unRAID Configs

1. ##########################################
2. letsencrypt/nginx/nginx.conf
3. ##########################################
4. user abc;
5. worker_processes 4;
6. pid /run/nginx.pid;
7. events {
8. worker_connections 768;
9. }
10. http {
11. ##
12. # Basic Settings
13. ##
14. sendfile on;
15. tcp_nopush on;
16. tcp_nodelay on;
17. keepalive_timeout 65;
18. types_hash_max_size 2048;
19. client_max_body_size 0;
20. include /etc/nginx/mime.types;
21. default_type application/octet-stream;
22. ##
23. # Logging Settings
24. ##
25. access_log /config/log/nginx/access.log;
26. error_log /config/log/nginx/error.log;
27. ##
28. # Gzip Settings
29. ##
30. gzip on;
31. gzip_disable "msie6";
32. ##
33. # Virtual Host Configs
34. ##
35. include /etc/nginx/conf.d/*.conf;
36. include /config/nginx/site-confs/*;
37. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
38. ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
39. ssl_prefer_server_ciphers on;
40. ssl_session_cache shared:SSL:10m;
41. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
42. add_header X-Frame-Options SAMEORIGIN;
43. add_header X-Content-Type-Options nosniff;
44. add_header X-XSS-Protection "1; mode=block";
45. add_header X-Robots-Tag none;
46. ssl_stapling on; # Requires nginx >= 1.3.7
47. ssl_stapling_verify on; # Requires nginx => 1.3.7
48. }
49. daemon off;
50.  
51. ##########################################
52. letsencrypt/nginx/proxy.conf
53. ##########################################
54. client_max_body_size 10g;
55. client_body_buffer_size 128k;
56. #Timeout if the real server is dead
57. proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
58. # Advanced Proxy Config
59. send_timeout 5m;
60. proxy_read_timeout 240;
61. proxy_send_timeout 240;
62. proxy_connect_timeout 240;
63. # Basic Proxy Config
64. proxy_set_header Host $host:$server_port;
65. proxy_set_header X-Real-IP $remote_addr;
66. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
67. proxy_set_header X-Forwarded-Proto https;
68. proxy_redirect http:// $scheme://;
69. proxy_http_version 1.1;
70. proxy_set_header Connection "";
71. proxy_cache_bypass $cookie_session;
72. proxy_no_cache $cookie_session;
73. proxy_buffers 32 4k;
74.  
75. ##########################################
76. letsencrypt/nginx/site-confs/default
77. ##########################################
78. upstream backend {
79. server 192.168.1.207:19999;
80. keepalive 64;
81. }
82. ## Radarr
83. server {
84. server_name radarr.subdomain.duckdns.org;
85. include /config/nginx/common;
86. location / {
87. auth_basic "Restricted";
88. auth_basic_user_file /config/nginx/.htpasswd;
89. include /config/nginx/proxy.conf;
90. proxy_pass http://192.168.1.207:7878;
91. }
92. }
93. ## Sonarr
94. server {
95. server_name sonarr.subdomain.duckdns.org;
96. include /config/nginx/common;
97. location / {
98. auth_basic "Restricted";
99. auth_basic_user_file /config/nginx/.htpasswd;
100. include /config/nginx/proxy.conf;
101. proxy_pass http://192.168.1.207:8989;
102. }
103. }
104. ## Ombi
105. server {
106. server_name ombi.subdomain.duckdns.org;
107. include /config/nginx/common;
108. location / {
109. proxy_pass http://192.168.1.207:3579;
110. }
111. }
112. ## Torrents
113. server {
114. server_name torrents.subdomain.duckdns.org;
115. include /config/nginx/common;
116. location / {
117. auth_basic "Restricted";
118. auth_basic_user_file /config/nginx/.htpasswd;
119. include /config/nginx/proxy.conf;
120. proxy_pass http://192.168.1.207:9091;
121. }
122. }
123. ## Gitea
124. server {
125. server_name gitea.subdomain.duckdns.org;
126. include /config/nginx/common;
127. location / {
128. proxy_pass http://192.168.1.207:3000;
129. }
130. }
131. ## unRAID
132. server {
133. listen 443 ssl;
134. listen 80;
135. root /config/www;
136. index index.html index.htm index.php;
137. server_name subdomain.duckdns.org;
138. ssl_certificate /config/keys/letsencrypt/fullchain.pem;
139. ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
140. ssl_dhparam /config/nginx/dhparams.pem;
141. ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
142. ssl_prefer_server_ciphers on;
143. client_max_body_size 0;
144. location / {
145. include /config/nginx/proxy.conf;
146. proxy_pass http://192.168.1.207;
147. }
148. location ~ /netdata/(?<ndpath>.*) {
149. auth_basic "Restricted";
150. auth_basic_user_file /config/nginx/.htpasswd;
151. proxy_set_header X-Forwarded-Host $host;
152. proxy_set_header X-Forwarded-Server $host;
153. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
154. proxy_pass http://backend/$ndpath$is_args$args;
155. proxy_http_version 1.1;
156. proxy_pass_request_headers on;
157. proxy_set_header Connection "keep-alive";
158. proxy_store off;
159. }
160. }
161.  
162. ##########################################
163. nextcloud/nginx/nginx.conf
164. ##########################################
165. user abc;
166. worker_processes 4;
167. pid /run/nginx.pid;
168. events {
169. worker_connections 768;
170. }
171. http {
172. ##
173. # Basic Settings
174. ##
175. sendfile on;
176. tcp_nopush on;
177. tcp_nodelay on;
178. keepalive_timeout 65;
179. types_hash_max_size 2048;
180. client_max_body_size 0;
181. include /etc/nginx/mime.types;
182. default_type application/octet-stream;
183. ##
184. # Logging Settings
185. ##
186. access_log /config/log/nginx/access.log;
187. error_log /config/log/nginx/error.log;
188. ##
189. # Gzip Settings
190. ##
191. gzip on;
192. gzip_disable "msie6";
193. ##
194. # Virtual Host Configs
195. ##
196. include /etc/nginx/conf.d/*.conf;
197. include /config/nginx/site-confs/*;
198. }
199. daemon off;
200.  
201. ##########################################
202. nextcloud/nginx/site-confs/default
203. ##########################################
204. upstream php-handler {
205. server 127.0.0.1:9000;
206. # server unix:/var/run/php/php7.0-fpm.sock;
207. }
208. server {
209. listen 80;
210. server_name _;
211. # enforce https
212. return 301 https://$server_name$request_uri;
213. }
214. server {
215. listen 443 ssl;
216. server_name _;
217. ssl_certificate /config/keys/cert.crt;
218. ssl_certificate_key /config/keys/cert.key;
219. # Add headers to serve security related headers
220. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
221. add_header X-Content-Type-Options nosniff;
222. # add_header X-Frame-Options "SAMEORIGIN";
223. add_header X-XSS-Protection "1; mode=block";
224. add_header X-Robots-Tag none;
225. add_header X-Download-Options noopen;
226. add_header X-Permitted-Cross-Domain-Policies none;
227. # Path to the root of your installation
228. root /config/www/nextcloud/;
229. # set max upload size
230. client_max_body_size 10G;
231. fastcgi_buffers 64 4K;
232. # Disable gzip to avoid the removal of the ETag header
233. gzip off;
234. index index.php;
235. error_page 403 /core/templates/403.php;
236. error_page 404 /core/templates/404.php;
237. rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
238. rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
239. location = /robots.txt {
240. allow all;
241. log_not_found off;
242. access_log off;
243. }
244. location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
245. deny all;
246. }
247. location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
248. deny all;
249. }
250. location / {
251. rewrite ^/remote/(.*) /remote.php last;
252. rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
253. try_files $uri $uri/ =404;
254. }
255. location ~ \.php(?:$|/) {
256. fastcgi_split_path_info ^(.+\.php)(/.+)$;
257. include /etc/nginx/fastcgi_params;
258. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
259. fastcgi_param PATH_INFO $fastcgi_path_info;
260. fastcgi_param HTTPS on;
261. fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
262. fastcgi_pass php-handler;
263. fastcgi_intercept_errors on;
264. }
265. # Adding the cache control header for js and css files
266. # Make sure it is BELOW the location ~ \.php(?:$|/) { block
267. location ~* \.(?:css|js)$ {
268. add_header Cache-Control "public, max-age=7200";
269. # Add headers to serve security related headers
270. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
271. add_header X-Content-Type-Options nosniff;
272. add_header X-Frame-Options "SAMEORIGIN";
273. add_header X-XSS-Protection "1; mode=block";
274. add_header X-Robots-Tag none;
275. add_header X-Download-Options noopen;
276. add_header X-Permitted-Cross-Domain-Policies none;
277. # Optional: Don't log access to assets
278. access_log off;
279. }
280. # Optional: Don't log access to other assets
281. location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
282. access_log off;
283. }
284. }