Advertisement
Guest User

Untitled

a guest
Jan 9th, 2024
257
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.70 KB | None | 0 0
  1. user http;
  2. worker_processes auto;
  3.  
  4. events {
  5. worker_connections 1024;
  6. }
  7.  
  8. http {
  9. server_tokens off;
  10. access_log syslog:server=unix:/dev/log;
  11. error_log syslog:server=unix:/dev/log;
  12.  
  13. # SSL
  14. ssl_dhparam /etc/ssl/dhparam.pem;
  15. ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
  16. ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
  17. ssl_session_tickets off;
  18. ssl_session_cache shared:SSL:10m;
  19. ssl_protocols TLSv1.3 TLSv1.2;
  20. ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:!AES128;
  21. ssl_ecdh_curve secp521r1:secp384r1;
  22. ssl_prefer_server_ciphers on;
  23. ssl_stapling on;
  24. ssl_stapling_verify on;
  25. ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
  26. resolver 9.9.9.9 1.1.1.1 valid=300s;
  27. resolver_timeout 10s;
  28. types_hash_max_size 4096;
  29. server_names_hash_bucket_size 128;
  30.  
  31. ## Security Headers
  32. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  33. add_header X-Content-Type-Options nosniff;
  34. add_header X-Frame-Options SAMEORIGIN;
  35. add_header X-XSS-Protection "1; mode=block";
  36. add_header X-Robots-Tag none;
  37. add_header X-Permitted-Cross-Domain-Policies none;
  38. add_header X-Download-Options noopen;
  39.  
  40. server {
  41. listen 80;
  42. server_name DOMAIN;
  43. return 301 https://$server_name$request_uri;
  44. }
  45.  
  46.  
  47.  
  48. server {
  49. include mime.types;
  50. default_type application/octet-stream;
  51.  
  52. listen 443 ssl;
  53. server_name DOMAIN;
  54. server_tokens off;
  55. send_timeout 10;
  56.  
  57. root /srv/http/;
  58. index index.php index.html;
  59. client_max_body_size 10G;
  60. fastcgi_buffers 64 16k;
  61. fastcgi_buffer_size 32k;
  62. gzip off;
  63.  
  64. ## Error Page
  65. error_page 404 /404.html;
  66. location = /404.html {
  67. root /srv/http;
  68. internal;
  69. }
  70.  
  71. ## Robot Control
  72. location = /robots.txt {
  73. allow all;
  74. log_not_found off;
  75. access_log off;
  76. }
  77.  
  78. ## SABnzbd
  79. location /downloads {
  80. proxy_pass http://127.0.0.1:7070/downloads;
  81. proxy_set_header X-Real-IP $remote_addr;
  82. proxy_set_header Host $host;
  83. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  84. proxy_set_header X-Forwarded-Proto $scheme;
  85. proxy_redirect off;
  86. }
  87.  
  88.  
  89. ## Jellyfin
  90. #location /stream/ {
  91. # proxy_pass http://127.0.0.1:8096/stream;
  92. # proxy_set_header X-Real-IP $remote_addr;
  93. # proxy_set_header Host $host;
  94. # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  95. # proxy_set_header X-Forwarded-Proto $scheme;
  96. # #proxy_redirect off;
  97. #}
  98.  
  99. location /stream/ {
  100. # Proxy main Jellyfin traffic
  101.  
  102. # The / at the end is significant.
  103. # https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
  104.  
  105. proxy_pass http://127.0.0.1:8096/stream;
  106.  
  107. proxy_pass_request_headers on;
  108.  
  109. proxy_set_header Host $host;
  110.  
  111. proxy_set_header X-Real-IP $remote_addr;
  112. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  113. proxy_set_header X-Forwarded-Proto $scheme;
  114. proxy_set_header X-Forwarded-Host $http_host;
  115.  
  116. proxy_set_header Upgrade $http_upgrade;
  117. proxy_set_header Connection $http_connection;
  118.  
  119. # Disable buffering when the nginx proxy gets very resource heavy upon streaming
  120. proxy_buffering off;
  121. }
  122.  
  123. ## Sonarr
  124. location /tv {
  125. proxy_pass http://127.0.0.1:8989/tv;
  126. proxy_set_header X-Real-IP $remote_addr;
  127. proxy_set_header Host $host;
  128. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  129. proxy_set_header X-Forwarded-Proto $scheme;
  130. }
  131.  
  132. ## Radarr
  133. location /movies {
  134. proxy_pass http://127.0.0.1:7878/movies;
  135. proxy_set_header X-Real-IP $remote_addr;
  136. proxy_set_header Host $host;
  137. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  138. proxy_set_header X-Forwarded-Proto $scheme;
  139. proxy_http_version 1.1;
  140. proxy_set_header Upgrade $http_upgrade;
  141. proxy_set_header Connection $http_connection;
  142. }
  143.  
  144. ## Bazarr
  145. location /subs {
  146. proxy_pass http://127.0.0.1:6767/subs;
  147. proxy_set_header X-Real-IP $remote_addr;
  148. proxy_set_header Host $host;
  149. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  150. proxy_set_header X-Forwarded-Proto $scheme;
  151. }
  152.  
  153. ## Hydra
  154. location /hydra {
  155. proxy_pass http://127.0.0.1:5076/hydra;
  156. proxy_set_header X-Real-IP $remote_addr;
  157. proxy_set_header Host $host;
  158. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  159. proxy_set_header X-Forwarded-Proto $scheme;
  160. }
  161. }
  162. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement