commit d35950a95455fc99b6b80046f2dbc1cc89f5b07a Author: Lino Silva Date: Sun Mar 19 16:41:50 2023 +0000 feat: Initial commit diff --git a/authelia.subdomain.conf b/authelia.subdomain.conf new file mode 100644 index 0000000..5aa1209 --- /dev/null +++ b/authelia.subdomain.conf @@ -0,0 +1,39 @@ +## Version 2023/02/12 +# make sure that your authelia container is named authelia +# make sure that your dns has a cname set for authelia +# the default authelia-server and authelia-location confs included with swag rely on +# a built-in subfolder proxy at "/authelia" and enabling this proxy conf is not necessary. +# But if you'd like to use authelia via subdomain, you can enable this proxy and set +# the $authelia_backed variable in the authelia-server.conf. + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name authelia.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app authelia; + set $upstream_port 9091; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/authelia)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app authelia; + set $upstream_port 9091; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/bazarr.subdomain.conf b/bazarr.subdomain.conf new file mode 100644 index 0000000..0c58a46 --- /dev/null +++ b/bazarr.subdomain.conf @@ -0,0 +1,56 @@ +## Version 2023/02/05 +# make sure that your bazarr container is named bazarr +# make sure that your dns has a cname set for bazarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name bazarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app bazarr; + set $upstream_port 6767; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/bazarr)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app bazarr; + set $upstream_port 6767; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/changedetection.subdomain.conf b/changedetection.subdomain.conf new file mode 100644 index 0000000..bed436f --- /dev/null +++ b/changedetection.subdomain.conf @@ -0,0 +1,46 @@ +## Version 2023/02/05 +# make sure that your changedetection container is named changedetection +# make sure that your dns has a cname set for changedetection + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name changedetection.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app changedetection; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/cloud.subdomain.conf b/cloud.subdomain.conf new file mode 100644 index 0000000..2ed7861 --- /dev/null +++ b/cloud.subdomain.conf @@ -0,0 +1,38 @@ +## Version 2023/02/05 +# make sure that your nextcloud container is named nextcloud +# make sure that your dns has a cname set for nextcloud +# assuming this container is called "swag", edit your nextcloud container's config +# located at /config/www/nextcloud/config/config.php and add the following lines before the ");": +# 'trusted_proxies' => ['swag'], +# 'overwrite.cli.url' => 'https://nextcloud.example.com/', +# 'overwritehost' => 'nextcloud.example.com', +# 'overwriteprotocol' => 'https', +# +# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: +# array ( +# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. +# 1 => 'nextcloud.example.com', +# ), + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name cloud.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app nextcloud; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_hide_header X-Frame-Options; + proxy_max_temp_file_size 2048m; + } +} diff --git a/dashboard.subdomain.conf b/dashboard.subdomain.conf new file mode 100644 index 0000000..0f25211 --- /dev/null +++ b/dashboard.subdomain.conf @@ -0,0 +1,112 @@ +## Version 2022/03/19 +# Make sure that your dns has a cname set for dashboard + +server { + listen 81; + + server_name _; + + root /dashboard/www; + index index.php; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + allow 10.0.0.0/8; + allow 172.16.0.0/12; + allow 192.168.0.0/16; + deny all; + + try_files $uri $uri/ /index.php?$args =404; + } + location ~ \.php$ { + allow 10.0.0.0/8; + allow 172.16.0.0/12; + allow 192.168.0.0/16; + deny all; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name dashboard.*; + + root /dashboard/www; + index index.php; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + allow 10.0.0.0/8; + allow 172.16.0.0/12; + allow 192.168.0.0/16; + deny all; + + try_files $uri $uri/ /index.php?$args =404; + } + location ~ \.php$ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + allow 10.0.0.0/8; + allow 172.16.0.0/12; + allow 192.168.0.0/16; + deny all; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } +} diff --git a/frigate.subdomain.conf b/frigate.subdomain.conf new file mode 100755 index 0000000..88578b1 --- /dev/null +++ b/frigate.subdomain.conf @@ -0,0 +1,42 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name frigate.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.14; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/gitea.subdomain.conf b/gitea.subdomain.conf new file mode 100644 index 0000000..9a783c4 --- /dev/null +++ b/gitea.subdomain.conf @@ -0,0 +1,51 @@ +## Version 2023/02/05 +# make sure that your gitea container is named gitea +# make sure that your dns has a cname set for gitea +# edit the following parameters in /data/gitea/conf/app.ini +# [server] +# SSH_DOMAIN = gitea.server.com +# ROOT_URL = https://gitea.server.com/ +# DOMAIN = gitea.server.com + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name gitea.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app gitea; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/homeassistant.subdomain.conf b/homeassistant.subdomain.conf new file mode 100644 index 0000000..5fc4ad5 --- /dev/null +++ b/homeassistant.subdomain.conf @@ -0,0 +1,64 @@ +## Version 2023/02/05 +# make sure that your homeassistant container is named homeassistant +# make sure that your dns has a cname set for homeassistant + +# As of homeassistant 2021.7.0, it is now required to define the network range your proxy resides in, this is done in Homeassitants configuration.yaml +# https://www.home-assistant.io/integrations/http/#trusted_proxies +# Example below uses the default dockernetwork ranges, you may need to update this if you dont use defaults. +# +# http: +# use_x_forwarded_for: true +# trusted_proxies: +# - 172.16.0.0/12 + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name homeassistant.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.100; + set $upstream_port 8123; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ ^/(api|local|media)/ { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.100; + set $upstream_port 8123; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/immich.subdomain.conf b/immich.subdomain.conf new file mode 100755 index 0000000..6dd1c9d --- /dev/null +++ b/immich.subdomain.conf @@ -0,0 +1,42 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name immich.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app immich_proxy; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/lidarr.subdomain.conf b/lidarr.subdomain.conf new file mode 100644 index 0000000..3f94970 --- /dev/null +++ b/lidarr.subdomain.conf @@ -0,0 +1,56 @@ +## Version 2023/02/05 +# make sure that your lidarr container is named lidarr +# make sure that your dns has a cname set for lidarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name lidarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app lidarr; + set $upstream_port 8686; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/lidarr)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app lidarr; + set $upstream_port 8686; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/mealie.subdomain.conf b/mealie.subdomain.conf new file mode 100644 index 0000000..f3ff14f --- /dev/null +++ b/mealie.subdomain.conf @@ -0,0 +1,45 @@ +## Version 2023/02/05 +# Ensure your DNS has a CNAME set for mealie and that mealie container is named. + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name recipes.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app mealie; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/metube.subdomain.conf b/metube.subdomain.conf new file mode 100644 index 0000000..515223b --- /dev/null +++ b/metube.subdomain.conf @@ -0,0 +1,46 @@ +## Version 2023/02/05 +# make sure that your metube container is named metube +# make sure that your dns has a cname set for metube + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name yt.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app metube; + set $upstream_port 8081; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/minio.subdomain.conf b/minio.subdomain.conf new file mode 100755 index 0000000..36e7c03 --- /dev/null +++ b/minio.subdomain.conf @@ -0,0 +1,42 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name minio.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app minio; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/overseerr.subdomain.conf b/overseerr.subdomain.conf new file mode 100644 index 0000000..8849e3e --- /dev/null +++ b/overseerr.subdomain.conf @@ -0,0 +1,56 @@ +## Version 2023/02/12 +# make sure that your overseerr container is named overseerr +# make sure that your dns has a cname set for overseerr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name overseerr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app overseerr; + set $upstream_port 5055; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/overseerr)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app overseerr; + set $upstream_port 5055; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/paperless.subdomain.conf b/paperless.subdomain.conf new file mode 100644 index 0000000..fe62997 --- /dev/null +++ b/paperless.subdomain.conf @@ -0,0 +1,45 @@ +## Version 2023/02/05 +# Ensure your DNS has a CNAME set for mealie and that mealie container is named. + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name paperless.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app paperless-app; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/plex.subdomain.conf b/plex.subdomain.conf new file mode 100644 index 0000000..a975e43 --- /dev/null +++ b/plex.subdomain.conf @@ -0,0 +1,64 @@ +## Version 2023/02/05 +# make sure that your plex container is named plex +# make sure that your dns has a cname set for plex +# if plex is running in bridge mode and the container is named "plex", the below config should work as is +# if not, replace the line "set $upstream_app plex;" with "set $upstream_app ;" +# or "set $upstream_app ;" for host mode, HOSTIP being the IP address of plex +# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443") + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name plex.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + proxy_redirect off; + proxy_buffering off; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.10; + set $upstream_port 32400; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; + proxy_set_header X-Plex-Device $http_x_plex_device; + proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; + proxy_set_header X-Plex-Platform $http_x_plex_platform; + proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; + proxy_set_header X-Plex-Product $http_x_plex_product; + proxy_set_header X-Plex-Token $http_x_plex_token; + proxy_set_header X-Plex-Version $http_x_plex_version; + proxy_set_header X-Plex-Nocache $http_x_plex_nocache; + proxy_set_header X-Plex-Provides $http_x_plex_provides; + proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; + proxy_set_header X-Plex-Model $http_x_plex_model; + } +} diff --git a/portainer.subdomain.conf b/portainer.subdomain.conf new file mode 100644 index 0000000..d72d471 --- /dev/null +++ b/portainer.subdomain.conf @@ -0,0 +1,58 @@ +## Version 2023/02/12 +# make sure that your portainer container is named portainer +# make sure that your dns has a cname set for portainer + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name portainer.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app portainer; + set $upstream_port 9000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 + } + + location ~ (/portainer)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app portainer; + set $upstream_port 9000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 + } +} diff --git a/prowlarr.subdomain.conf b/prowlarr.subdomain.conf new file mode 100644 index 0000000..7fcedf0 --- /dev/null +++ b/prowlarr.subdomain.conf @@ -0,0 +1,54 @@ +## Version 2023/02/05 +# make sure that your prowlarr container is named prowlarr +# make sure that your dns has a cname set for prowlarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name prowlarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app prowlarr; + set $upstream_port 9696; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } + + location ~ (/prowlarr)?(/[0-9]+)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app prowlarr; + set $upstream_port 9696; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/proxmox-backups.subdomain.conf b/proxmox-backups.subdomain.conf new file mode 100755 index 0000000..50cf6a9 --- /dev/null +++ b/proxmox-backups.subdomain.conf @@ -0,0 +1,42 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name proxmox-backup.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.102; + set $upstream_port 8007; + set $upstream_proto https; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/proxmox.subdomain.conf b/proxmox.subdomain.conf new file mode 100755 index 0000000..b43d82f --- /dev/null +++ b/proxmox.subdomain.conf @@ -0,0 +1,42 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name proxmox.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.2; + set $upstream_port 8006; + set $upstream_proto https; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/radarr.subdomain.conf b/radarr.subdomain.conf new file mode 100644 index 0000000..f0853d6 --- /dev/null +++ b/radarr.subdomain.conf @@ -0,0 +1,56 @@ +## Version 2023/02/05 +# make sure that your radarr container is named radarr +# make sure that your dns has a cname set for radarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name radarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app radarr; + set $upstream_port 7878; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/radarr)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app radarr; + set $upstream_port 7878; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/sonarr.subdomain.conf b/sonarr.subdomain.conf new file mode 100644 index 0000000..bb81c33 --- /dev/null +++ b/sonarr.subdomain.conf @@ -0,0 +1,56 @@ +## Version 2023/02/05 +# make sure that your sonarr container is named sonarr +# make sure that your dns has a cname set for sonarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name sonarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app sonarr; + set $upstream_port 8989; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/sonarr)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app sonarr; + set $upstream_port 8989; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/transmission.subdomain.conf b/transmission.subdomain.conf new file mode 100644 index 0000000..0da88e3 --- /dev/null +++ b/transmission.subdomain.conf @@ -0,0 +1,66 @@ +## Version 2023/02/05 +# Make sure that DNS has a cname set for transmission +# +# Some Transmission Chrome extensions cannot handle HTTP/2 proxies as they +# rely on the HTTP Status Text to determine if they should add the +# X-Transmission-Session-Id header or not. HTTP/2 does not return this text +# so jQuery responses are empty. This causes RPCs to fail. +# +# If your extension is affected, you can remove http2 from the default server +# in /config/nginx/site-confs/default or listen on a different port that has +# no http2 servers defined. Better yet, submit a bug report with the +# extension developer to fix their extensions to support HTTP/2. + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name transmission.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app transmission; + set $upstream_port 9091; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_pass_header X-Transmission-Session-Id; + } + + location ~ (/transmission)?/rpc { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app transmission; + set $upstream_port 9091; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/vaultwarden.subdomain.conf b/vaultwarden.subdomain.conf new file mode 100644 index 0000000..fbc66d4 --- /dev/null +++ b/vaultwarden.subdomain.conf @@ -0,0 +1,100 @@ +## Version 2023/02/13 +# make sure that your vaultwarden container is named vaultwarden +# make sure that your dns has a cname set for vaultwarden +# set the environment variable WEBSOCKET_ENABLED=true on your vaultwarden container + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name pwds.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 128M; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app vaultwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/pwds)?/admin { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app vaultwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/pwds)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app vaultwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/pwds)?/notifications/hub { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app vaultwarden; + set $upstream_port 3012; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/pwds)?/notifications/hub/negotiate { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app vaultwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +}