Default

1. ######/nginx/site-confs/default
2. upstream portainer {
3. server 192.168.0.201:9090;
4. }
5. server {
6. listen 80 default_server;
7. listen [::]:80 default_server;
8. server_name my.freedomain.com;
9. return 301 https://$server_name$request_uri;
10. }
11. server {
12. # Server Config
13. listen 443 ssl http2;
14. server_name my.freedomain.com;
15. # Block access without host
16. if ($http_host != "my.freedomain.com") {
17. return 444;
18. }
19. # # Whitelist Allowed Country IPs
20. # if ($allowed_country = yes) {
21. # set $exclusion 1;
22. # }
23. # # Check if Whitelisted
24. # if ($exclusion = "0") {
25. # return 444;
26. # }
27. # Letsencrypt Certificates
28. ssl_certificate /config/keys/letsencrypt/fullchain.pem;
29. ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
30. ssl_dhparam /config/nginx/dhparams.pem;
31. # Strong HTTPS Settings
32. ssl_session_timeout 10m;
33. ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA;
34. ssl_prefer_server_ciphers on;
35. ssl_protocols TLSv1.2;
36. ssl_stapling on;
37. ssl_stapling_verify on;
38. ssl_ecdh_curve secp384r1;
39. # Disable gzip for security
40. gzip off;
41. # Disable Version Info
42. server_tokens off;
43. # Security Headers
44. add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
45. # Enter sha256 pins of your certificates - At least one not currently being served!
46. add_header Public-Key-Pins 'pin-sha256="SHA256PIN1"; pin-sha256="SHA256PIN2"; pin-sha256="SHA256PIN3"; max-age=5184000; includeSubdomains';
47. # CSS Protection - Replace my.freedomain.com
48. add_header X-Frame-Options SAMEORIGIN;
49. add_header Content-Security-Policy "frame-ancestors https://my.freedomain.com";
50. add_header X-Content-Type-Options nosniff;
51. add_header X-XSS-Protection "1; mode=block";
52. add_header X-Robots-Tag none;
53. # Referrer Policy
54. add_header Referrer-Policy "no-referrer";
55. # Modify nginx server output
56. more_set_headers "Server: Organizr";
57. # Hide PHP server output
58. more_clear_headers 'X-Powered-By';
59. # Custom 404 error page (create your own!)
60. error_page 404 /404.html;
61. location = /404.html {
62. root /config/www;
63. internal;
64. }
65. # Custom 40x error pages (create your own!)
66. error_page 400 401 403 /40x.html;
67. location = /40x.html {
68. root /config/www;
69. internal;
70. }
71. # Custom 50x error pages (create your own!)
72. error_page 500 502 503 504 /50x.html;
73. location = /50x.html {
74. root /config/www;
75. internal;
76. }
77. # Organizr
78. root /config/organizr;
79. index index.html index.htm index.php;
80. # Check (Disable for Security reasons)
81. location / {
82. try_files $uri $uri/ /index.html /index.php?$args =404;
83. }
84. # PHP
85. location ~ \.php$ {
86. fastcgi_split_path_info ^(.+\.php)(/.+)$;
87. fastcgi_pass 127.0.0.1:9000;
88. fastcgi_index index.php;
89. include /etc/nginx/fastcgi_params;
90. }
91. # Block access to check (contains verbose server info)
92. location ^~ /check.php {
93. return 404;
94. }
95. # Logo (for Organizr or Plex loading, as seen below)
96. location /logo.png {
97. alias /config/www/logo.png;
98. expires 1y;
99. }
100. # Reverse Proxy without Cookie Password (=Public), eg. Plex
101. location /web {
102. proxy_pass https://192.168.0.200:32400;
103. sub_filter_types text/css text/javascript;
104. #Replace Plex loading logo with your own (edit my.freedomain.com)
105. sub_filter '.plex-image.logo{width:200px;height:65px;background-image:url' '.plex-image.logo{width:200px;height:100px;background-image:url(https://my.freedomain.com/logo.png);background-size:200px 100px}/* rix was here';
106. sub_filter ';background-size:200px 65px}.plex-image.server' ' */.plex-image.server';
107. #Add custom donation link in nav bar (edit https://www.paypal.me/DONATELINK)
108. sub_filter '<ul class="nav nav-bar-nav nav-bar-right">' '<ul class="nav nav-bar-nav nav-bar-right"><li><a href="https://www.paypal.me/DONATELINK" target="_blank" title="" data-toggle="tooltip" data-original-title="Thank You"><span class="badge badge-transparent "></span><i class="glyphicon donate heart"></i></a></li>';
109. #sub_filter_last_modified on;
110. }
111. # Portainer
112. location /portainer/ {
113. proxy_http_version 1.1;
114. proxy_set_header Connection "";
115. proxy_pass http://portainer/;
116. }
117. location /portainer/api/websocket/ {
118. proxy_set_header Upgrade $http_upgrade;
119. proxy_set_header Connection "upgrade";
120. proxy_http_version 1.1;
121. proxy_pass http://portainer/api/websocket/;
122. }
123. # Deluge
124. location ^~/deluge {
125. if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
126. proxy_pass http://192.168.0.201:8112/;
127. proxy_set_header X-Deluge-Base "/deluge/";
128. include /config/nginx/proxy.conf;
129. add_header X-Frame-Options SAMEORIGIN;
130. }
131. # Ubooquity
132. location /ubooquity {
133. if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
134. proxy_pass http://192.168.0.201:2202;
135. include /config/nginx/proxy.conf;
136. }
137. # Ubooquity Admin
138. location /ubooquity/admin {
139. if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
140. proxy_pass http://192.168.0.201:2203;
141. proxy_set_header Host $host;
142. }
143. # Calibre-web
144. location /calibre-web {
145. proxy_pass http://192.168.0.201:8082;
146. proxy_set_header Host $http_host;
147. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
148. proxy_set_header X-Scheme $scheme;
149. proxy_set_header X-Script-Name /calibre-web;
150. }
151. # Radarr
152. location ^~/radarr {
153. if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
154. proxy_pass http://192.168.0.201:7878/radarr;
155. proxy_set_header Authorization "Basic BASE64PASS=";
156. include /config/nginx/proxy.conf;
157. }
158. # Sonarr
159. location ^~/sonarr {
160. if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
161. proxy_pass http://192.168.0.201:8989/sonarr;
162. proxy_set_header Authorization "Basic BASE64PASS=";
163. include /config/nginx/proxy.conf;
164. }
165. # CouchPotato
166. location /couchpotato {
167. if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
168. proxy_pass http://192.168.0.201:5050;
169. include /config/nginx/proxy.conf;
170. }
171. # Jackett
172. location /jackett/ {
173. if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
174. proxy_pass http://192.168.0.201:9117/;
175. }
176. # Ombi
177. location ^~/ombi {
178. if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
179. include /config/nginx/proxy.conf;
180. proxy_pass http://192.168.0.1:3579/ombi;
181. }
182. # PlexPy
183. location ^~/plexpy {
184. if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
185. proxy_pass http://192.168.0.201:8181;
186. include /config/nginx/proxy.conf;
187. proxy_bind $server_addr;
188. proxy_set_header X-Forwarded-Host $server_name;
189. proxy_set_header X-Forwarded-Ssl on;
190. proxy_set_header Authorization "Basic BASE64PASS=";
191. }
192. # Headphones
193. location ~ ^/headphones($|./*) {
194. if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
195. proxy_pass http://192.168.0.201:8282;
196. include /config/nginx/proxy.conf;
197. proxy_set_header Authorization "Basic BASE64PASS=";
198. port_in_redirect off;
199. }
200. # LazyLibrarian
201. location ~ ^/lazylibrarian($|./*) {
202. if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
203. proxy_pass http://192.168.0.201:5299;
204. include /config/nginx/proxy.conf;
205. proxy_set_header Authorization "Basic BASE64PASS=";
206. port_in_redirect off;
207. }
208. # Webmin for DVR
209. location /dvradmin/ {
210. proxy_pass http://192.168.0.201:4343/;
211. proxy_redirect http://$host:4343/ /dvradmin/;
212. proxy_set_header Host $host;
213. }
214. }