## Version 2019/08/01 - Changelog: https://github.com/linuxserver/docker-letsenc

1. ## Version 2019/08/01 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/default
2.  
3. # redirect all traffic to https
4. server {
5.     listen 80 default_server;
6.     listen [::]:80 default_server;
7.     server_name _;
8.     return 301 https://$host$request_uri;
9. }
10.  
11. # main server block
12. server {
13.     listen 443 ssl http2 default_server;
14.     listen [::]:443 ssl http2 default_server;
15.  
16.     root /config/www;
17.     index index.html index.htm index.php;
18.  
19.     server_name _;
20.  
21.     # enable subfolder method reverse proxy confs
22.     include /config/nginx/proxy-confs/*.subfolder.conf;
23.  
24.     # all ssl related config moved to ssl.conf
25.     include /config/nginx/ssl.conf;
26.  
27.     # enable for ldap auth
28.     #include /config/nginx/ldap.conf;
29.  
30.     client_max_body_size 0;
31.  
32.     location / {
33.         try_files $uri $uri/ /index.html /index.php?$args =404;
34.     }
35.  
36.     location ~ \.php$ {
37.         fastcgi_split_path_info ^(.+\.php)(/.+)$;
38.         fastcgi_pass 127.0.0.1:9000;
39.         fastcgi_index index.php;
40.         include /etc/nginx/fastcgi_params;
41.     }
42.  
43. # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
44. # notice this is within the same server block as the base
45. # don't forget to generate the .htpasswd file as described on docker hub
46. #   location ^~ /cp {
47. #       auth_basic "Restricted";
48. #       auth_basic_user_file /config/nginx/.htpasswd;
49. #       include /config/nginx/proxy.conf;
50. #       proxy_pass http://192.168.1.50:5050/cp;
51. #   }
52.  
53. #ORGANIZR CONTAINER
54.     location ^~ / {
55.         proxy_pass http://192.168.1.12:8282; #Organizr IP and Port
56.         include /config/nginx/proxy.conf;
57.         }
58.  
59. }
60.  
61. # sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
62. # notice this is a new server block, you need a new server block for each subdomain
63. #server {
64. #   listen 443 ssl http2;
65. #   listen [::]:443 ssl http2;
66. #
67. #   root /config/www;
68. #   index index.html index.htm index.php;
69. #
70. #   server_name cp.*;
71. #
72. #   include /config/nginx/ssl.conf;
73. #
74. #   client_max_body_size 0;
75. #
76. #   location / {
77. #       auth_basic "Restricted";
78. #       auth_basic_user_file /config/nginx/.htpasswd;
79. #       include /config/nginx/proxy.conf;
80. #       proxy_pass http://192.168.1.50:5050;
81. #   }
82. #}
83.  
84. # sample reverse proxy config for "heimdall" via subdomain, with ldap authentication
85. # ldap-auth container has to be running and the /config/nginx/ldap.conf file should be filled with ldap info
86. # notice this is a new server block, you need a new server block for each subdomain
87. #server {
88. #   listen 443 ssl http2;
89. #   listen [::]:443 ssl http2;
90. #
91. #   root /config/www;
92. #   index index.html index.htm index.php;
93. #
94. #   server_name heimdall.*;
95. #
96. #   include /config/nginx/ssl.conf;
97. #
98. #   include /config/nginx/ldap.conf;
99. #
100. #   client_max_body_size 0;
101. #
102. #   location / {
103. #       # the next two lines will enable ldap auth along with the included ldap.conf in the server block
104. #       auth_request /auth;
105. #       error_page 401 =200 /login;
106. #
107. #       include /config/nginx/proxy.conf;
108. #       resolver 127.0.0.11 valid=30s;
109. #       set $upstream_heimdall heimdall;
110. #       proxy_pass https://$upstream_heimdall:443;
111. #   }
112. #}
113.  
114. # enable subdomain method reverse proxy confs
115. include /config/nginx/proxy-confs/*.subdomain.conf;
116. # enable proxy cache for auth
117. proxy_cache_path cache/ keys_zone=auth_cache:10m;