolver 127.0.0.11 valid=30s;
  440. #               set $upstream_app heimdall;
  441. #               set $upstream_port 443;
  442. #               set $upstream_proto https;
  443. #               proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  444. #       }
  445. #}
  446.  
  447. # enable subdomain method reverse proxy confs
  448. include /config/nginx/proxy-confs/*.subdomain.conf;
  449. # enable proxy cache for auth
  450. proxy_cache_path cache/ keys_zone=auth_cache:10m;
  451.  
  452. # configuration file /config/nginx/ssl.conf:
  453. ## Version 2020/10/29 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ssl.conf
  454.  
  455. ### Mozilla Recommendations
  456. # generated 2020-06-17, Mozilla Guideline v5.4, nginx 1.18.0-r0, OpenSSL 1.1.1g-r0, intermediate configuration
  457. # https://ssl-config.mozilla.org/#server=nginx&version=1.18.0-r0&config=intermediate&openssl=1.1.1g-r0&guideline=5.4
  458.  
  459. ssl_session_timeout 1d;
  460. ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
  461. ssl_session_tickets off;
  462.  
  463. # intermediate configuration
  464. ssl_protocols TLSv1.2 TLSv1.3;
  465. ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  466. ssl_prefer_server_ciphers off;
  467.  
  468. # OCSP stapling
  469. ssl_stapling on;
  470. ssl_stapling_verify on;
  471.  
  472.  
  473. ### Linuxserver.io Defaults
  474.  
  475. # Certificates
  476. ssl_certificate /config/keys/letsencrypt/fullchain.pem;
  477. ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
  478. # verify chain of trust of OCSP response using Root CA and Intermediate certs
  479. ssl_trusted_certificate /config/keys/letsencrypt/fullchain.pem;
  480.  
  481. # Diffie-Hellman Parameters
  482. ssl_dhparam /config/nginx/dhparams.pem;
  483.  
  484. # Resolver
  485. resolver 127.0.0.11 valid=30s; # Docker DNS Server
  486.  
  487. # Enable TLS 1.3 early data
  488. ssl_early_data on;
  489.  
  490. # HSTS, remove # from the line below to enable HSTS
  491. #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
  492.  
  493. # Optional additional headers
  494. #add_header Cache-Control "no-transform" always;
  495. #add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'";
  496. #add_header Referrer-Policy "same-origin" always;
  497. #add_header X-Content-Type-Options "nosniff" always;
  498. #add_header X-Frame-Options "SAMEORIGIN" always;
  499. #add_header X-UA-Compatible "IE=Edge" always;
  500. #add_header X-XSS-Protection "1; mode=block" always;
  501.  
  502. # configuration file /etc/nginx/fastcgi_params:
  503.  
  504. fastcgi_param  QUERY_STRING       $query_string;
  505. fastcgi_param  REQUEST_METHOD     $request_method;
  506. fastcgi_param  CONTENT_TYPE       $content_type;
  507. fastcgi_param  CONTENT_LENGTH     $content_length;
  508.  
  509. fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
  510. fastcgi_param  REQUEST_URI        $request_uri;
  511. fastcgi_param  DOCUMENT_URI       $document_uri;
  512. fastcgi_param  DOCUMENT_ROOT      $document_root;
  513. fastcgi_param  SERVER_PROTOCOL    $server_protocol;
  514. fastcgi_param  REQUEST_SCHEME     $scheme;
  515. fastcgi_param  HTTPS              $https if_not_empty;
  516.  
  517. fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
  518. fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
  519.  
  520. fastcgi_param  REMOTE_ADDR        $remote_addr;
  521. fastcgi_param  REMOTE_PORT        $remote_port;
  522. fastcgi_param  SERVER_ADDR        $server_addr;
  523. fastcgi_param  SERVER_PORT        $server_port;
  524. fastcgi_param  SERVER_NAME        $server_name;
  525.  
  526. # PHP only, required if PHP was built with --enable-force-cgi-redirect
  527. fastcgi_param  REDIRECT_STATUS    200;
  528. fastcgi_param  HTTP_PROXY         ""; # https://httpoxy.org/
  529. fastcgi_param  PATH_INFO          $fastcgi_path_info; # http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_split_path_info
  530. fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name; # https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/#connecting-nginx-to-php-fpm
  531.  
  532. # configuration file /config/nginx/proxy-confs/OMV.subdomain.conf:
  533. server {
  534.         listen 443 ssl;
  535.         #add_header Strict-Transport-Security "max-age=15552000" always;
  536.     add_header Referrer-Policy no-referrer;
  537.     add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
  538.         #add_header X-Frame-Options SAMEORIGIN always;
  539.     #add_header X-Content-Type-Options nosniff always;
  540.     #add_header X-XSS-Protection "1; mode=block" always;
  541.  
  542.         root /config/www;
  543.         index index.html index.htm index.php;
  544.  
  545.         server_name exampleXYZ.com;
  546.  
  547.         include /config/nginx/ssl.conf;
  548.  
  549.         client_max_body_size 0;
  550.  
  551.         location / {
  552.                 include /config/nginx/proxy.conf;
  553.                 proxy_redirect http:// https://;
  554.                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  555.                 proxy_set_header Upgrade $http_upgrade;
  556.                 proxy_set_header Connection "upgrade";
  557.                 proxy_pass http://192.168.0.211:80;
  558.         }
  559. }
  560. # configuration file /config/nginx/proxy.conf:
  561. ## Version 2020/10/04 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf
  562.  
  563. # Timeout if the real server is dead
  564. proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
  565.  
  566. # Proxy Connection Settings
  567. proxy_buffers 32 4k;
  568. proxy_connect_timeout 240;
  569. proxy_headers_hash_bucket_size 128;
  570. proxy_headers_hash_max_size 1024;
  571. proxy_http_version 1.1;
  572. proxy_read_timeout 240;
  573. proxy_redirect  http://  $scheme://;
  574. proxy_send_timeout 240;
  575.  
  576. # Proxy Cache and Cookie Settings
  577. proxy_cache_bypass $cookie_session;
  578. #proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
  579. proxy_no_cache $cookie_session;
  580.  
  581. # Proxy Header Settings
  582. proxy_set_header Connection $connection_upgrade;
  583. proxy_set_header Early-Data $ssl_early_data;
  584. proxy_set_header Host $host;
  585. proxy_set_header Upgrade $http_upgrade;
  586. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  587. proxy_set_header X-Forwarded-Host $host;
  588. proxy_set_header X-Forwarded-Proto https;
  589. proxy_set_header X-Forwarded-Ssl on;
  590. proxy_set_header X-Real-IP $remote_addr;
  591.  
  592. # configuration file /config/nginx/proxy-confs/airsonic.subdomain.conf:
  593. ## Version 2020/12/09
  594. # make sure that your dns has a cname set for airsonic and that your airsonic container is not using a base url
  595. # add `server.use-forward-headers=true` to `/config/application.properties` to ensure logs contain real source IP
  596.  
  597. server {
  598.     listen 443 ssl;
  599.     listen [::]:443 ssl;
  600.  
  601.     server_name airsonic.*;
  602.  
  603.     include /config/nginx/ssl.conf;
  604.  
  605.     client_max_body_size 0;
  606.  
  607.     # enable for ldap auth, fill in ldap details in ldap.conf
  608.     #include /config/nginx/ldap.conf;
  609.  
  610.     # enable for Authelia
  611.     #include /config/nginx/authelia-server.conf;
  612.  
  613.     location / {
  614.         # enable the next two lines for http auth
  615.         #auth_basic "Restricted";
  616.         #auth_basic_user_file /config/nginx/.htpasswd;
  617.  
  618.         # enable the next two lines for ldap auth
  619.         #auth_request /auth;
  620.         #error_page 401 =200 /ldaplogin;
  621.  
  622.         # enable for Authelia
  623.         #include /config/nginx/authelia-location.conf;
  624.  
  625.         include /config/nginx/proxy.conf;
  626.         resolver 127.0.0.11 valid=30s;
  627.         set $upstream_app 192.168.0.211;
  628.         set $upstream_port 4040;
  629.         set $upstream_proto http;
  630.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  631.  
  632.     }
  633. }
  634.  
  635. # configuration file /config/nginx/proxy-confs/bitwarden.subdomain.conf:
  636. ## Version 2020/12/09
  637. # make sure that your dns has a cname set for bitwarden and that your bitwarden container is not using a base url
  638. # make sure your bitwarden container is named "bitwarden"
  639. # set the environment variable WEBSOCKET_ENABLED=true on your bitwarden container
  640.  
  641. server {
  642.     listen 443 ssl;
  643.     listen [::]:443 ssl;
  644.  
  645.     server_name bitwarden.*;
  646.  
  647.     include /config/nginx/ssl.conf;
  648.  
  649.     client_max_body_size 128M;
  650.  
  651.     # enable for ldap auth, fill in ldap details in ldap.conf
  652.     #include /config/nginx/ldap.conf;
  653.  
  654.     # enable for Authelia
  655.     #include /config/nginx/authelia-server.conf;
  656.  
  657.     location / {
  658.         # enable the next two lines for http auth
  659.         #auth_basic "Restricted";
  660.         #auth_basic_user_file /config/nginx/.htpasswd;
  661.  
  662.         # enable the next two lines for ldap auth
  663.         #auth_request /auth;
  664.         #error_page 401 =200 /ldaplogin;
  665.  
  666.         # enable for Authelia
  667.         #include /config/nginx/authelia-location.conf;
  668.  
  669.         include /config/nginx/proxy.conf;
  670.         resolver 127.0.0.11 valid=30s;
  671.         #set $upstream_app bitwarden;
  672.                 set $upstream_app 192.168.0.206;
  673.         set $upstream_port 8013;
  674.         set $upstream_proto http;
  675.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  676.  
  677.     }
  678.  
  679.     location /admin {
  680.         # enable the next two lines for http auth
  681.         #auth_basic "Restricted";
  682.         #auth_basic_user_file /config/nginx/.htpasswd;
  683.  
  684.         # enable the next two lines for ldap auth
  685.         #auth_request /auth;
  686.         #error_page 401 =200 /ldaplogin;
  687.  
  688.         # enable for Authelia
  689.         #include /config/nginx/authelia-location.conf;
  690.  
  691.         include /config/nginx/proxy.conf;
  692.         resolver 127.0.0.11 valid=30s;
  693.         #set $upstream_app bitwarden;
  694.                 set $upstream_app 192.168.0.206;
  695.         set $upstream_port 8013;
  696.         set $upstream_proto http;
  697.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  698.  
  699.     }
  700.  
  701.     location /notifications/hub {
  702.         include /config/nginx/proxy.conf;
  703.         resolver 127.0.0.11 valid=30s;
  704.         #set $upstream_app bitwarden;
  705.                 set $upstream_app 192.168.0.206;
  706.         set $upstream_port 3012;
  707.         set $upstream_proto http;
  708.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  709.  
  710.     }
  711.  
  712.     location /notifications/hub/negotiate {
  713.         include /config/nginx/proxy.conf;
  714.         resolver 127.0.0.11 valid=30s;
  715.         #set $upstream_app bitwarden;
  716.                 set $upstream_app 192.168.0.206;
  717.         set $upstream_port 8013;
  718.         set $upstream_proto http;
  719.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  720.  
  721.     }
  722. }
  723.  
  724. # configuration file /config/nginx/proxy-confs/deluge.subdomain.conf:
  725. ## Version 2020/12/09
  726. # make sure that your dns has a cname set for deluge and that your deluge container is not using a base url
  727.  
  728. server {
  729.     listen 443 ssl;
  730.     listen [::]:443 ssl;
  731.  
  732.     server_name deluge.*;
  733.  
  734.     include /config/nginx/ssl.conf;
  735.  
  736.     client_max_body_size 0;
  737.  
  738.     # enable for ldap auth, fill in ldap details in ldap.conf
  739.     #include /config/nginx/ldap.conf;
  740.  
  741.     # enable for Authelia
  742.     #include /config/nginx/authelia-server.conf;
  743.  
  744.     location / {
  745.         # enable the next two lines for http auth
  746.         #auth_basic "Restricted";
  747.         #auth_basic_user_file /config/nginx/.htpasswd;
  748.  
  749.         # enable the next two lines for ldap auth
  750.         #auth_request /auth;
  751.         #error_page 401 =200 /ldaplogin;
  752.  
  753.         # enable for Authelia
  754.         #include /config/nginx/authelia-location.conf;
  755.  
  756.         include /config/nginx/proxy.conf;
  757.         resolver 127.0.0.11 valid=30s;
  758.         #set $upstream_app deluge;
  759.                 set $upstream_app 192.168.0.206;
  760.         set $upstream_port 8112;
  761.         set $upstream_proto http;
  762.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  763.  
  764.     }
  765. }
  766.  
  767. # configuration file /config/nginx/proxy-confs/emby.subdomain.conf:
  768. ## Version 2020/12/09
  769. # make sure that your dns has a cname set for emby and that your emby container is not using a base url
  770. # if emby is running in bridge mode and the container is named "emby", the below config should work as is
  771. # if not, replace the line "set $upstream_app emby;" with "set $upstream_app <containername>;"
  772. # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of emby
  773. # in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url,
  774. # and set the "Secure connection mode" to "Handled by reverse proxy"
  775.  
  776. server {
  777.     listen 443 ssl;
  778.     listen [::]:443 ssl;
  779.  
  780.     server_name embyflixprime.*;
  781.  
  782.     include /config/nginx/ssl.conf;
  783.  
  784.     client_max_body_size 0;
  785.  
  786.     location / {
  787.         include /config/nginx/proxy.conf;
  788.         resolver 127.0.0.11 valid=30s;
  789.         set $upstream_app 192.168.0.211;
  790.         set $upstream_port 8096;
  791.         set $upstream_proto http;
  792.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  793.  
  794.         proxy_set_header Range $http_range;
  795.         proxy_set_header If-Range $http_if_range;
  796.     }
  797. }
  798.  
  799. # configuration file /config/nginx/proxy-confs/haydentnextcloud.subdomain.conf:
  800. ## Version 2021/05/18
  801. # make sure that your dns has a cname set for nextcloud
  802. # assuming this container is called "swag", edit your nextcloud container's config
  803. # located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
  804. #  'trusted_proxies' => ['swag'],
  805. #  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
  806. #  'overwritehost' => 'nextcloud.your-domain.com',
  807. #  'overwriteprotocol' => 'https',
  808. #
  809. # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
  810. #  array (
  811. #    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
  812. #    1 => 'nextcloud.your-domain.com',
  813. #  ),
  814.  
  815. server {
  816.     listen 443 ssl;
  817.     listen [::]:443 ssl;
  818.  
  819.     server_name exampleABC.com.*;
  820.  
  821.     include /config/nginx/ssl.conf;
  822.  
  823.     client_max_body_size 0;
  824.  
  825.     location / {
  826.         include /config/nginx/proxy.conf;
  827.         include /config/nginx/resolver.conf;
  828.         #set $upstream_app nextcloud;
  829.         set $upstream_app 192.168.0.10;
  830.         set $upstream_port 443;
  831.         set $upstream_proto https;
  832.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  833.  
  834.         proxy_max_temp_file_size 2048m;
  835.     }
  836. }
  837.  
  838. # configuration file /config/nginx/resolver.conf:
  839. # This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.
  840.  
  841. resolver 8.8.8.8  valid=30s;
  842.  
  843. # configuration file /config/nginx/proxy-confs/lazylibrarian.subdomain.conf:
  844. ## Version 2020/12/09
  845. # make sure that your dns has a cname set for lazylibrarian
  846.  
  847. server {
  848.     listen 443 ssl;
  849.     listen [::]:443 ssl;
  850.  
  851.     server_name lazylibrarian.*;
  852.  
  853.     include /config/nginx/ssl.conf;
  854.  
  855.     client_max_body_size 0;
  856.  
  857.     # enable for ldap auth, fill in ldap details in ldap.conf
  858.     #include /config/nginx/ldap.conf;
  859.  
  860.     # enable for Authelia
  861.     #include /config/nginx/authelia-server.conf;
  862.  
  863.     location / {
  864.         # enable the next two lines for http auth
  865.         #auth_basic "Restricted";
  866.         #auth_basic_user_file /config/nginx/.htpasswd;
  867.  
  868.         # enable the next two lines for ldap auth
  869.         #auth_request /auth;
  870.         #error_page 401 =200 /ldaplogin;
  871.  
  872.         # enable for Authelia
  873.         #include /config/nginx/authelia-location.conf;
  874.  
  875.         include /config/nginx/proxy.conf;
  876.         resolver 127.0.0.11 valid=30s;
  877.         #set $upstream_app lazylibrarian;
  878.                 set $upstream_app 192.168.0.206;
  879.         set $upstream_port 42087;
  880.         set $upstream_proto http;
  881.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  882.  
  883.     }
  884. }
  885.  
  886. # configuration file /config/nginx/proxy-confs/lidarr.subdomain.conf:
  887. ## Version 2020/12/09
  888. # make sure that your dns has a cname set for lidarr and that your lidarr container is not using a base url
  889.  
  890. server {
  891.     listen 443 ssl;
  892.     listen [::]:443 ssl;
  893.  
  894.     server_name lidarr.*;
  895.  
  896.     include /config/nginx/ssl.conf;
  897.  
  898.     client_max_body_size 0;
  899.  
  900.     # enable for ldap auth, fill in ldap details in ldap.conf
  901.     #include /config/nginx/ldap.conf;
  902.  
  903.     # enable for Authelia
  904.     #include /config/nginx/authelia-server.conf;
  905.  
  906.     location / {
  907.         # enable the next two lines for http auth
  908.         #auth_basic "Restricted";
  909.         #auth_basic_user_file /config/nginx/.htpasswd;
  910.  
  911.         # enable the next two lines for ldap auth
  912.         #auth_request /auth;
  913.         #error_page 401 =200 /ldaplogin;
  914.  
  915.         # enable for Authelia
  916.         #include /config/nginx/authelia-location.conf;
  917.  
  918.         include /config/nginx/proxy.conf;
  919.         resolver 127.0.0.11 valid=30s;
  920.         #set $upstream_app lidarr;
  921.                 set $upstream_app 192.168.0.206;
  922.         set $upstream_port 42084;
  923.         set $upstream_proto http;
  924.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  925.  
  926.     }
  927.  
  928.     location ~ (/lidarr)?/api {
  929.         include /config/nginx/proxy.conf;
  930.         resolver 127.0.0.11 valid=30s;
  931.         #set $upstream_app lidarr;
  932.                 set $upstream_app 192.168.0.206;
  933.         set $upstream_port 42084;
  934.         set $upstream_proto http;
  935.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  936.  
  937.     }
  938. }
  939.  
  940. # configuration file /config/nginx/proxy-confs/mylar.subdomain.conf:
  941. ## Version 2020/12/09
  942. # make sure that your dns has a cname set for mylar
  943.  
  944. server {
  945.     listen 443 ssl;
  946.     listen [::]:443 ssl;
  947.  
  948.     server_name mylar.*;
  949.  
  950.     include /config/nginx/ssl.conf;
  951.  
  952.     client_max_body_size 0;
  953.  
  954.     # enable for ldap auth, fill in ldap details in ldap.conf
  955.     #include /config/nginx/ldap.conf;
  956.  
  957.     # enable for Authelia
  958.     #include /config/nginx/authelia-server.conf;
  959.  
  960.     location / {
  961.         # enable the next two lines for http auth
  962.         #auth_basic "Restricted";
  963.         #auth_basic_user_file /config/nginx/.htpasswd;
  964.  
  965.         # enable the next two lines for ldap auth
  966.         #auth_request /auth;
  967.         #error_page 401 =200 /ldaplogin;
  968.  
  969.         # enable for Authelia
  970.         #include /config/nginx/authelia-location.conf;
  971.  
  972.         include /config/nginx/proxy.conf;
  973.         resolver 127.0.0.11 valid=30s;
  974.         #set $upstream_app mylar;
  975.                 set $upstream_app 192.168.0.206;
  976.         set $upstream_port 42086;
  977.         set $upstream_proto http;
  978.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  979.  
  980.     }
  981. }
  982.  
  983. # configuration file /config/nginx/proxy-confs/nextcloud.subdomain.conf:
  984. ## Version 2020/12/09
  985. # make sure that your dns has a cname set for nextcloud
  986. # assuming this container is called "swag", edit your nextcloud container's config
  987. # located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
  988. #  'trusted_proxies' => ['swag'],
  989. #  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
  990. #  'overwritehost' => 'nextcloud.your-domain.com',
  991. #  'overwriteprotocol' => 'https',
  992. #
  993. # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
  994. #  array (
  995. #    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
  996. #    1 => 'nextcloud.your-domain.com',
  997. #  ),
  998.  
  999. server {
  1000.     listen 443 ssl;
  1001.     listen [::]:443 ssl;
  1002.  
  1003.     server_name nextcloud.*;
  1004.  
  1005.     include /config/nginx/ssl.conf;
  1006.  
  1007.     client_max_body_size 0;
  1008.  
  1009.     location / {
  1010.         include /config/nginx/proxy.conf;
  1011.         resolver 127.0.0.11 valid=30s;
  1012.         #set $upstream_app nextcloud;
  1013.                 set $upstream_app 192.168.0.206;
  1014.         set $upstream_port 444;
  1015.         set $upstream_proto https;
  1016.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1017.  
  1018.         proxy_max_temp_file_size 2048m;
  1019.     }
  1020. }
  1021.  
  1022. # configuration file /config/nginx/proxy-confs/nzbget.subdomain.conf:
  1023. ## Version 2020/12/09
  1024. # make sure that your dns has a cname set for nzbget
  1025.  
  1026. server {
  1027.     listen 443 ssl;
  1028.     listen [::]:443 ssl;
  1029.  
  1030.     server_name nzbget.*;
  1031.  
  1032.     include /config/nginx/ssl.conf;
  1033.  
  1034.     client_max_body_size 0;
  1035.  
  1036.     # enable for ldap auth, fill in ldap details in ldap.conf
  1037.     #include /config/nginx/ldap.conf;
  1038.  
  1039.     # enable for Authelia
  1040.     #include /config/nginx/authelia-server.conf;
  1041.  
  1042.     location / {
  1043.         # enable the next two lines for http auth
  1044.         #auth_basic "Restricted";
  1045.         #auth_basic_user_file /config/nginx/.htpasswd;
  1046.  
  1047.         # enable the next two lines for ldap auth
  1048.         #auth_request /auth;
  1049.         #error_page 401 =200 /ldaplogin;
  1050.  
  1051.         # enable for Authelia
  1052.         #include /config/nginx/authelia-location.conf;
  1053.  
  1054.         include /config/nginx/proxy.conf;
  1055.         resolver 127.0.0.11 valid=30s;
  1056.         #set $upstream_app nzbget;
  1057.                 set $upstream_app 192.168.0.206;
  1058.         set $upstream_port 42081;
  1059.         set $upstream_proto http;
  1060.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1061.  
  1062.     }
  1063.  
  1064.     location ~ (/nzbget)?(/[^\/:]*:[^\/:]*)?/jsonrpc {
  1065.         include /config/nginx/proxy.conf;
  1066.         resolver 127.0.0.11 valid=30s;
  1067.         #set $upstream_app nzbget;
  1068.                 set $upstream_app 192.168.0.206;
  1069.         set $upstream_port 42081;
  1070.         set $upstream_proto http;
  1071.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1072.  
  1073.     }
  1074.  
  1075.     location ~ (/nzbget)?(/[^\/:]*:[^\/]*)?/jsonprpc {
  1076.         include /config/nginx/proxy.conf;
  1077.         resolver 127.0.0.11 valid=30s;
  1078.         #set $upstream_app nzbget;
  1079.                 set $upstream_app 192.168.0.206;
  1080.         set $upstream_port 42081;
  1081.         set $upstream_proto http;
  1082.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1083.  
  1084.     }
  1085.  
  1086.     location ~ (/nzbget)?(/[^\/:]*:[^\/]*)?/xmlrpc {
  1087.         include /config/nginx/proxy.conf;
  1088.         resolver 127.0.0.11 valid=30s;
  1089.         #set $upstream_app nzbget;
  1090.                 set $upstream_app 192.168.0.206;
  1091.         set $upstream_port 42081;
  1092.         set $upstream_proto http;
  1093.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1094.  
  1095.     }
  1096. }
  1097.  
  1098. # configuration file /config/nginx/proxy-confs/nzbhydra.subdomain.conf:
  1099. ## Version 2020/12/09
  1100. # make sure that your dns has a cname set for nzbhydra and that your nzbhydra container is not using a base url
  1101.  
  1102. server {
  1103.     listen 443 ssl;
  1104.     listen [::]:443 ssl;
  1105.  
  1106.     server_name nzbhydra.*;
  1107.  
  1108.     include /config/nginx/ssl.conf;
  1109.  
  1110.     client_max_body_size 0;
  1111.  
  1112.     # enable for ldap auth, fill in ldap details in ldap.conf
  1113.     #include /config/nginx/ldap.conf;
  1114.  
  1115.     # enable for Authelia
  1116.     #include /config/nginx/authelia-server.conf;
  1117.  
  1118.     location / {
  1119.         # enable the next two lines for http auth
  1120.         #auth_basic "Restricted";
  1121.         #auth_basic_user_file /config/nginx/.htpasswd;
  1122.  
  1123.         # enable the next two lines for ldap auth
  1124.         #auth_request /auth;
  1125.         #error_page 401 =200 /ldaplogin;
  1126.  
  1127.         # enable for Authelia
  1128.         #include /config/nginx/authelia-location.conf;
  1129.  
  1130.         include /config/nginx/proxy.conf;
  1131.         resolver 127.0.0.11 valid=30s;
  1132.         #set $upstream_app nzbhydra2;
  1133.                 set $upstream_app 192.168.0.206;
  1134.         set $upstream_port 42085;
  1135.         set $upstream_proto http;
  1136.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1137.  
  1138.     }
  1139.  
  1140.     location ~ (/nzbhydra)?/api {
  1141.         include /config/nginx/proxy.conf;
  1142.         resolver 127.0.0.11 valid=30s;
  1143.         #set $upstream_app nzbhydra2;
  1144.                 set $upstream_app 192.168.0.206;
  1145.         set $upstream_port 42085;
  1146.         set $upstream_proto http;
  1147.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1148.  
  1149.     }
  1150.  
  1151.     location ~ (/nzbhydra)?/getnzb {
  1152.         include /config/nginx/proxy.conf;
  1153.         resolver 127.0.0.11 valid=30s;
  1154.         #set $upstream_app nzbhydra2;
  1155.                 set $upstream_app 192.168.0.206;
  1156.         set $upstream_port 42085;
  1157.         set $upstream_proto http;
  1158.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1159.  
  1160.     }
  1161.  
  1162.     location ~ (/nzbhydra)?/gettorrent {
  1163.         include /config/nginx/proxy.conf;
  1164.         resolver 127.0.0.11 valid=30s;
  1165.         #set $upstream_app nzbhydra2;
  1166.                 set $upstream_app 192.168.0.206;
  1167.         set $upstream_port 42085;
  1168.         set $upstream_proto http;
  1169.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1170.  
  1171.     }
  1172.  
  1173.     location ~ (/nzbhydra)?/rss {
  1174.         include /config/nginx/proxy.conf;
  1175.         resolver 127.0.0.11 valid=30s;
  1176.         #set $upstream_app nzbhydra2;
  1177.                 set $upstream_app 192.168.0.206;
  1178.         set $upstream_port 42085;
  1179.         set $upstream_proto http;
  1180.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1181.  
  1182.     }
  1183.  
  1184.     location ~ (/nzbhydra)?/torznab/api {
  1185.         include /config/nginx/proxy.conf;
  1186.         resolver 127.0.0.11 valid=30s;
  1187.         #set $upstream_app nzbhydra2;
  1188.                 set $upstream_app 192.168.0.206;
  1189.         set $upstream_port 42085;
  1190.         set $upstream_proto http;
  1191.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1192.  
  1193.     }
  1194. }
  1195.  
  1196. # configuration file /config/nginx/proxy-confs/ombi.subdomain.conf:
  1197. ## Version 2020/12/09
  1198. # make sure that your dns has a cname set for ombi and that your ombi container is not using a base url
  1199.  
  1200. server {
  1201.     listen 443 ssl;
  1202.     listen [::]:443 ssl;
  1203.  
  1204.     server_name ombi.*;
  1205.  
  1206.     include /config/nginx/ssl.conf;
  1207.  
  1208.     client_max_body_size 0;
  1209.  
  1210.     # enable for ldap auth, fill in ldap details in ldap.conf
  1211.     #include /config/nginx/ldap.conf;
  1212.  
  1213.     # enable for Authelia
  1214.     #include /config/nginx/authelia-server.conf;
  1215.  
  1216.     location / {
  1217.         # enable the next two lines for http auth
  1218.         #auth_basic "Restricted";
  1219.         #auth_basic_user_file /config/nginx/.htpasswd;
  1220.  
  1221.         # enable the next two lines for ldap auth
  1222.         #auth_request /auth;
  1223.         #error_page 401 =200 /ldaplogin;
  1224.  
  1225.         # enable for Authelia
  1226.         #include /config/nginx/authelia-location.conf;
  1227.  
  1228.         include /config/nginx/proxy.conf;
  1229.         resolver 127.0.0.11 valid=30s;
  1230.         set $upstream_app 192.168.0.211;
  1231.         set $upstream_port 3579;
  1232.         set $upstream_proto http;
  1233.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1234.  
  1235.     }
  1236.  
  1237.     # This allows access to the actual api
  1238.     location ~ (/ombi)?/api {
  1239.         include /config/nginx/proxy.conf;
  1240.         resolver 127.0.0.11 valid=30s;
  1241.         set $upstream_app 192.168.0.211;
  1242.         set $upstream_port 3579;
  1243.         set $upstream_proto http;
  1244.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1245.  
  1246.    }
  1247.  
  1248.     # This allows access to the documentation for the api
  1249.     location ~ (/ombi)?/swagger {
  1250.         include /config/nginx/proxy.conf;
  1251.         resolver 127.0.0.11 valid=30s;
  1252.         set $upstream_app 192.168.0.211;
  1253.         set $upstream_port 3579;
  1254.         set $upstream_proto http;
  1255.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1256.  
  1257.    }
  1258.  
  1259.    if ($http_referer ~* /ombi) {
  1260.        rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect;
  1261.    }
  1262. }
  1263.  
  1264. # configuration file /config/nginx/proxy-confs/overseerr.subdomain.conf:
  1265. ## Version 2021/05/18
  1266. # Ensure your DNS has a CNAME set for Overseerr and that Overseerr container is not using a base URL.
  1267.  
  1268. server {
  1269.     listen 443 ssl;
  1270.     listen [::]:443 ssl;
  1271.  
  1272.     server_name overseerr.*;
  1273.  
  1274.     include /config/nginx/ssl.conf;
  1275.  
  1276.     client_max_body_size 0;
  1277.  
  1278.     location / {
  1279.  
  1280.         include /config/nginx/proxy.conf;
  1281.         include /config/nginx/resolver.conf;
  1282.         #set $upstream_app overseerr;
  1283.         set $upstream_app 192.168.0.211;
  1284.         set $upstream_port 5055;
  1285.         set $upstream_proto http;
  1286.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1287.  
  1288.     }
  1289.  
  1290.  
  1291. }
  1292.  
  1293. # configuration file /config/nginx/proxy-confs/plex.subdomain.conf:
  1294. ## Version 2020/12/09
  1295. # make sure that your dns has a cname set for plex
  1296. # if plex is running in bridge mode and the container is named "plex", the below config should work as is
  1297. # if not, replace the line "set $upstream_app plex;" with "set $upstream_app <containername>;"
  1298. # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of plex
  1299. # in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443")
  1300.  
  1301. server {
  1302.     listen 443 ssl;
  1303.     listen [::]:443 ssl;
  1304.  
  1305.     server_name plexflixprime.*;
  1306.  
  1307.     include /config/nginx/ssl.conf;
  1308.  
  1309.     client_max_body_size 0;
  1310.     proxy_redirect off;
  1311.     proxy_buffering off;
  1312.  
  1313.     # enable for ldap auth, fill in ldap details in ldap.conf
  1314.     #include /config/nginx/ldap.conf;
  1315.  
  1316.     # enable for Authelia
  1317.     #include /config/nginx/authelia-server.conf;
  1318.     location / {
  1319.         # enable the next two lines for http auth
  1320.         #auth_basic "Restricted";
  1321.         #auth_basic_user_file /config/nginx/.htpasswd;
  1322.  
  1323.         # enable the next two lines for ldap auth
  1324.         #auth_request /auth;
  1325.         #error_page 401 =200 /ldaplogin;
  1326.  
  1327.         # enable for Authelia
  1328.         #include /config/nginx/authelia-location.conf;
  1329.  
  1330.         include /config/nginx/proxy.conf;
  1331.         resolver 127.0.0.11 valid=30s;
  1332.         #set $upstream_app plex;
  1333.                 set $upstream_app 192.168.0.211;
  1334.         set $upstream_port 32400;
  1335.         set $upstream_proto http;
  1336.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1337.  
  1338.         proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
  1339.         proxy_set_header X-Plex-Device $http_x_plex_device;
  1340.         proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
  1341.         proxy_set_header X-Plex-Platform $http_x_plex_platform;
  1342.         proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
  1343.         proxy_set_header X-Plex-Product $http_x_plex_product;
  1344.         proxy_set_header X-Plex-Token $http_x_plex_token;
  1345.         proxy_set_header X-Plex-Version $http_x_plex_version;
  1346.         proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
  1347.         proxy_set_header X-Plex-Provides $http_x_plex_provides;
  1348.         proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
  1349.         proxy_set_header X-Plex-Model $http_x_plex_model;
  1350.     }
  1351. }
  1352.  
  1353. # configuration file /config/nginx/proxy-confs/prowlarr.subdomain.conf:
  1354. ## Version 2021/05/28
  1355. # make sure that your dns has a cname set for prowlarr and that your prowlarr container is not using a base url
  1356.  
  1357. server {
  1358.     listen 443 ssl;
  1359.     listen [::]:443 ssl;
  1360.  
  1361.     server_name prowlarr.*;
  1362.  
  1363.     include /config/nginx/ssl.conf;
  1364.  
  1365.     client_max_body_size 0;
  1366.  
  1367.     # enable for ldap auth, fill in ldap details in ldap.conf
  1368.     #include /config/nginx/ldap.conf;
  1369.  
  1370.     # enable for Authelia
  1371.     #include /config/nginx/authelia-server.conf;
  1372.  
  1373.     location / {
  1374.         # enable the next two lines for http auth
  1375.         #auth_basic "Restricted";
  1376.         #auth_basic_user_file /config/nginx/.htpasswd;
  1377.  
  1378.         # enable the next two lines for ldap auth
  1379.         #auth_request /auth;
  1380.         #error_page 401 =200 /ldaplogin;
  1381.  
  1382.         # enable for Authelia
  1383.         #include /config/nginx/authelia-location.conf;
  1384.  
  1385.         include /config/nginx/proxy.conf;
  1386.         include /config/nginx/resolver.conf;
  1387.         #set $upstream_app prowlarr;
  1388.         set $upstream_app 192.168.0.206;
  1389.         set $upstream_port 9696;
  1390.         set $upstream_proto http;
  1391.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1392.     }
  1393.  
  1394.     location ~ (/prowlarr)?(/[0-9]+)?/api {
  1395.         include /config/nginx/proxy.conf;
  1396.         include /config/nginx/resolver.conf;
  1397.         #set $upstream_app prowlarr;
  1398.         set $upstream_app 192.168.0.206;
  1399.         set $upstream_port 9696;
  1400.         set $upstream_proto http;
  1401.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1402.     }
  1403.  
  1404. }
  1405.  
  1406. # configuration file /config/nginx/proxy-confs/radarr.subdomain.conf:
  1407. ## Version 2020/12/09
  1408. # make sure that your dns has a cname set for radarr and that your radarr container is not using a base url
  1409.  
  1410. server {
  1411.     listen 443 ssl;
  1412.     listen [::]:443 ssl;
  1413.  
  1414.     server_name radarr.*;
  1415.  
  1416.     include /config/nginx/ssl.conf;
  1417.  
  1418.     client_max_body_size 0;
  1419.  
  1420.     # enable for ldap auth, fill in ldap details in ldap.conf
  1421.     #include /config/nginx/ldap.conf;
  1422.  
  1423.     # enable for Authelia
  1424.     #include /config/nginx/authelia-server.conf;
  1425.  
  1426.     location / {
  1427.         # enable the next two lines for http auth
  1428.         #auth_basic "Restricted";
  1429.         #auth_basic_user_file /config/nginx/.htpasswd;
  1430.  
  1431.         # enable the next two lines for ldap auth
  1432.         #auth_request /auth;
  1433.         #error_page 401 =200 /ldaplogin;
  1434.  
  1435.         # enable for Authelia
  1436.         #include /config/nginx/authelia-location.conf;
  1437.  
  1438.         include /config/nginx/proxy.conf;
  1439.         resolver 127.0.0.11 valid=30s;
  1440.         #set $upstream_app radarr;
  1441.                 set $upstream_app 192.168.0.206;
  1442.         set $upstream_port 42083;
  1443.         set $upstream_proto http;
  1444.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1445.  
  1446.     }
  1447.  
  1448.     location ~ (/radarr)?/api {
  1449.         include /config/nginx/proxy.conf;
  1450.         resolver 127.0.0.11 valid=30s;
  1451.         #set $upstream_app radarr;
  1452.                 set $upstream_app 192.168.0.206;
  1453.         set $upstream_port 42083;
  1454.         set $upstream_proto http;
  1455.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1456.  
  1457.     }
  1458. }
  1459.  
  1460. # configuration file /config/nginx/proxy-confs/readarr.subdomain.conf:
  1461. ## Version 2021/05/28
  1462. # make sure that your dns has a cname set for readarr and that your readarr container is not using a base url
  1463.  
  1464. server {
  1465.     listen 443 ssl;
  1466.     listen [::]:443 ssl;
  1467.  
  1468.     server_name readarr.*;
  1469.  
  1470.     include /config/nginx/ssl.conf;
  1471.  
  1472.     client_max_body_size 0;
  1473.  
  1474.     # enable for ldap auth, fill in ldap details in ldap.conf
  1475.     #include /config/nginx/ldap.conf;
  1476.  
  1477.     # enable for Authelia
  1478.     #include /config/nginx/authelia-server.conf;
  1479.  
  1480.     location / {
  1481.         # enable the next two lines for http auth
  1482.         #auth_basic "Restricted";
  1483.         #auth_basic_user_file /config/nginx/.htpasswd;
  1484.  
  1485.         # enable the next two lines for ldap auth
  1486.         #auth_request /auth;
  1487.         #error_page 401 =200 /ldaplogin;
  1488.  
  1489.         # enable for Authelia
  1490.         #include /config/nginx/authelia-location.conf;
  1491.  
  1492.         include /config/nginx/proxy.conf;
  1493.         include /config/nginx/resolver.conf;
  1494.         #set $upstream_app readarr;
  1495.         set $upstream_app 192.168.0.206;
  1496.         set $upstream_port 8787;
  1497.         set $upstream_proto http;
  1498.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1499.  
  1500.     }
  1501.  
  1502.     location ~ (/readarr)?/api {
  1503.         include /config/nginx/proxy.conf;
  1504.         include /config/nginx/resolver.conf;
  1505.         #set $upstream_app readarr;
  1506.         set $upstream_app 192.168.0.206;
  1507.         set $upstream_port 8787;
  1508.         set $upstream_proto http;
  1509.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1510.  
  1511.     }
  1512. }
  1513.  
  1514. # configuration file /config/nginx/proxy-confs/sabnzbd.subdomain.conf:
  1515. ## Version 2020/12/09
  1516. # make sure that your dns has a cname set for sabnzbd
  1517. # edit the sabnzbd.ini host_whitelist to avoid hostname verification issues. This format:
  1518. # host_whitelist = sabnzbd.domain.com, www.sabnzbd.domain.com
  1519.  
  1520. server {
  1521.     listen 443 ssl;
  1522.     listen [::]:443 ssl;
  1523.  
  1524.     server_name sabnzbd.*;
  1525.  
  1526.     include /config/nginx/ssl.conf;
  1527.  
  1528.     client_max_body_size 0;
  1529.  
  1530.     # enable for ldap auth, fill in ldap details in ldap.conf
  1531.     #include /config/nginx/ldap.conf;
  1532.  
  1533.     # enable for Authelia
  1534.     #include /config/nginx/authelia-server.conf;
  1535.  
  1536.     location / {
  1537.         # enable the next two lines for http auth
  1538.         #auth_basic "Restricted";
  1539.         #auth_basic_user_file /config/nginx/.htpasswd;
  1540.  
  1541.         # enable the next two lines for ldap auth
  1542.         #auth_request /auth;
  1543.         #error_page 401 =200 /ldaplogin;
  1544.  
  1545.         # enable for Authelia
  1546.         #include /config/nginx/authelia-location.conf;
  1547.  
  1548.         include /config/nginx/proxy.conf;
  1549.         resolver 127.0.0.11 valid=30s;
  1550.         #set $upstream_app sabnzbd;
  1551.                 set $upstream_app 192.168.0.206;
  1552.         set $upstream_port 42080;
  1553.         set $upstream_proto http;
  1554.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1555.  
  1556.     }
  1557.  
  1558.     location ~ (/sabnzbd)?/api {
  1559.         include /config/nginx/proxy.conf;
  1560.         resolver 127.0.0.11 valid=30s;
  1561.         #set $upstream_app sabnzbd;
  1562.                 set $upstream_app 192.168.0.206;
  1563.         set $upstream_port 42080;
  1564.         set $upstream_proto http;
  1565.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1566.  
  1567.     }
  1568. }
  1569.  
  1570. # configuration file /config/nginx/proxy-confs/sonarr.subdomain.conf:
  1571. ## Version 2020/12/09
  1572. # make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url
  1573.  
  1574. server {
  1575.     listen 443 ssl;
  1576.     listen [::]:443 ssl;
  1577.  
  1578.     server_name sonarr.*;
  1579.  
  1580.     include /config/nginx/ssl.conf;
  1581.  
  1582.     client_max_body_size 0;
  1583.  
  1584.     # enable for ldap auth, fill in ldap details in ldap.conf
  1585.     #include /config/nginx/ldap.conf;
  1586.  
  1587.     # enable for Authelia
  1588.     #include /config/nginx/authelia-server.conf;
  1589.  
  1590.     location / {
  1591.         # enable the next two lines for http auth
  1592.         #auth_basic "Restricted";
  1593.         #auth_basic_user_file /config/nginx/.htpasswd;
  1594.  
  1595.         # enable the next two lines for ldap auth
  1596.         #auth_request /auth;
  1597.         #error_page 401 =200 /ldaplogin;
  1598.  
  1599.         # enable for Authelia
  1600.         #include /config/nginx/authelia-location.conf;
  1601.  
  1602.         include /config/nginx/proxy.conf;
  1603.         resolver 127.0.0.11 valid=30s;
  1604.         #set $upstream_app sonarr;
  1605.                 set $upstream_app 192.168.0.206;
  1606.         set $upstream_port 42082;
  1607.         set $upstream_proto http;
  1608.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1609.  
  1610.     }
  1611.  
  1612.     location ~ (/sonarr)?/api {
  1613.         include /config/nginx/proxy.conf;
  1614.         resolver 127.0.0.11 valid=30s;
  1615.         #set $upstream_app sonarr;
  1616.                 set $upstream_app 192.168.0.206;
  1617.         set $upstream_port 42082;
  1618.         set $upstream_proto http;
  1619.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1620.  
  1621.    }
  1622. }
  1623.  
  1624. # configuration file /config/nginx/proxy-confs/tautulli.subdomain.conf:
  1625. ## Version 2020/12/09
  1626. # make sure that your dns has a cname set for tautulli and that your tautulli container is not using a base url
  1627.  
  1628. server {
  1629.     listen 443 ssl;
  1630.     listen [::]:443 ssl;
  1631.  
  1632.     server_name tautulli.*;
  1633.  
  1634.     include /config/nginx/ssl.conf;
  1635.  
  1636.     client_max_body_size 0;
  1637.  
  1638.     # enable for ldap auth, fill in ldap details in ldap.conf
  1639.     #include /config/nginx/ldap.conf;
  1640.  
  1641.     # enable for Authelia
  1642.     #include /config/nginx/authelia-server.conf;
  1643.  
  1644.     location / {
  1645.         # enable the next two lines for http auth
  1646.         #auth_basic "Restricted";
  1647.         #auth_basic_user_file /config/nginx/.htpasswd;
  1648.  
  1649.         # enable the next two lines for ldap auth
  1650.         #auth_request /auth;
  1651.         #error_page 401 =200 /ldaplogin;
  1652.  
  1653.         # enable for Authelia
  1654.         #include /config/nginx/authelia-location.conf;
  1655.  
  1656.         include /config/nginx/proxy.conf;
  1657.         resolver 127.0.0.11 valid=30s;
  1658.         set $upstream_app 192.168.0.211;
  1659.         set $upstream_port 8181;
  1660.         set $upstream_proto http;
  1661.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1662.  
  1663.     }
  1664.  
  1665.     location ~ (/tautulli)?/api {
  1666.         include /config/nginx/proxy.conf;
  1667.         resolver 127.0.0.11 valid=30s;
  1668.         set $upstream_app 192.168.0.211;
  1669.         set $upstream_port 8181;
  1670.         set $upstream_proto http;
  1671.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1672.  
  1673.     }
  1674.  
  1675.     location ~ (/tautulli)?/newsletter {
  1676.         include /config/nginx/proxy.conf;
  1677.         resolver 127.0.0.11 valid=30s;
  1678.         set $upstream_app 192.168.0.211;
  1679.         set $upstream_port 8181;
  1680.         set $upstream_proto http;
  1681.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1682.  
  1683.     }
  1684.  
  1685.     location ~ (/tautulli)?/image {
  1686.         include /config/nginx/proxy.conf;
  1687.         resolver 127.0.0.11 valid=30s;
  1688.         set $upstream_app 192.168.0.211;
  1689.         set $upstream_port 8181;
  1690.         set $upstream_proto http;
  1691.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1692.  
  1693.     }
  1694.  
  1695. }
  1696.  
  1697. # configuration file /config/nginx/proxy-confs/unifi-controller.subdomain.conf:
  1698. ## Version 2020/12/09
  1699. # make sure that your dns has a cname set for unifi and that your unifi-controller container is not using a base url
  1700. # NOTE: If you use the proxy_cookie_path setting in proxy.conf you need to remove HTTPOnly;
  1701. # ex: proxy_cookie_path / "/; Secure";
  1702.  
  1703. server {
  1704.     listen 443 ssl;
  1705.     listen [::]:443 ssl;
  1706.  
  1707.     server_name unifi.*;
  1708.  
  1709.     include /config/nginx/ssl.conf;
  1710.  
  1711.     client_max_body_size 0;
  1712.  
  1713.     # enable for ldap auth, fill in ldap details in ldap.conf
  1714.     #include /config/nginx/ldap.conf;
  1715.  
  1716.     # enable for Authelia
  1717.     #include /config/nginx/authelia-server.conf;
  1718.  
  1719.     location / {
  1720.         # enable the next two lines for http auth
  1721.         #auth_basic "Restricted";
  1722.         #auth_basic_user_file /config/nginx/.htpasswd;
  1723.  
  1724.         # enable the next two lines for ldap auth
  1725.         #auth_request /auth;
  1726.         #error_page 401 =200 /ldaplogin;
  1727.  
  1728.         # enable for Authelia
  1729.         #include /config/nginx/authelia-location.conf;
  1730.  
  1731.         include /config/nginx/proxy.conf;
  1732.         resolver 127.0.0.11 valid=30s;
  1733.         #set $upstream_app unifi-controller;
  1734.                 set $upstream_app 192.168.0.205;
  1735.         set $upstream_port 8443;
  1736.         set $upstream_proto https;
  1737.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  1738.  
  1739.         proxy_buffering off;
  1740.     }
  1741. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!