Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server {
- access_log /var/log/nginx/access.log;
- # access_log off;
- error_log /var/log/nginx/error.log;
- # error_log off;
- error_page 401 /error/401/index.html;
- error_page 403 /error/403/index.html;
- error_page 404 /error/404/index.html;
- error_page 502 /error/502/index.html;error_page 500 /error/500/index.html;
- location ^~ /error/ {
- auth_basic off;
- internal;
- }
- auth_basic "OpenFLIXR Login";
- auth_basic_user_file /etc/nginx/.htpasswd;
- location ~ ^/(status|ping)$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_index index.php;
- }
- location ~ /.well-known {
- allow all;
- }
- listen 80;
- #listen 443 ssl http2; #ssl port config
- server_name openflixr; #donotremove_domainname
- # SSL + hardening
- #ssl_certificate /etc/letsencrypt/live//fullchain.pem; #donotremove_certificatepath
- #ssl_certificate_key /etc/letsencrypt/live//privkey.pem; #donotremove_certificatekeypath
- ssl_session_timeout 10m;
- ssl_session_cache shared:SSL:10m;
- ssl_buffer_size 64k;
- ssl_session_tickets off;
- ssl_dhparam /etc/nginx/dhparam.pem;
- ssl_protocols TLSv1.2;
- ssl_ecdh_curve secp384r1;
- ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384';
- ssl_prefer_server_ciphers on;
- ssl_stapling on;
- ssl_stapling_verify on;
- ssl_trusted_certificate /etc/letsencrypt/live//fullchain.pem; #donotremove_trustedcertificatepath
- server_tokens off;
- add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex";
- add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
- add_header X-Content-Type-Options "nosniff" always;
- add_header X-Frame-Options "SAMEORIGIN" always;
- #add_header X-XSS-Protection "1; mode=block";
- #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https:; img-src 'self' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; frame-src 'self' https:; object-src 'none';"; #donotremove_contentsecuritypolicy
- location = / { #gravopenflixr
- auth_basic off; #gravopenflixr
- return 301 /openflixr; #gravopenflixr
- } #gravopenflixr
- location /openflixr { add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex"; add_header Strict-Transport-Security "max-age=31536000;includeSubDomains" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1;mode=block";expires 1y;add_header Cache-Control "public";
- auth_basic off;
- index index.html;
- root /usr/share/nginx/html;
- }
- location / {
- auth_basic off;
- index index.php;
- root /usr/share/nginx/html;
- try_files $uri $uri/ /index.php?_url=$uri&$query_string;
- location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
- location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
- location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
- location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
- }
- location ~ \.php$ {
- auth_basic off;
- fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
- }
- location /spotweb {
- index index.php;
- root /usr/share/nginx/html;
- }
- if ($uri !~ "api/"){
- rewrite /api/?$ /spotweb/index.php?page=newznabapi last;
- }
- location ~ /spotweb/.+\.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_index index.php;
- }
- location /pihole {
- index index.php;
- root /usr/share/nginx/html;
- }
- location ~ /pihole/.+\.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_index index.php;
- }
- location /phpmyadmin {
- auth_basic off;
- index index.php
- root /usr/share/phpmyadmin;
- }
- location ~ /phpmyadmin/.+\.php$ {
- auth_basic off;
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_index index.php;
- }
- location /headphones {
- proxy_pass http://127.0.0.1:8181;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /web {
- auth_basic off;
- proxy_pass http://127.0.0.1:32400;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /plex {
- auth_basic off;
- proxy_pass http://127.0.0.1/web;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /htpc {
- proxy_pass http://127.0.0.1:8085;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /sabnzbd {
- proxy_pass http://127.0.0.1:8080;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /couchpotato {
- proxy_pass http://127.0.0.1:5050;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /sickrage {
- proxy_pass http://127.0.0.1:8081;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /plexpy {
- proxy_pass http://127.0.0.1:8989;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /comics {
- proxy_pass http://127.0.0.1:2022;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /request {
- auth_basic off;
- proxy_pass http://127.0.0.1:3579;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /mylar {
- proxy_pass http://127.0.0.1:8090;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /torrent/ {
- proxy_pass http://127.0.0.1:9999/;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_redirect off;
- proxy_pass_header Set-Cookie;
- }
- location /netdata/ {
- proxy_pass http://127.0.0.1:19999/;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /mopidy {
- proxy_pass http://127.0.0.1:6680;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /moped {
- proxy_pass http://127.0.0.1:6680/moped;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /mopify {
- proxy_pass http://127.0.0.1:6680/mopify;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /spotmop {
- proxy_pass http://127.0.0.1:6680/spotmop;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /settings {
- proxy_pass http://127.0.0.1:6680/settings;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /hass/ {
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Server $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_pass http://127.0.0.1:8123/;
- }
- location /webmin/ {
- auth_basic off;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Server $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_pass http://127.0.0.1:10000/;
- }
- location /jackett/ {
- proxy_pass http://127.0.0.1:9117/;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /sonarr {
- proxy_pass http://127.0.0.1:7979;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /radarr {
- proxy_pass http://127.0.0.1:7878;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /nzbget {
- proxy_pass http://127.0.0.1:6789;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /autosub {
- proxy_pass http://127.0.0.1:8888;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /log/ {
- proxy_pass http://127.0.0.1:4321/;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- }
- location /socket.io/ {
- proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
- proxy_set_header Accept-Encoding "";
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-NginX-Proxy true;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_pass http://127.0.0.1:4321/; # put the port of your node app here
- proxy_redirect off;
- }
- location /setup { error_page 403 /error/403.a/index.html;
- auth_basic off;
- allow 10.0.0.0/8;
- allow 172.16.0.0/12;
- allow 192.168.0.0/16;
- allow 127.0.0.1;
- deny all;
- index index.php;
- root /usr/share/nginx/html;
- }
- location ~ /setup/.+\.php$ {
- auth_basic off;
- allow 10.0.0.0/8;
- allow 172.16.0.0/12;
- allow 192.168.0.0/16;
- allow 127.0.0.1;
- deny all;
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_index index.php;
- }
- location /monit/ {
- auth_basic "OpenFLIXR Login"
- rewrite ^/monit/(.*) /$1 break;
- proxy_ignore_client_abort on;
- proxy_pass http://192.168.1.8:2812;
- # proxy_set_header Host $host;
- proxy_redirect http://192.168.1.8:2812 /monit;
- proxy_cookie_path / /monit/'
- }
- location /syncthing/ {
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_pass http://127.0.0.1:8384/;
- proxy_read_timeout 600s;
- proxy_send_timeout 600s;
- }
- location /netdata/api/v1 {
- auth_basic off;
- proxy_pass http://127.0.0.1:19999/api/v1;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /nzbhydra2/ {
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_pass http://127.0.0.1:5075/nzbhydra/;
- }
- location /latest {
- auth_basic off;
- index index.php;
- root /usr/share/nginx/html;
- }
- location ~ /latest/.+.php$ {
- auth_basic off;
- fastcgi_split_path_info ^(.+.php)(/.+)$;
- fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_index index.php;
- }
- location /librarian {
- proxy_pass http://127.0.0.1:5299;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /portainer/ {
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- proxy_pass http://localhost:9000/;
- }
- location /portainer/api/websocket/ {
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_http_version 1.1;
- proxy_pass http://localhost:9000/api/websocket/;
- }
- # add_config_1
- # add_config_2
- location /lidarr {
- proxy_pass http://127.0.0.1:8686;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- # add_config_3
- # add_config_4
- # add_config_5
- # add_config_6
- # add_config_7
- # add_config_8
- # add_config_9
- # add_config_10
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement