From d35950a95455fc99b6b80046f2dbc1cc89f5b07a Mon Sep 17 00:00:00 2001 From: Lino Silva Date: Sun, 19 Mar 2023 16:41:50 +0000 Subject: [PATCH] feat: Initial commit --- authelia.subdomain.conf | 39 ++++++++++++ bazarr.subdomain.conf | 56 +++++++++++++++++ changedetection.subdomain.conf | 46 ++++++++++++++ cloud.subdomain.conf | 38 +++++++++++ dashboard.subdomain.conf | 112 +++++++++++++++++++++++++++++++++ frigate.subdomain.conf | 42 +++++++++++++ gitea.subdomain.conf | 51 +++++++++++++++ homeassistant.subdomain.conf | 64 +++++++++++++++++++ immich.subdomain.conf | 42 +++++++++++++ lidarr.subdomain.conf | 56 +++++++++++++++++ mealie.subdomain.conf | 45 +++++++++++++ metube.subdomain.conf | 46 ++++++++++++++ minio.subdomain.conf | 42 +++++++++++++ overseerr.subdomain.conf | 56 +++++++++++++++++ paperless.subdomain.conf | 45 +++++++++++++ plex.subdomain.conf | 64 +++++++++++++++++++ portainer.subdomain.conf | 58 +++++++++++++++++ prowlarr.subdomain.conf | 54 ++++++++++++++++ proxmox-backups.subdomain.conf | 42 +++++++++++++ proxmox.subdomain.conf | 42 +++++++++++++ radarr.subdomain.conf | 56 +++++++++++++++++ sonarr.subdomain.conf | 56 +++++++++++++++++ transmission.subdomain.conf | 66 +++++++++++++++++++ vaultwarden.subdomain.conf | 100 +++++++++++++++++++++++++++++ 24 files changed, 1318 insertions(+) create mode 100644 authelia.subdomain.conf create mode 100644 bazarr.subdomain.conf create mode 100644 changedetection.subdomain.conf create mode 100644 cloud.subdomain.conf create mode 100644 dashboard.subdomain.conf create mode 100755 frigate.subdomain.conf create mode 100644 gitea.subdomain.conf create mode 100644 homeassistant.subdomain.conf create mode 100755 immich.subdomain.conf create mode 100644 lidarr.subdomain.conf create mode 100644 mealie.subdomain.conf create mode 100644 metube.subdomain.conf create mode 100755 minio.subdomain.conf create mode 100644 overseerr.subdomain.conf create mode 100644 paperless.subdomain.conf create mode 100644 plex.subdomain.conf create mode 100644 portainer.subdomain.conf create mode 100644 prowlarr.subdomain.conf create mode 100755 proxmox-backups.subdomain.conf create mode 100755 proxmox.subdomain.conf create mode 100644 radarr.subdomain.conf create mode 100644 sonarr.subdomain.conf create mode 100644 transmission.subdomain.conf create mode 100644 vaultwarden.subdomain.conf diff --git a/authelia.subdomain.conf b/authelia.subdomain.conf new file mode 100644 index 0000000..5aa1209 --- /dev/null +++ b/authelia.subdomain.conf @@ -0,0 +1,39 @@ +## Version 2023/02/12 +# make sure that your authelia container is named authelia +# make sure that your dns has a cname set for authelia +# the default authelia-server and authelia-location confs included with swag rely on +# a built-in subfolder proxy at "/authelia" and enabling this proxy conf is not necessary. +# But if you'd like to use authelia via subdomain, you can enable this proxy and set +# the $authelia_backed variable in the authelia-server.conf. + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name authelia.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app authelia; + set $upstream_port 9091; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/authelia)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app authelia; + set $upstream_port 9091; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/bazarr.subdomain.conf b/bazarr.subdomain.conf new file mode 100644 index 0000000..0c58a46 --- /dev/null +++ b/bazarr.subdomain.conf @@ -0,0 +1,56 @@ +## Version 2023/02/05 +# make sure that your bazarr container is named bazarr +# make sure that your dns has a cname set for bazarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name bazarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app bazarr; + set $upstream_port 6767; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/bazarr)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app bazarr; + set $upstream_port 6767; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/changedetection.subdomain.conf b/changedetection.subdomain.conf new file mode 100644 index 0000000..bed436f --- /dev/null +++ b/changedetection.subdomain.conf @@ -0,0 +1,46 @@ +## Version 2023/02/05 +# make sure that your changedetection container is named changedetection +# make sure that your dns has a cname set for changedetection + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name changedetection.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app changedetection; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/cloud.subdomain.conf b/cloud.subdomain.conf new file mode 100644 index 0000000..2ed7861 --- /dev/null +++ b/cloud.subdomain.conf @@ -0,0 +1,38 @@ +## Version 2023/02/05 +# make sure that your nextcloud container is named nextcloud +# make sure that your dns has a cname set for nextcloud +# assuming this container is called "swag", edit your nextcloud container's config +# located at /config/www/nextcloud/config/config.php and add the following lines before the ");": +# 'trusted_proxies' => ['swag'], +# 'overwrite.cli.url' => 'https://nextcloud.example.com/', +# 'overwritehost' => 'nextcloud.example.com', +# 'overwriteprotocol' => 'https', +# +# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: +# array ( +# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. +# 1 => 'nextcloud.example.com', +# ), + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name cloud.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app nextcloud; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_hide_header X-Frame-Options; + proxy_max_temp_file_size 2048m; + } +} diff --git a/dashboard.subdomain.conf b/dashboard.subdomain.conf new file mode 100644 index 0000000..0f25211 --- /dev/null +++ b/dashboard.subdomain.conf @@ -0,0 +1,112 @@ +## Version 2022/03/19 +# Make sure that your dns has a cname set for dashboard + +server { + listen 81; + + server_name _; + + root /dashboard/www; + index index.php; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + allow 10.0.0.0/8; + allow 172.16.0.0/12; + allow 192.168.0.0/16; + deny all; + + try_files $uri $uri/ /index.php?$args =404; + } + location ~ \.php$ { + allow 10.0.0.0/8; + allow 172.16.0.0/12; + allow 192.168.0.0/16; + deny all; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name dashboard.*; + + root /dashboard/www; + index index.php; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + allow 10.0.0.0/8; + allow 172.16.0.0/12; + allow 192.168.0.0/16; + deny all; + + try_files $uri $uri/ /index.php?$args =404; + } + location ~ \.php$ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + allow 10.0.0.0/8; + allow 172.16.0.0/12; + allow 192.168.0.0/16; + deny all; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } +} diff --git a/frigate.subdomain.conf b/frigate.subdomain.conf new file mode 100755 index 0000000..88578b1 --- /dev/null +++ b/frigate.subdomain.conf @@ -0,0 +1,42 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name frigate.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.14; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/gitea.subdomain.conf b/gitea.subdomain.conf new file mode 100644 index 0000000..9a783c4 --- /dev/null +++ b/gitea.subdomain.conf @@ -0,0 +1,51 @@ +## Version 2023/02/05 +# make sure that your gitea container is named gitea +# make sure that your dns has a cname set for gitea +# edit the following parameters in /data/gitea/conf/app.ini +# [server] +# SSH_DOMAIN = gitea.server.com +# ROOT_URL = https://gitea.server.com/ +# DOMAIN = gitea.server.com + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name gitea.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app gitea; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/homeassistant.subdomain.conf b/homeassistant.subdomain.conf new file mode 100644 index 0000000..5fc4ad5 --- /dev/null +++ b/homeassistant.subdomain.conf @@ -0,0 +1,64 @@ +## Version 2023/02/05 +# make sure that your homeassistant container is named homeassistant +# make sure that your dns has a cname set for homeassistant + +# As of homeassistant 2021.7.0, it is now required to define the network range your proxy resides in, this is done in Homeassitants configuration.yaml +# https://www.home-assistant.io/integrations/http/#trusted_proxies +# Example below uses the default dockernetwork ranges, you may need to update this if you dont use defaults. +# +# http: +# use_x_forwarded_for: true +# trusted_proxies: +# - 172.16.0.0/12 + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name homeassistant.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.100; + set $upstream_port 8123; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ ^/(api|local|media)/ { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.100; + set $upstream_port 8123; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/immich.subdomain.conf b/immich.subdomain.conf new file mode 100755 index 0000000..6dd1c9d --- /dev/null +++ b/immich.subdomain.conf @@ -0,0 +1,42 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name immich.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app immich_proxy; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/lidarr.subdomain.conf b/lidarr.subdomain.conf new file mode 100644 index 0000000..3f94970 --- /dev/null +++ b/lidarr.subdomain.conf @@ -0,0 +1,56 @@ +## Version 2023/02/05 +# make sure that your lidarr container is named lidarr +# make sure that your dns has a cname set for lidarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name lidarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app lidarr; + set $upstream_port 8686; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/lidarr)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app lidarr; + set $upstream_port 8686; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/mealie.subdomain.conf b/mealie.subdomain.conf new file mode 100644 index 0000000..f3ff14f --- /dev/null +++ b/mealie.subdomain.conf @@ -0,0 +1,45 @@ +## Version 2023/02/05 +# Ensure your DNS has a CNAME set for mealie and that mealie container is named. + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name recipes.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app mealie; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/metube.subdomain.conf b/metube.subdomain.conf new file mode 100644 index 0000000..515223b --- /dev/null +++ b/metube.subdomain.conf @@ -0,0 +1,46 @@ +## Version 2023/02/05 +# make sure that your metube container is named metube +# make sure that your dns has a cname set for metube + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name yt.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app metube; + set $upstream_port 8081; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/minio.subdomain.conf b/minio.subdomain.conf new file mode 100755 index 0000000..36e7c03 --- /dev/null +++ b/minio.subdomain.conf @@ -0,0 +1,42 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name minio.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app minio; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/overseerr.subdomain.conf b/overseerr.subdomain.conf new file mode 100644 index 0000000..8849e3e --- /dev/null +++ b/overseerr.subdomain.conf @@ -0,0 +1,56 @@ +## Version 2023/02/12 +# make sure that your overseerr container is named overseerr +# make sure that your dns has a cname set for overseerr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name overseerr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app overseerr; + set $upstream_port 5055; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/overseerr)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app overseerr; + set $upstream_port 5055; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/paperless.subdomain.conf b/paperless.subdomain.conf new file mode 100644 index 0000000..fe62997 --- /dev/null +++ b/paperless.subdomain.conf @@ -0,0 +1,45 @@ +## Version 2023/02/05 +# Ensure your DNS has a CNAME set for mealie and that mealie container is named. + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name paperless.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app paperless-app; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/plex.subdomain.conf b/plex.subdomain.conf new file mode 100644 index 0000000..a975e43 --- /dev/null +++ b/plex.subdomain.conf @@ -0,0 +1,64 @@ +## Version 2023/02/05 +# make sure that your plex container is named plex +# make sure that your dns has a cname set for plex +# if plex is running in bridge mode and the container is named "plex", the below config should work as is +# if not, replace the line "set $upstream_app plex;" with "set $upstream_app ;" +# or "set $upstream_app ;" for host mode, HOSTIP being the IP address of plex +# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443") + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name plex.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + proxy_redirect off; + proxy_buffering off; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.10; + set $upstream_port 32400; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; + proxy_set_header X-Plex-Device $http_x_plex_device; + proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; + proxy_set_header X-Plex-Platform $http_x_plex_platform; + proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; + proxy_set_header X-Plex-Product $http_x_plex_product; + proxy_set_header X-Plex-Token $http_x_plex_token; + proxy_set_header X-Plex-Version $http_x_plex_version; + proxy_set_header X-Plex-Nocache $http_x_plex_nocache; + proxy_set_header X-Plex-Provides $http_x_plex_provides; + proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; + proxy_set_header X-Plex-Model $http_x_plex_model; + } +} diff --git a/portainer.subdomain.conf b/portainer.subdomain.conf new file mode 100644 index 0000000..d72d471 --- /dev/null +++ b/portainer.subdomain.conf @@ -0,0 +1,58 @@ +## Version 2023/02/12 +# make sure that your portainer container is named portainer +# make sure that your dns has a cname set for portainer + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name portainer.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app portainer; + set $upstream_port 9000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 + } + + location ~ (/portainer)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app portainer; + set $upstream_port 9000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 + } +} diff --git a/prowlarr.subdomain.conf b/prowlarr.subdomain.conf new file mode 100644 index 0000000..7fcedf0 --- /dev/null +++ b/prowlarr.subdomain.conf @@ -0,0 +1,54 @@ +## Version 2023/02/05 +# make sure that your prowlarr container is named prowlarr +# make sure that your dns has a cname set for prowlarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name prowlarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app prowlarr; + set $upstream_port 9696; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } + + location ~ (/prowlarr)?(/[0-9]+)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app prowlarr; + set $upstream_port 9696; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/proxmox-backups.subdomain.conf b/proxmox-backups.subdomain.conf new file mode 100755 index 0000000..50cf6a9 --- /dev/null +++ b/proxmox-backups.subdomain.conf @@ -0,0 +1,42 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name proxmox-backup.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.102; + set $upstream_port 8007; + set $upstream_proto https; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/proxmox.subdomain.conf b/proxmox.subdomain.conf new file mode 100755 index 0000000..b43d82f --- /dev/null +++ b/proxmox.subdomain.conf @@ -0,0 +1,42 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name proxmox.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app 10.0.2.2; + set $upstream_port 8006; + set $upstream_proto https; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/radarr.subdomain.conf b/radarr.subdomain.conf new file mode 100644 index 0000000..f0853d6 --- /dev/null +++ b/radarr.subdomain.conf @@ -0,0 +1,56 @@ +## Version 2023/02/05 +# make sure that your radarr container is named radarr +# make sure that your dns has a cname set for radarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name radarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app radarr; + set $upstream_port 7878; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/radarr)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app radarr; + set $upstream_port 7878; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/sonarr.subdomain.conf b/sonarr.subdomain.conf new file mode 100644 index 0000000..bb81c33 --- /dev/null +++ b/sonarr.subdomain.conf @@ -0,0 +1,56 @@ +## Version 2023/02/05 +# make sure that your sonarr container is named sonarr +# make sure that your dns has a cname set for sonarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name sonarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app sonarr; + set $upstream_port 8989; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/sonarr)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app sonarr; + set $upstream_port 8989; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/transmission.subdomain.conf b/transmission.subdomain.conf new file mode 100644 index 0000000..0da88e3 --- /dev/null +++ b/transmission.subdomain.conf @@ -0,0 +1,66 @@ +## Version 2023/02/05 +# Make sure that DNS has a cname set for transmission +# +# Some Transmission Chrome extensions cannot handle HTTP/2 proxies as they +# rely on the HTTP Status Text to determine if they should add the +# X-Transmission-Session-Id header or not. HTTP/2 does not return this text +# so jQuery responses are empty. This causes RPCs to fail. +# +# If your extension is affected, you can remove http2 from the default server +# in /config/nginx/site-confs/default or listen on a different port that has +# no http2 servers defined. Better yet, submit a bug report with the +# extension developer to fix their extensions to support HTTP/2. + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name transmission.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app transmission; + set $upstream_port 9091; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_pass_header X-Transmission-Session-Id; + } + + location ~ (/transmission)?/rpc { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app transmission; + set $upstream_port 9091; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/vaultwarden.subdomain.conf b/vaultwarden.subdomain.conf new file mode 100644 index 0000000..fbc66d4 --- /dev/null +++ b/vaultwarden.subdomain.conf @@ -0,0 +1,100 @@ +## Version 2023/02/13 +# make sure that your vaultwarden container is named vaultwarden +# make sure that your dns has a cname set for vaultwarden +# set the environment variable WEBSOCKET_ENABLED=true on your vaultwarden container + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name pwds.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 128M; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app vaultwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/pwds)?/admin { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app vaultwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/pwds)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app vaultwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/pwds)?/notifications/hub { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app vaultwarden; + set $upstream_port 3012; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/pwds)?/notifications/hub/negotiate { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app vaultwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +}