## Version 2019/08/01 - Changelog: https://github.com/linuxserver/docker-letsenc

1. ## Version 2019/08/01 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/default
2.  
3. # redirect all traffic to https
4. server {
5. listen 80 default_server;
6. listen [::]:80 default_server;
7. server_name _;
8. return 301 https://$host$request_uri;
9. }
10.  
11. # main server block
12. server {
13. listen 443 ssl http2 default_server;
14. listen [::]:443 ssl http2 default_server;
15.  
16. root /config/www;
17. index index.html index.htm index.php;
18.  
19. server_name _;
20.  
21. # enable subfolder method reverse proxy confs
22. include /config/nginx/proxy-confs/*.subfolder.conf;
23.  
24. # all ssl related config moved to ssl.conf
25. include /config/nginx/ssl.conf;
26.  
27. # enable for ldap auth
28. #include /config/nginx/ldap.conf;
29.  
30. client_max_body_size 0;
31.  
32. location / {
33. try_files $uri $uri/ /index.html /index.php?$args =404;
34. }
35.  
36. location ~ \.php$ {
37. fastcgi_split_path_info ^(.+\.php)(/.+)$;
38. fastcgi_pass 127.0.0.1:9000;
39. fastcgi_index index.php;
40. include /etc/nginx/fastcgi_params;
41. }
42.  
43. # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
44. # notice this is within the same server block as the base
45. # don't forget to generate the .htpasswd file as described on docker hub
46. # location ^~ /cp {
47. # auth_basic "Restricted";
48. # auth_basic_user_file /config/nginx/.htpasswd;
49. # include /config/nginx/proxy.conf;
50. # proxy_pass http://192.168.1.50:5050/cp;
51. # }
52.  
53. }
54.  
55. # sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
56. # notice this is a new server block, you need a new server block for each subdomain
57. #server {
58. # listen 443 ssl http2;
59. # listen [::]:443 ssl http2;
60. #
61. # root /config/www;
62. # index index.html index.htm index.php;
63. #
64. # server_name cp.*;
65. #
66. # include /config/nginx/ssl.conf;
67. #
68. # client_max_body_size 0;
69. #
70. # location / {
71. # auth_basic "Restricted";
72. # auth_basic_user_file /config/nginx/.htpasswd;
73. # include /config/nginx/proxy.conf;
74. # proxy_pass http://192.168.1.50:5050;
75. # }
76. #}
77.  
78. # sample reverse proxy config for "heimdall" via subdomain, with ldap authentication
79. # ldap-auth container has to be running and the /config/nginx/ldap.conf file should be filled with ldap info
80. # notice this is a new server block, you need a new server block for each subdomain
81. #server {
82. # listen 443 ssl http2;
83. # listen [::]:443 ssl http2;
84. #
85. # root /config/www;
86. # index index.html index.htm index.php;
87. #
88. # server_name heimdall.*;
89. #
90. # include /config/nginx/ssl.conf;
91. #
92. # include /config/nginx/ldap.conf;
93. #
94. # client_max_body_size 0;
95. #
96. # location / {
97. # # the next two lines will enable ldap auth along with the included ldap.conf in the server block
98. # auth_request /auth;
99. # error_page 401 =200 /login;
100. #
101. # include /config/nginx/proxy.conf;
102. # resolver 127.0.0.11 valid=30s;
103. # set $upstream_heimdall heimdall;
104. # proxy_pass https://$upstream_heimdall:443;
105. # }
106. #}
107.  
108. # enable subdomain method reverse proxy confs
109. include /config/nginx/proxy-confs/*.subdomain.conf;
110. # enable proxy cache for auth
111. proxy_cache_path cache/ keys_zone=auth_cache:10m;