Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ######/nginx/site-confs/default
- upstream portainer {
- server 192.168.0.201:9090;
- }
- server {
- listen 80 default_server;
- listen [::]:80 default_server;
- server_name my.freedomain.com;
- return 301 https://$server_name$request_uri;
- }
- server {
- # Server Config
- listen 443 ssl http2;
- server_name my.freedomain.com;
- # Block access without host
- if ($http_host != "my.freedomain.com") {
- return 444;
- }
- # # Whitelist Allowed Country IPs
- # if ($allowed_country = yes) {
- # set $exclusion 1;
- # }
- # # Check if Whitelisted
- # if ($exclusion = "0") {
- # return 444;
- # }
- # Letsencrypt Certificates
- ssl_certificate /config/keys/letsencrypt/fullchain.pem;
- ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
- ssl_dhparam /config/nginx/dhparams.pem;
- # Strong HTTPS Settings
- ssl_session_timeout 10m;
- ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA;
- ssl_prefer_server_ciphers on;
- ssl_protocols TLSv1.2;
- ssl_stapling on;
- ssl_stapling_verify on;
- ssl_ecdh_curve secp384r1;
- # Disable gzip for security
- gzip off;
- # Disable Version Info
- server_tokens off;
- # Security Headers
- add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
- # Enter sha256 pins of your certificates - At least one not currently being served!
- add_header Public-Key-Pins 'pin-sha256="SHA256PIN1"; pin-sha256="SHA256PIN2"; pin-sha256="SHA256PIN3"; max-age=5184000; includeSubdomains';
- # CSS Protection - Replace my.freedomain.com
- add_header X-Frame-Options SAMEORIGIN;
- add_header Content-Security-Policy "frame-ancestors https://my.freedomain.com";
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- # Referrer Policy
- add_header Referrer-Policy "no-referrer";
- # Modify nginx server output
- more_set_headers "Server: Organizr";
- # Hide PHP server output
- more_clear_headers 'X-Powered-By';
- # Custom 404 error page (create your own!)
- error_page 404 /404.html;
- location = /404.html {
- root /config/www;
- internal;
- }
- # Custom 40x error pages (create your own!)
- error_page 400 401 403 /40x.html;
- location = /40x.html {
- root /config/www;
- internal;
- }
- # Custom 50x error pages (create your own!)
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root /config/www;
- internal;
- }
- # Organizr
- root /config/organizr;
- index index.html index.htm index.php;
- # Check (Disable for Security reasons)
- location / {
- try_files $uri $uri/ /index.html /index.php?$args =404;
- }
- # PHP
- location ~ \.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- include /etc/nginx/fastcgi_params;
- }
- # Block access to check (contains verbose server info)
- location ^~ /check.php {
- return 404;
- }
- # Logo (for Organizr or Plex loading, as seen below)
- location /logo.png {
- alias /config/www/logo.png;
- expires 1y;
- }
- # Reverse Proxy without Cookie Password (=Public), eg. Plex
- location /web {
- proxy_pass https://192.168.0.200:32400;
- sub_filter_types text/css text/javascript;
- #Replace Plex loading logo with your own (edit my.freedomain.com)
- sub_filter '.plex-image.logo{width:200px;height:65px;background-image:url' '.plex-image.logo{width:200px;height:100px;background-image:url(https://my.freedomain.com/logo.png);background-size:200px 100px}/* rix was here';
- sub_filter ';background-size:200px 65px}.plex-image.server' ' */.plex-image.server';
- #Add custom donation link in nav bar (edit https://www.paypal.me/DONATELINK)
- sub_filter '<ul class="nav nav-bar-nav nav-bar-right">' '<ul class="nav nav-bar-nav nav-bar-right"><li><a href="https://www.paypal.me/DONATELINK" target="_blank" title="" data-toggle="tooltip" data-original-title="Thank You"><span class="badge badge-transparent "></span><i class="glyphicon donate heart"></i></a></li>';
- #sub_filter_last_modified on;
- }
- # Portainer
- location /portainer/ {
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- proxy_pass http://portainer/;
- }
- location /portainer/api/websocket/ {
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_http_version 1.1;
- proxy_pass http://portainer/api/websocket/;
- }
- # Deluge
- location ^~/deluge {
- if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
- proxy_pass http://192.168.0.201:8112/;
- proxy_set_header X-Deluge-Base "/deluge/";
- include /config/nginx/proxy.conf;
- add_header X-Frame-Options SAMEORIGIN;
- }
- # Ubooquity
- location /ubooquity {
- if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
- proxy_pass http://192.168.0.201:2202;
- include /config/nginx/proxy.conf;
- }
- # Ubooquity Admin
- location /ubooquity/admin {
- if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
- proxy_pass http://192.168.0.201:2203;
- proxy_set_header Host $host;
- }
- # Calibre-web
- location /calibre-web {
- proxy_pass http://192.168.0.201:8082;
- proxy_set_header Host $http_host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Script-Name /calibre-web;
- }
- # Radarr
- location ^~/radarr {
- if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
- proxy_pass http://192.168.0.201:7878/radarr;
- proxy_set_header Authorization "Basic BASE64PASS=";
- include /config/nginx/proxy.conf;
- }
- # Sonarr
- location ^~/sonarr {
- if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
- proxy_pass http://192.168.0.201:8989/sonarr;
- proxy_set_header Authorization "Basic BASE64PASS=";
- include /config/nginx/proxy.conf;
- }
- # CouchPotato
- location /couchpotato {
- if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
- proxy_pass http://192.168.0.201:5050;
- include /config/nginx/proxy.conf;
- }
- # Jackett
- location /jackett/ {
- if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
- proxy_pass http://192.168.0.201:9117/;
- }
- # Ombi
- location ^~/ombi {
- if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
- include /config/nginx/proxy.conf;
- proxy_pass http://192.168.0.1:3579/ombi;
- }
- # PlexPy
- location ^~/plexpy {
- if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
- proxy_pass http://192.168.0.201:8181;
- include /config/nginx/proxy.conf;
- proxy_bind $server_addr;
- proxy_set_header X-Forwarded-Host $server_name;
- proxy_set_header X-Forwarded-Ssl on;
- proxy_set_header Authorization "Basic BASE64PASS=";
- }
- # Headphones
- location ~ ^/headphones($|./*) {
- if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
- proxy_pass http://192.168.0.201:8282;
- include /config/nginx/proxy.conf;
- proxy_set_header Authorization "Basic BASE64PASS=";
- port_in_redirect off;
- }
- # LazyLibrarian
- location ~ ^/lazylibrarian($|./*) {
- if ($cookie_cookiePassword != "COOKIEPASS") { return 404; }
- proxy_pass http://192.168.0.201:5299;
- include /config/nginx/proxy.conf;
- proxy_set_header Authorization "Basic BASE64PASS=";
- port_in_redirect off;
- }
- # Webmin for DVR
- location /dvradmin/ {
- proxy_pass http://192.168.0.201:4343/;
- proxy_redirect http://$host:4343/ /dvradmin/;
- proxy_set_header Host $host;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement