Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # listening on port 80 disabled by default, remove the "#" signs to enable
- # redirect all traffic to https
- #
- # Upstreams
- upstream plex-upstream {
- server 10.0.0.11:32400;
- keepalive 32;
- }
- #Main block rewrite
- server {
- listen 80;
- server_name punny.no;
- return 301 https://$host$request_uri;
- }
- server { #Force non www
- listen 80;
- listen 443 ssl http2;
- server_name www.punny.no;
- return 301 https://punny.no;
- ssl_certificate /config/keys/letsencrypt/fullchain.pem;
- ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
- ssl_dhparam /config/nginx/dhparams.pem;
- ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
- ssl_prefer_server_ciphers on;
- }
- ###############################################
- #main server block
- server {
- listen 443 ssl http2;
- add_header X-Frame-Options SAMEORIGIN;
- add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
- #gzip on;
- #gzip_min_length 20;
- #gzip_proxied off;
- #gzip_types *;
- root /config/www/home;
- index index.php index.html index.htm;
- server_name punny.no domain.no 10.0.0.11;
- ssl_certificate /config/keys/letsencrypt/fullchain.pem;
- ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
- ssl_dhparam /config/nginx/dhparams.pem;
- ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
- ssl_prefer_server_ciphers on;
- client_max_body_size 0;
- error_page 400 401 402 403 404 405 408 500 502 503 504 $scheme://$server_name/error.php?error=$status;
- #AUTHORIZATION BLOCK
- location /auth-admin { rewrite ^ /auth.php?admin&ban=someone,thisperson; }
- location /auth-user { rewrite ^ /auth.php?user; }
- location / {
- try_files $uri $uri/ /index.html /index.php?$args =404;
- proxy_set_header Accept-Encoding "";
- location ~ \.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- include /etc/nginx/fastcgi_params;
- }
- }
- ###### REWRITES ######
- location /v2 {
- return 301 /v2/;
- }
- location /plexpy {
- return 301 /plexpy/;
- }
- location /sabnzbd {
- return 301 /sabnzbd/;
- }
- location /hydra {
- return 301 /hydra/;
- }
- ###### REWRITES ######
- ###### IMAGES ######
- location /cap {
- alias /config/www/img/sharex;
- default_type image/png;
- }
- location /me {
- alias /config/www/img/public/me.png;
- default_type image/png;
- }
- location /me.png {
- alias /config/www/img/public/me.png;
- default_type image/png;
- }
- location /img {
- alias /config/www/img;
- }
- location /img/public {
- alias /config/www/img/public;
- }
- ###### IMAGES ######
- location /index.html {
- alias /config/www/home/index1.html;
- }
- location /v2/ {
- root /config/www;
- index index.php index.html;
- include /config/php.conf;
- }
- location /clouds/ {
- root /config/www;
- index index.html;
- include /config/php.conf;
- }
- location /hp/ {
- root /config/www;
- index index.html;
- include /config/php.conf;
- }
- location /monitorr {
- proxy_pass http://10.0.0.11:4078/monitorr;
- add_header X-Frame-Options SAMEORIGIN;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /logarr {
- proxy_pass http://10.0.0.11:4878/logarr;
- add_header X-Frame-Options SAMEORIGIN;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- if ($http_referer ~* /ombi/) {
- rewrite ^/dist/([0-9\d*]).js /ombi/dist/$1.js last;
- }
- location /ombi {
- #auth_request /auth-user;
- proxy_pass http://10.0.0.11:3579/ombi;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- add_header X-Frame-Options SAMEORIGIN;
- }
- location /emby {
- # Send traffic to the backend
- add_header Strict-Transport-Security max-age=31536000;
- add_header X-Frame-Options SAMEORIGIN;
- proxy_pass http://10.0.0.11:8096;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Proto $remote_addr;
- proxy_set_header X-Forwarded-Protocol $scheme;
- proxy_redirect off;
- # Send websocket data to the backend aswell
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- }
- location /plexpy/ {
- auth_request /auth-admin;
- proxy_pass http://10.0.0.11:8181;
- add_header X-Frame-Options SAMEORIGIN;
- #proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- #proxy_set_header X-Forwarded-Host $server_name;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- #proxy_set_header X-Forwarded-Proto $scheme; #plexpy needs this line 1
- #proxy_set_header X-Forwarded-Ssl on; #plexpy needs this line 2
- }
- location /sabnzbd/ {
- auth_request /auth-admin;
- proxy_pass https://10.0.0.11:8190;
- add_header X-Frame-Options SAMEORIGIN;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /sabnzbd/#modal {
- # auth_request /auth-admin;
- proxy_pass https://10.0.0.11:8090/sabnzbd/#modal;
- add_header X-Frame-Options SAMEORIGIN;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /rss {
- auth_request /auth-admin;
- proxy_pass http://10.0.0.11:8585/rss;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /nzbget {
- auth_request /auth-admin;
- proxy_pass http://10.0.0.11:6789;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- location /hydra/ {
- auth_request /auth-user;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_pass http://10.0.0.11:8061/hydra/;
- }
- location /sonarr {
- auth_request /auth-admin;
- proxy_pass http://10.0.0.11:8989/sonarr;
- add_header X-Frame-Options SAMEORIGIN;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Accept-Encoding "";
- sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="//rawgit.com/iFelix18/Darkerr/master/darkerr.css"></head>';
- sub_filter_once on;
- }
- location /guacamole {
- auth_request /auth-admin;
- include /config/nginx/proxy.conf;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $http_host;
- proxy_set_header X-NginX-Proxy true;
- proxy_pass http://10.0.0.11:1321;
- }
- location /cray {
- auth_request /auth-admin;
- proxy_pass http://10.0.0.11:8888/cray;
- add_header X-Frame-Options SAMEORIGIN;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Accept-Encoding "";
- sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="//rawgit.com/iFelix18/Darkerr/master/darkerr.css"></head>';
- sub_filter_once on;
- }
- location /radarr {
- auth_request /auth-admin;
- proxy_pass http://10.0.0.11:8787/radarr;
- add_header X-Frame-Options SAMEORIGIN;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Accept-Encoding "";
- sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="//rawgit.com/iFelix18/Darkerr/master/darkerr.css"></head>';
- sub_filter_once on;
- }
- location /tor {
- return 301 /tor/;
- }
- location /tor/ {
- auth_request /auth-admin;
- proxy_pass http://10.0.0.11:8060/tor/;
- add_header X-Frame-Options SAMEORIGIN;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Ssl on;
- }
- location /deluge {
- auth_request /auth-admin;
- proxy_pass http://10.0.0.11:8112/;
- proxy_set_header X-Deluge-Base "/deluge/";
- add_header X-Frame-Options SAMEORIGIN;
- }
- location /plex/ {
- proxy_pass http://plex-upstream/;
- include proxy.conf;
- }
- if ($http_referer ~* /plex/) {
- rewrite ^/web/(.*) /plex/web/$1? redirect;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement