show POC for SWAG

This commit is contained in:
thelamer
2025-09-01 17:28:36 -04:00
parent 228bb42aea
commit 84fc26f86a
85 changed files with 282 additions and 5049 deletions
+222 -242
View File
@@ -437,269 +437,249 @@ subdomains:
port: 80
- name: tinyauth
port: 3000
subfolders:
- name: airsonic
port: 4040
- name: audiobookshelf
# --- MIGRATED FROM CUSTOM ---
- name: adguard
port: 80
- name: booksonic
port: 4040
- name: couchpotato
port: 5050
- name: domoticz
port: 8080
- name: flaresolverr
port: 8191
- name: headphones
port: 8181
- name: lazylibrarian
port: 5299
- name: medusa
port: 8081
- name: metube
port: 8081
- name: mylar
port: 8090
- name: pyload
port: 8000
- name: quassel-web
port: 64080
- name: sickchill
port: 8081
- name: sickrage
port: 8081
- name: slskd
port: 5000
- name: smokeping
extra_locations:
- path: /control
- path: /dns-query
- name: aria2-with-webui
port: 80
- name: webtop
port: 3000
- name: znc
port: 6501
- name: adminer
extra_locations:
- path: /jsonrpc
port: 6800
proxy_pass_path: /jsonrpc
- path: /rpc
port: 6800
proxy_pass_path: /rpc
- name: asciinema
port: 4000
extra_locations:
- path: /dashboard
port: 4002
- name: authelia
port: 9091
extra_locations:
- path: /api
- name: authentik
port: 9000
extra_locations:
- path: /api
- name: bitwarden
port: 8080
redirect: true
- name: autobrr
port: 7474
redirect: true
- name: crontabui
port: 8000
redirect: true
rewrite: true
- name: dockge
port: 5001
redirect: true
- name: gatus
client_max_body_size: 128M
extra_locations:
- path: /admin
- path: /api
- path: /notifications/hub
- name: calibre
port: 8080
redirect: true
- name: miniflux
port: 8080
redirect: true
- name: monitorr
buffering_off: true
extra_locations:
- path: /content-server/
port: 8081
- name: calibre-web
port: 8083
proxy_set_headers:
- key: X-Scheme
value: $scheme
extra_locations:
- path: /opds/
proxy_set_headers:
- key: X-Scheme
value: $scheme
- path: /kobo/
proxy_set_headers:
- key: X-Forwarded-Host
value: $http_host
- key: X-Scheme
value: $scheme
custom_directives:
- proxy_buffer_size 128k
- proxy_buffers 4 256k
- proxy_busy_buffers_size 256k
- name: emby
port: 8096
proxy_set_headers:
- key: Range
value: $http_range
- key: If-Range
value: $http_if_range
- name: emulatorjs
port: 80
redirect: true
- name: petio
port: 7777
redirect: true
- name: planka
port: 1337
redirect: true
- name: qui
port: 7476
redirect: true
- name: shinobi
extra_locations:
- path: /backend/
port: 3000
- name: filebrowser
port: 8080
redirect: true
- name: spoolman
port: 8000
redirect: true
- name: ddns-updater
port: 8000
api: true
- name: kavita
port: 5000
redirect: true
api: true
- name: komga
port: 25600
redirect: true
api: true
- name: lidarr
port: 8686
api: true
- name: radarr
port: 7878
api: true
- name: readarr
port: 8787
api: true
- name: sabnzbd
port: 8080
api: true
- name: sonarr
port: 8989
api: true
- name: whisparr
port: 6969
api: true
- name: dokuwiki
port: 80
redirect: true
rewrite: true
- name: duplicati
port: 8200
redirect: true
rewrite: true
- name: filebot
port: 5800
redirect: true
rewrite: true
- name: flood
port: 3000
redirect: true
rewrite: true
- name: forgejo
port: 3000
redirect: true
rewrite: true
extra_locations:
- path: /api/public
- path: /share
- path: /static
- name: gitea
port: 3000
redirect: true
rewrite: true
- name: glances
port: 61208
redirect: true
rewrite: true
- name: guacamole
port: 8080
redirect: true
rewrite: true
buffering_off: true
- name: homepage
port: 3000
rewrite: true
- name: lychee
port: 80
redirect: true
rewrite: true
- name: netdata
port: 19999
redirect: true
rewrite: true
- name: phpmyadmin
port: 80
redirect: true
rewrite: true
- name: picard
extra_locations:
- path: /(api|info/lfs)
- name: homeassistant
port: 8123
extra_locations:
- path: ^/(api|local|media)/
- name: jackett
port: 9117
extra_locations:
- path: /api
- path: /dl
- name: jdownloader
port: 5800
redirect: true
rewrite: true
- name: scope
port: 4040
redirect: true
rewrite: true
- name: semaphore
extra_locations:
- path: /websockify
proxy_pass_path: /websockify
- name: metabase
port: 3000
rewrite: true
- name: thelounge
extra_locations:
- path: ^/api
- name: nzbget
port: 6789
extra_locations:
- path: /(/[^\/:]*:[^\/:]*)?/jsonrpc
- path: /(/[^\/:]*:[^\/]*)?/jsonprpc
- path: /(/[^\/:]*:[^\/]*)?/xmlrpc
- name: nzbhydra
port: 5076
extra_locations:
- path: /api
- path: /getnzb
- path: /gettorrent
- path: /rss
- path: /torznab/api
- name: ombi
port: 3579
extra_locations:
- path: /api
- path: /swagger
custom_directives:
- if ($http_referer ~* /ombi) { rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect; }
- name: organizr
port: 80
- name: pihole
port: 80
proxy_hide_headers:
- X-Frame-Options
extra_locations:
- path: /admin
proxy_hide_headers:
- X-Frame-Options
- name: plex
port: 32400
proxy_redirect_off: true
buffering_off: true
proxy_set_headers:
- { key: X-Plex-Client-Identifier, value: $http_x_plex_client_identifier }
- { key: X-Plex-Device, value: $http_x_plex_device }
- { key: X-Plex-Device-Name, value: $http_x_plex_device_name }
- { key: X-Plex-Platform, value: $http_x_plex_platform }
- { key: X-Plex-Platform-Version, value: $http_x_plex_platform_version }
- { key: X-Plex-Product, value: $http_x_plex_product }
- { key: X-Plex-Token, value: $http_x_plex_token }
- { key: X-Plex-Version, value: $http_x_plex_version }
- { key: X-Plex-Nocache, value: $http_x_plex_nocache }
- { key: X-Plex-Provides, value: $http_x_plex_provides }
- { key: X-Plex-Device-Vendor, value: $http_x_plex_device_vendor }
- { key: X-Plex-Model, value: $http_x_plex_model }
extra_locations:
- path: /library/streams/
custom_directives:
- proxy_pass_request_headers off
- name: plexwebtools
port: 33400
app: plex
- name: portainer
port: 9000
redirect: true
rewrite: true
proxy_hide_headers:
- X-Frame-Options
extra_locations:
- path: /api
proxy_hide_headers:
- X-Frame-Options
- name: prometheus
port: 9090
extra_locations:
- path: /api
- path: /-/(healthy|ready|reload|quit)
- name: prowlarr
port: 9696
extra_locations:
- path: /(/[0-9]+)?/api
- path: /(/[0-9]+)?/download
- name: pterodactylnode
port: 443
extra_locations:
- path: /api
- name: sonarrtorss
port: 18989
extra_locations:
- path: ^/(api/|sonarr$|rss$|atom$|json$)
- name: synclounge
port: 8088
websockets: true
- name: syncthing
port: 8384
proxy_hide_headers:
- Authorization
extra_locations:
- path: /rest
proxy_hide_headers:
- Authorization
- name: tautulli
port: 8181
extra_locations:
- path: /api
- path: /newsletter
- path: /image
- name: transmission
port: 9091
proxy_pass_headers:
- X-Transmission-Session-Id
extra_locations:
- path: /rpc
- name: ubooquity
port: 2202
extra_locations:
- path: /admin
port: 2203
- path: /admin-res
port: 2203
- path: /admin-api
port: 2203
- name: uptime-kuma
port: 3001
extra_locations:
- path: /(status|assets|icon.svg)
- name: vaultwarden
port: 80
client_max_body_size: 128M
extra_locations:
- path: ^/admin
- path: /api
- path: /notifications/hub
- name: watchstate
port: 8080
extra_locations:
- path: /v1/api
- name: wikijs
port: 3000
extra_locations:
- path: /graphql
custom:
subdomains:
- adguard
- aria2-with-webui
- asciinema
- authelia
- authentik
- bitwarden
- calibre
- calibre-web
- code-server
- emby
- emulatorjs
- filebrowser
- gitea
- homeassistant
- jackett
- jdownloader
- jellyfin
- kasm
- mailcow
- metabase
- nextcloud
- nexusoss
- nzbget
- nzbhydra
- ombi
- openvpn-as
- openvscode-server
- organizr
- pihole
- plex
- plexwebtools
- portainer
- prometheus
- prowlarr
- pterodactylnode
- pydio-cells
- recipes
- rutorrent
- sonarrtorss
- synapse
- synclounge
- syncthing
- tautulli
- transmission
- ubooquity
- uptime-kuma
- vaultwarden
- watchstate
- wikijs
subfolders:
- bazarr
- beets
- beszel
- boinc
- calibre
- calibre-web
- deluge
- dozzle
- emby
- filebrowser
- flexget
- freshrss
- gaps
- grafana
- jackett
- jenkins
- jfa-go
- mailu
- monica
- mytinytodo
- nextcloud
- nzbget
- nzbhydra
- ombi
- organizr-auth
- organizr
- pihole
- plex
- plexwebtools
- portainer
- prowlarr
- rclone
- rutorrent
- sonarrtorss
- synclounge
- syncthing
- tautulli
- themepark
- transmission
- tvheadend
- ubooquity
- vaultwarden
- wordpress
- youtube-dl
@@ -1,76 +0,0 @@
## Version 2025/07/18
# make sure that your adguard container is named adguard
# make sure that your dns has a cname set for adguard
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name adguard.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app adguard;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /control {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app adguard;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /dns-query {
# to properly use this please set `allow_unencrypted_doh: true` and `force_https: false` in adguard
# see https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app adguard;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,78 +0,0 @@
## Version 2025/07/18
# make sure that your aria2 container is named aria2-with-webui
# make sure that your dns has a cname set for aria2
#
# The RPC port will need to be changed to 443 in the AriaNg/WebUI-Aria2 settings or by using the AriaNg command api
# e.g. https://aria2.example.com/#!/settings/rpc/set/https/aria2.example.com/443/jsonrpc
# https://aria2.example.com/#!/settings/rpc/set?protocol=https&host=aria2.example.com&port=443&interface=aria2-with-webui/jsonrpc
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name aria2.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app aria2-with-webui;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/aria2-with-webui)?/jsonrpc {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app aria2-with-webui;
set $upstream_port 6800;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port/jsonrpc;
}
location ~ (/aria2-with-webui)?/rpc {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app aria2-with-webui;
set $upstream_port 6800;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port/rpc;
}
}
@@ -1,78 +0,0 @@
## Version 2025/07/18
# make sure that your asciinema container is named asciinema
# make sure that your dns has a cname set for asciinema
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name asciinema.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app asciinema;
set $upstream_port 4000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/asciinema)?/dashboard {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app asciinema;
set $upstream_port 4002;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,37 +0,0 @@
## Version 2025/07/18
# make sure that your authelia container is named authelia
# make sure that your dns has a cname set for authelia
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name authelia.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app authelia;
set $upstream_port 9091;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/authelia)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app authelia;
set $upstream_port 9091;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,37 +0,0 @@
## Version 2025/07/18
# make sure that your authentik container is named authentik-server
# make sure that your dns has a cname set for authentik
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name authentik.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app authentik-server;
set $upstream_port 9000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/authentik)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app authentik-server;
set $upstream_port 9000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,40 +0,0 @@
## Version 2023/02/05
# make sure that your bazarr container is named bazarr
# make sure that bazarr is set to work with the base url /bazarr/
location /bazarr {
return 301 $scheme://$host/bazarr/;
}
location ^~ /bazarr/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bazarr;
set $upstream_port 6767;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /bazarr/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bazarr;
set $upstream_port 6767;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,29 +0,0 @@
## Version 2023/02/05
# make sure that your beets container is named beets
# make sure that beets is set to work with the base url /beets/
# first edit beets.yml and enable the reverse proxy settings, under "web" add "reverse_proxy: true" and restart the beets container
location /beets {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app beets;
set $upstream_port 8337;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /beets;
}
@@ -1,41 +0,0 @@
## Version 2023/02/05
# make sure that your beszel container is named beszel
# make sure that beszel is set to work with the base url /beszel/
location /beszel {
return 301 $scheme://$host/beszel/;
}
location ^~ /beszel/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app beszel;
set $upstream_port 8090;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /beszel/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app beszel;
set $upstream_port 8090;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,104 +0,0 @@
## Version 2025/07/18
# make sure that your bitwarden container is named bitwarden
# make sure that your dns has a cname set for bitwarden
# if you are using bitwarden (the official image), use the bitwarden conf
# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf
#
# bitwarden defaults to port 8080 and can be changed using the environment variable BW_PORT_HTTP on the bitwarden container
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name bitwarden.*;
include /config/nginx/ssl.conf;
client_max_body_size 128M;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bitwarden;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/bitwarden)?/admin {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bitwarden;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/bitwarden)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bitwarden;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/bitwarden)?/notifications/hub {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bitwarden;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,60 +0,0 @@
## Version 2023/02/05
# make sure that your bionc container is named bionc
# make sure that bionc is set to work with the base url /bionc/
# In boinc docker arguments, set an env variable for SUBFOLDER=/boinc/
location /boinc {
return 301 $scheme://$host/boinc/;
}
location ^~ /boinc/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app boinc;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_buffering off;
}
# If using subfolders for multiple Linux Desktop containers (full gui apps being rendered over web).
# You will need to modify this path and modify the the client settings in the application.
# Settings > Advanced > Websocket > Path
# IE websockify-boinc
location ^~ /websockify {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app boinc;
set $upstream_port 6901;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_buffering off;
}
@@ -1,86 +0,0 @@
## Version 2025/07/18
# make sure that your calibre-web container is named calibre-web
# make sure that your dns has a cname set for calibre-web
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name calibre-web.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
# To use Authelia to log in to Calibre-Web, make sure "Reverse Proxy Login" is
# enabled, "Reverse Proxy Header Name" is set to Remote-User, and each Authelia
# user also has a corresponding user manually created in Calibre-Web.
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app calibre-web;
set $upstream_port 8083;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header X-Scheme $scheme;
}
# OPDS feed for eBook reader apps
# Even if you use Authelia, the OPDS feed requires a password to be set for
# the user directly in Calibre-Web, as eBook reader apps don't support
# form-based logins, only HTTP Basic auth.
location /opds/ {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app calibre-web;
set $upstream_port 8083;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header X-Scheme $scheme;
}
# Feed for Kobo
location /kobo/ {
include /config/nginx/resolver.conf;
set $upstream_app calibre-web;
set $upstream_port 8083;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Scheme $scheme;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
}
@@ -1,64 +0,0 @@
## Version 2023/02/05
# make sure that your calibre-web container is named calibre-web
# calibre-web does not require a base url setting
location /calibre-web {
return 301 $scheme://$host/calibre-web/;
}
location ^~ /calibre-web/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# To use Authelia to log in to Calibre-Web, make sure "Reverse Proxy Login" is
# enabled, "Reverse Proxy Header Name" is set to Remote-User, and each Authelia
# user also has a corresponding user manually created in Calibre-Web.
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app calibre-web;
set $upstream_port 8083;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /calibre-web;
}
# OPDS feed for eBook reader apps
# Even if you use Authelia, the OPDS feed requires a password to be set for
# the user directly in Calibre-Web, as eBook reader apps don't support
# form-based logins, only HTTP Basic auth.
location ^~ /calibre-web/opds/ {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app calibre-web;
set $upstream_port 8083;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /calibre-web;
}
# Feed for Kobo
location ^~ /calibre-web/kobo/ {
include /config/nginx/resolver.conf;
set $upstream_app calibre-web;
set $upstream_port 8083;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /calibre-web;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
@@ -1,87 +0,0 @@
## Version 2025/07/18
# make sure that your calibre container is named calibre
# make sure that your dns has a cname set for calibre
# for the content server, go into calibre preferences / sharing over the net / advanced and
# set the first option for prefix url to '/content-server', save and restart the container
# the content server will be accessible at 'https://calibre.domain.com/content-server/'
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name calibre.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app calibre;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_buffering off;
}
location /content-server {
return 301 $scheme://$host/content-server/;
}
location ^~ /content-server/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app calibre;
set $upstream_port 8081;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,89 +0,0 @@
## Version 2023/02/05
# make sure that your calibre container is named calibre
# make sure that calibre is set to work with the base url /calibre/
# In calibre docker arguments, set an env variable for SUBFOLDER=/calibre/
# for the content server, go into calibre preferences / sharing over the net / advanced and
# set the first option for prefix url to '/content-server', save and restart the container
# the content server will be accessible at 'https://domain.com/content-server/'
location /calibre {
return 301 $scheme://$host/calibre/;
}
location ^~ /calibre/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app calibre;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /content-server {
return 301 $scheme://$host/content-server/;
}
location ^~ /content-server/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app calibre;
set $upstream_port 8081;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
# If using subfolders for multiple Linux Desktop containers (full gui apps being rendered over web).
# You will need to modify this path and modify the the client settings in the application.
# Settings > Advanced > Websocket > Path
# IE websockify-calibre
location ^~ /websockify {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app calibre;
set $upstream_port 6901;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_buffering off;
}
@@ -1,32 +0,0 @@
## Version 2023/02/05
# make sure that your deluge container is named deluge
# deluge does not require a base url setting
location /deluge {
return 301 $scheme://$host/deluge/;
}
location ^~ /deluge/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app deluge;
set $upstream_port 8112;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /deluge(.*) $1 break;
proxy_set_header X-Deluge-Base "/deluge/";
}
@@ -1,34 +0,0 @@
## Version 2023/02/05
# make sure that your dozzle container is named dozzle
# make sure that dozzle is set to work with the base url /dozzle/
# First either add "--base /dozzle" or "-e DOZZLE_BASE=/dozzle" to your docker run command, and restart the Dozzle container
location /dozzle {
return 301 $scheme://$host/dozzle/;
}
location ^~ /dozzle/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app dozzle;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
}
-33
View File
@@ -1,33 +0,0 @@
## Version 2025/07/18
# make sure that your emby container is named emby
# make sure that your dns has a cname set for emby
# if emby is running in bridge mode and the container is named "emby", the below config should work as is
# if not, replace the line "set $upstream_app emby;" with "set $upstream_app <containername>;"
# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of emby
# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url,
# and set the "Secure connection mode" to "Handled by reverse proxy"
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name emby.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app emby;
set $upstream_port 8096;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
}
}
-34
View File
@@ -1,34 +0,0 @@
## Version 2023/02/05
# make sure that your emby container is named emby
# emby does not require a base url setting
# if emby is running in bridge mode and the container is named "emby", the below config should work as is
# if not, replace the line "set $upstream_app emby;" with "set $upstream_app <containername>;"
# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of emby
# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url and subdomain,
# and set the "Secure connection mode" to "Handled by reverse proxy"
location /emby {
return 301 $scheme://$host/emby/;
}
location ^~ /emby/ {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app emby;
set $upstream_port 8096;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
}
location ^~ /embywebsocket {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app emby;
set $upstream_port 8096;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,85 +0,0 @@
## Version 2025/07/18
# make sure that your emulatorjs container is named emulatorjs
# make sure that your dns has a cname set for emulatorjs
# In emulatorjs docker arguments, set an env variable for SUBFOLDER=/backend/
# The backend interface will be accessible at https://emulatorjs.yourdomain.com/backend/
# Don't forget to enable auth at least for the /backend/ location
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name emulatorjs.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app emulatorjs;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /backend {
return 301 $scheme://$host/backend/;
}
location ^~ /backend/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app emulatorjs;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,80 +0,0 @@
## Version 2025/07/18
# make sure that your filebrowser container is named filebrowser
# make sure that your dns has a cname set for filebrowser
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name filebrowser.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app filebrowser;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/filebrowser)?/api/public {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app filebrowser;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/filebrowser)?/share {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app filebrowser;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/filebrowser)?/static {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app filebrowser;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,61 +0,0 @@
## Version 2023/02/05
# make sure that your filebrowser container is named filebrowser
# make sure that filebrowser is set to work with the base url /filebrowser/
# set this environment variable on your filebrowser container FB_BASEURL=/filebrowser
location /filebrowser {
return 301 $scheme://$host/filebrowser/;
}
location ^~ /filebrowser/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app filebrowser;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /filebrowser/api/public {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app filebrowser;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /filebrowser/share {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app filebrowser;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /filebrowser/static {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app filebrowser;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,39 +0,0 @@
## Version 2023/02/12
# make sure that your flexget container is named flexget
# make sure that flexget is set to work with the base url /flexget/
# make sure to set 'base_url: /flexget' under your flexget's config.yml web_server block
location /flexget {
return 301 $scheme://$host/flexget/;
}
location ^~ /flexget/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app flexget;
set $upstream_port 5050;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /flexget/api/ {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app flexget;
set $upstream_port 5050;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,36 +0,0 @@
## Version 2023/02/05
# make sure that your freshrss container is named freshrss
# freshrss does not require a base url setting
location /freshrss {
return 301 $scheme://$host/freshrss/;
}
location ^~ /freshrss/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app freshrss;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /freshrss(.*) $1 break;
proxy_buffering off;
proxy_set_header X-Forwarded-Port $server_port;
proxy_cookie_path / "/; HTTPOnly; Secure";
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
}
-33
View File
@@ -1,33 +0,0 @@
## Version 2023/02/05
# make sure that your gaps container is named gaps
# make sure that gaps is set to work with the base url /gaps/
# In your Docker compose (or docker run) add: BASE_URL: /gaps
location /gaps {
return 301 $scheme://$host/gaps/;
}
location ^~ /gaps/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app gaps;
set $upstream_port 8484;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# Uncomment to allow loading in an iframe (i.e. Organizr)
# proxy_hide_header X-Frame-Options;
}
@@ -1,69 +0,0 @@
## Version 2025/07/18
# make sure that your gitea container is named gitea
# make sure that your dns has a cname set for gitea
# edit the following parameters in /data/gitea/conf/app.ini
# [server]
# SSH_DOMAIN = gitea.server.com
# ROOT_URL = https://gitea.server.com/
# DOMAIN = gitea.server.com
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name gitea.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app gitea;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/gitea)?/(api|info/lfs) {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app gitea;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,50 +0,0 @@
## Version 2023/04/20
# make sure that your grafana container is named grafana
# make sure that grafana is set to work with the base url /grafana/
# grafana requires environment variables set thus:
# environment:
# - "GF_SERVER_ROOT_URL=https://my.domain.com/grafana"
# - "GF_SERVER_DOMAIN=https://my.domain.com/"
location ^~ /grafana/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app grafana;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# Clear Authorization Header if you are using http auth and normal Grafana auth
#proxy_set_header Authorization "";
rewrite ^/grafana/(.*)$ /$1 break;
}
location ^~ /grafana/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app grafana;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# Clear Authorization Header if you are using http auth and normal Grafana auth
#proxy_set_header Authorization "";
rewrite ^/grafana/(.*)$ /$1 break;
}
@@ -1,72 +0,0 @@
## Version 2025/07/18
# make sure that your homeassistant container is named homeassistant
# make sure that your dns has a cname set for homeassistant
# As of homeassistant 2021.7.0, it is now required to define the network range your proxy resides in, this is done in Homeassitants configuration.yaml
# https://www.home-assistant.io/integrations/http/#trusted_proxies
# Example below uses the default dockernetwork ranges, you may need to update this if you dont use defaults.
#
# http:
# use_x_forwarded_for: true
# trusted_proxies:
# - 172.16.0.0/12
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name homeassistant.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app homeassistant;
set $upstream_port 8123;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ ^/(api|local|media)/ {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app homeassistant;
set $upstream_port 8123;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,74 +0,0 @@
## Version 2025/07/18
# make sure that your jackett container is named jackett
# make sure that your dns has a cname set for jackett
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name jackett.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app jackett;
set $upstream_port 9117;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/jackett)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app jackett;
set $upstream_port 9117;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/jackett)?/dl {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app jackett;
set $upstream_port 9117;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,46 +0,0 @@
## Version 2023/02/05
# make sure that your jackett container is named jackett
# make sure that jackett is set to work with the base url /jackett/
location ^~ /jackett {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app jackett;
set $upstream_port 9117;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /jackett/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app jackett;
set $upstream_port 9117;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /jackett/dl {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app jackett;
set $upstream_port 9117;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,62 +0,0 @@
## Version 2025/08/07
# make sure that your jdownloader container is named jdownloader
# make sure that your dns has a cname set for jdownloader
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name jdownloader.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app jdownloader;
set $upstream_port 5800;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/jdownloader)?/websockify {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app jdownloader;
set $upstream_port 5800;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port/websockify;
}
}
@@ -1,39 +0,0 @@
## Version 2023/02/05
# make sure that your jenkins container is named jenkins
# make sure that jenkins is set to work with the base url /jenkins/
# First either add '--prefix=/jenkins' or '-e JENKINS_OPTS="--prefix=/jenkins"' to your docker run command, and restart the Jenkins container.
# Also be sure to add '/jenkins/' to your URL under: Jenkins > Configuration > Manage Jenkins > Jenkins URL
location /jenkins {
return 301 $scheme://$host/jenkins/;
}
location ^~ /jenkins/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app jenkins;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# This is the maximum upload size
client_max_body_size 10m;
sendfile off;
proxy_max_temp_file_size 0;
proxy_temp_file_write_size 64k;
proxy_request_buffering off;
proxy_buffering off;
}
@@ -1,33 +0,0 @@
## Version 2023/02/05
# make sure that your jfa-go container is named jfa-go
# make sure to set the URL base (“Reverse Proxy subfolder”) in jfa-go > Settings > General (ui > url_base in jfa-go config.ini) to "/jfa-go/"
location /jfa-go {
return 301 $scheme://$host/jfa-go/;
}
location ^~ /jfa-go/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app jfa-go;
set $upstream_port 8056;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# Remove the CSP header set for Jellyfin
proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy "";
}
@@ -1,60 +0,0 @@
## Version 2023/02/05
# make sure that your mailu container is named mailu
# mailu does not require a base url setting
# This config have been tested with "TLS_FLAVOR=mail"
# To avoid errors you must change in docker-compose ports: 80 and 443, more info: https://mailu.io/1.7/reverse.html
location /admin {
return 301 $scheme://$host/admin/;
}
location ^~ /admin/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app front;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /webmail {
return 301 $scheme://$host/webmail/;
}
location ^~ /webmail/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app front;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,62 +0,0 @@
## Version 2025/07/18
# make sure that your metabase container is named metabase
# make sure that your dns has a cname set for metabase
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name metabase.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app metabase;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ ^/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app metabase;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,31 +0,0 @@
## Version 2023/02/05
# make sure that your monica container is named monica
# make sure that monica is set to work with the base url /monica/
# Set the monica Docker container's APP_URL to a fully-qualified domain that ends with /monica/ and restart the container.
# Example: https://yourhost.cc/monica/
location /monica {
return 301 $scheme://$host/monica/;
}
location ^~ /monica/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app monica;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,31 +0,0 @@
## Version 2023/02/05
# make sure that your mytinytodo container is named mytinytodo
# make sure that mytinytodo is set to work with the base url /todo/
# works with https://github.com/breakall/mytinytodo-docker
# set the mtt_url to 'https://your.domain.com/todo/' in db/config.php
location /todo {
return 301 $scheme://$host/todo/;
}
location ^~ /todo/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app mytinytodo;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port/;
}
@@ -1,51 +0,0 @@
## Version 2024/04/25
# make sure that your nextcloud container is named nextcloud
# make sure that nextcloud is set to work with the base url /nextcloud/
# Assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
# 'trusted_proxies' => [gethostbyname('swag')],
# 'overwritewebroot' => '/nextcloud',
# 'overwrite.cli.url' => 'https://example.com/nextcloud',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
# array (
# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
# 1 => 'example.com',
# ),
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in the Nextcloud `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /nextcloud/remote.php/dav/; }
location = /.well-known/caldav { return 301 /nextcloud/remote.php/dav/; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /nextcloud/index.php$request_uri;
}
location ^~ /nextcloud/ {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nextcloud;
set $upstream_port 443;
set $upstream_proto https;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /nextcloud(.*) $1 break;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_ssl_session_reuse off;
# Hide proxy response headers from Nextcloud that conflict with ssl.conf
# Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan
proxy_hide_header Referrer-Policy;
proxy_hide_header X-Content-Type-Options;
proxy_hide_header X-Frame-Options;
proxy_hide_header X-XSS-Protection;
# Disable proxy buffering
proxy_buffering off;
}
@@ -1,84 +0,0 @@
## Version 2025/07/18
# make sure that your nzbget container is named nzbget
# make sure that your dns has a cname set for nzbget
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name nzbget.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbget;
set $upstream_port 6789;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/nzbget)?(/[^\/:]*:[^\/:]*)?/jsonrpc {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbget;
set $upstream_port 6789;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/nzbget)?(/[^\/:]*:[^\/]*)?/jsonprpc {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbget;
set $upstream_port 6789;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/nzbget)?(/[^\/:]*:[^\/]*)?/xmlrpc {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbget;
set $upstream_port 6789;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,57 +0,0 @@
## Version 2023/02/05
# make sure that your nzbget container is named nzbget
# make sure that nzbget is set to work with the base url /nzbget/
# nzbget does not require a base url setting
location /nzbget {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbget;
set $upstream_port 6789;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ /nzbget(/[^\/:]*:[^\/]*)?/jsonrpc {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbget;
set $upstream_port 6789;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ /nzbget(/[^\/:]*:[^\/]*)?/jsonprpc {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbget;
set $upstream_port 6789;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ /nzbget(/[^\/:]*:[^\/]*)?/xmlrpc {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbget;
set $upstream_port 6789;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,104 +0,0 @@
## Version 2025/07/18
# make sure that your nzbhydra container is named nzbhydra2
# make sure that your dns has a cname set for nzbhydra
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name nzbhydra.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbhydra2;
set $upstream_port 5076;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/nzbhydra)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbhydra2;
set $upstream_port 5076;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/nzbhydra)?/getnzb {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbhydra2;
set $upstream_port 5076;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/nzbhydra)?/gettorrent {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbhydra2;
set $upstream_port 5076;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/nzbhydra)?/rss {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbhydra2;
set $upstream_port 5076;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/nzbhydra)?/torznab/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbhydra2;
set $upstream_port 5076;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,77 +0,0 @@
## Version 2023/02/05
# make sure that your nzbhydra container is named nzbhydra2
# make sure that nzbhydra is set to work with the base url /nzbhydra/
# first go into nzbhydra settings, set the URL Base to /nzbhydra, then disable CSRF protection on the same page and restart the nzbhydra container
location ^~ /nzbhydra {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbhydra2;
set $upstream_port 5076;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /nzbhydra/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbhydra2;
set $upstream_port 5076;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /nzbhydra/getnzb {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbhydra2;
set $upstream_port 5076;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /nzbhydra/gettorrent {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbhydra2;
set $upstream_port 5076;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /nzbhydra/rss {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbhydra2;
set $upstream_port 5076;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /nzbhydra/torznab/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nzbhydra2;
set $upstream_port 5076;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
-80
View File
@@ -1,80 +0,0 @@
## Version 2025/07/18
# make sure that your ombi container is named ombi
# make sure that your dns has a cname set for ombi
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name ombi.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app ombi;
set $upstream_port 3579;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
# This allows access to the actual api
location ~ (/ombi)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app ombi;
set $upstream_port 3579;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
# This allows access to the documentation for the api
location ~ (/ombi)?/swagger {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app ombi;
set $upstream_port 3579;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
if ($http_referer ~* /ombi) {
rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect;
}
}
-61
View File
@@ -1,61 +0,0 @@
## Version 2023/02/05
# make sure that your ombi container is named ombi
# make sure that ombi is set to work with the base url /ombi/
# first go into ombi settings, under the menu "Ombi" set the base url to /ombi and restart the ombi container
location /ombi {
return 301 $scheme://$host/ombi/;
}
location ^~ /ombi/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app ombi;
set $upstream_port 3579;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
# This allows access to the actual api
location ^~ /ombi/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app ombi;
set $upstream_port 3579;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
if ($http_referer ~* /ombi) {
rewrite ^/api/(.*) /ombi/api/$1? redirect;
}
# This allows access to the documentation for the api
location ^~ /ombi/swagger {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app ombi;
set $upstream_port 3579;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
if ($http_referer ~* /ombi) {
rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect;
}
@@ -1,41 +0,0 @@
## Version 2023/02/05
# make sure that your organizr container is named organizr
# To use config this with subfolder proxies:
# Rename this file to organizr-auth.subfolder.conf
# Add one of the auth_request lines from the comments below
# ex:
# auth_request /auth-0;
#
# To use config this with subdomain proxies:
# Rename this file to organizr-auth.subfolder.conf (the subfolder file name is still used)
# Add the following line in your other subdomain proxy configs
# include /config/nginx/proxy-confs/organizr-auth.subfolder.conf;
# Add one of the auth_request lines from the comments below
# ex:
# include /config/nginx/proxy-confs/organizr-auth.subfolder.conf;
# auth_request /auth-0;
location ~ /auth-([0-9]+) {
internal;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_auth_app organizr;
set $upstream_auth_port 80;
set $upstream_auth_proto http;
proxy_pass $upstream_auth_proto://$upstream_auth_app:$upstream_auth_port/api/v2/auth?group=$1;
proxy_set_header Content-Length "";
# Do not uncomment the lines below, these are examples for use in other proxy configs
#auth_request /auth-0; #=Admin
#auth_request /auth-1; #=Co-Admin
#auth_request /auth-2; #=Super User
#auth_request /auth-3; #=Power User
#auth_request /auth-4; #=User
#auth_request /auth-998; #=Logged In
#auth_request /auth-999; #=Guest
}
# Optional redirect server authentication errors to organizr authentication page
# NOTE: $host must be modified to your public URL when using subdomain proxies
#error_page 401 $scheme://$host/?error=$status&return=$scheme://$http_host$request_uri;
@@ -1,58 +0,0 @@
## Version 2025/07/18
# make sure that your organizr container is named organizr
# make sure that your dns has a cname set for organizr
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name organizr.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app organizr;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
# Optional redirect server errors to organizr error pages
#error_page 400 402 403 404 405 408 500 502 503 504 $scheme://$host/?error=$status;
}
@@ -1,29 +0,0 @@
## Version 2023/02/05
# make sure that your organizr container is named organizr
# In order to use this location block you need to edit the default file one folder up and comment out the / and ~ \.php$ locations
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app organizr;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
# Optional redirect server errors to organizr error pages
#error_page 400 402 403 404 405 408 500 502 503 504 $scheme://$host/?error=$status;
@@ -1,82 +0,0 @@
## Version 2025/07/18
# make sure that your pihole container is named pihole
# make sure that your dns has a cname set for pihole
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name pihole.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app pihole;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_hide_header X-Frame-Options;
}
location /admin {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app pihole;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_hide_header X-Frame-Options;
}
}
@@ -1,61 +0,0 @@
## Version 2023/02/05
# make sure that your pihole container is named pihole
# pihole does not require a base url setting
location /pihole {
return 301 $scheme://$host/pihole/;
}
location ^~ /pihole/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app pihole;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /pihole(.*) $1 break;
proxy_hide_header X-Frame-Options;
}
location /pihole/admin {
return 301 $scheme://$host/pihole/admin/;
}
location ^~ /pihole/admin/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app pihole;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /pihole(.*) $1 break;
proxy_hide_header X-Frame-Options;
}
-80
View File
@@ -1,80 +0,0 @@
## Version 2025/07/18
# make sure that your plex container is named plex
# make sure that your dns has a cname set for plex
# if plex is running in bridge mode and the container is named "plex", the below config should work as is
# if not, replace the line "set $upstream_app plex;" with "set $upstream_app <containername>;"
# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of plex
# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443")
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name plex.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
proxy_redirect off;
proxy_buffering off;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app plex;
set $upstream_port 32400;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
proxy_set_header X-Plex-Device $http_x_plex_device;
proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
proxy_set_header X-Plex-Platform $http_x_plex_platform;
proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
proxy_set_header X-Plex-Product $http_x_plex_product;
proxy_set_header X-Plex-Token $http_x_plex_token;
proxy_set_header X-Plex-Version $http_x_plex_version;
proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
proxy_set_header X-Plex-Provides $http_x_plex_provides;
proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
proxy_set_header X-Plex-Model $http_x_plex_model;
}
location /library/streams/ {
set $upstream_app plex;
set $upstream_port 32400;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_pass_request_headers off;
}
}
-54
View File
@@ -1,54 +0,0 @@
## Version 2023/02/05
#******** This config no longer works as intended. The web app loads, but no direct connection to server is made. *********
#******** PRs welcome for anyone who figures out how to fix it. Use the subdomain config in the meantime. *******
# make sure that your plex container is named plex
# if plex is running in bridge mode and the container is named "plex", the below config should work as is
# if not, replace the line "set $upstream_app plex;" with "set $upstream_app <containername>;"
# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of plex
# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://yourdomain.url:443/plex")
location /plex {
return 301 $scheme://$host/plex/;
}
location ^~ /plex/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app plex;
set $upstream_port 32400;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /plex(.*) $1 break;
proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
proxy_set_header X-Plex-Device $http_x_plex_device;
proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
proxy_set_header X-Plex-Platform $http_x_plex_platform;
proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
proxy_set_header X-Plex-Product $http_x_plex_product;
proxy_set_header X-Plex-Token $http_x_plex_token;
proxy_set_header X-Plex-Version $http_x_plex_version;
proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
proxy_set_header X-Plex-Provides $http_x_plex_provides;
proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
proxy_set_header X-Plex-Model $http_x_plex_model;
}
if ($http_referer ~* /plex) {
rewrite ^/web/(.*) /plex/web/$1? redirect;
}
@@ -1,54 +0,0 @@
## Version 2025/07/18
# make sure that your plex container is named plex
# make sure that your dns has a cname set for plexwebtools
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name plexwebtools.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app plex;
set $upstream_port 33400;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,30 +0,0 @@
## Version 2023/02/05
# make sure that your plex container is named plex
# make sure that plexwebtools is set to work with the base url /plexwebtools/
location /plexwebtools {
return 301 $scheme://$host/plexwebtools/;
}
location ^~ /plexwebtools/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app plex;
set $upstream_port 33400;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,66 +0,0 @@
## Version 2025/07/18
# make sure that your portainer container is named portainer
# make sure that your dns has a cname set for portainer
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name portainer.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app portainer;
set $upstream_port 9000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
}
location ~ (/portainer)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app portainer;
set $upstream_port 9000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
}
}
@@ -1,44 +0,0 @@
## Version 2023/02/12
# make sure that your portainer container is named portainer
# portainer does not require a base url setting
location /portainer {
return 301 $scheme://$host/portainer/;
}
location ^~ /portainer/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app portainer;
set $upstream_port 9000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /portainer(.*) $1 break;
proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
}
location ^~ /portainer/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app portainer;
set $upstream_port 9000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /portainer(.*) $1 break;
proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
}
@@ -1,78 +0,0 @@
## Version 2025/07/18
# make sure that your prometheus container is named prometheus
# make sure that your dns has a cname set for prometheus
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name prometheus.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app prometheus;
set $upstream_port 9090;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/prometheus)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app prometheus;
set $upstream_port 9090;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/prometheus)?/-/(healthy|ready|reload|quit) {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app prometheus;
set $upstream_port 9090;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,72 +0,0 @@
## Version 2025/07/18
# make sure that your prowlarr container is named prowlarr
# make sure that your dns has a cname set for prowlarr
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name prowlarr.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app prowlarr;
set $upstream_port 9696;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/prowlarr)?(/[0-9]+)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app prowlarr;
set $upstream_port 9696;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/prowlarr)?(/[0-9]+)?/download {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app prowlarr;
set $upstream_port 9696;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,46 +0,0 @@
## Version 2023/09/13
# make sure that your prowlarr container is named prowlarr
# make sure that prowlarr is set to work with the base url /prowlarr/
location /prowlarr {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app prowlarr;
set $upstream_port 9696;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ /prowlarr(/[0-9]+)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app prowlarr;
set $upstream_port 9696;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ /prowlarr(/[0-9]+)?/download {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app prowlarr;
set $upstream_port 9696;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,67 +0,0 @@
## Version 2025/07/18
# this is for nodes, not your actual panel
# make sure you set your node to use 443 as its API port
# make sure that your pterodactylnode container is named pterodactylnode
# make sure that your dns has a cname set for pterodactylnode
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name pterodactylnode.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app pterodactylnode;
set $upstream_port 443;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/pterodactylnode)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app pterodactylnode;
set $upstream_port 443;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,42 +0,0 @@
## Version 2023/02/05
# make sure that your rclone container is named rclone
# rclone does not require a base url setting
location /rclone {
return 301 $scheme://$host/rclone/;
}
location ^~ /rclone/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app rclone;
set $upstream_port 5800;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /rclone(.*) $1 break;
}
location ^~ /rclone/websockify {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app rclone;
set $upstream_port 5800;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port/websockify/;
rewrite /rclone(.*) $1 break;
}
@@ -1,59 +0,0 @@
## Version 2023/02/05
# make sure that your rutorrent container is named rutorrent
# rutorrent does not require a base url setting
location /rutorrent {
return 301 $scheme://$host/rutorrent/;
}
location ^~ /rutorrent/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app rutorrent;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /rutorrent(.*) $1 break;
}
location ^~ /rutorrent/RPC2 {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# block rpc access by default because it is unprotected
# you can comment out the next line to enable remote rpc calls
deny all;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app rutorrent;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /rutorrent(.*) $1 break;
}
@@ -1,62 +0,0 @@
## Version 2025/07/18
# make sure that your sonarrtorss container is named sonarrtorss
# make sure that your dns has a cname set for sonarrtorss
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name sonarrtorss.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app sonarrtorss;
set $upstream_port 18989;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ ^/(api/|sonarr$|rss$|atom$|json$) {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app sonarrtorss;
set $upstream_port 18989;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,38 +0,0 @@
## Version 2024/06/21
# make sure that your sonarrtorss container is named sonarrtorss
# sonarrtorss does not require a base url setting
location ^~ /sonarrtorss {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app sonarrtorss;
set $upstream_port 18989;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /sonarrtorss(.*) $1 break;
}
location ~ ^/sonarrtorss/(api/|sonarr$|rss$|atom$|json$) {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app sonarrtorss;
set $upstream_port 18989;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /sonarrtorss(.*) $1 break;
}
@@ -1,66 +0,0 @@
## Version 2025/07/18
# make sure that your synclounge container is named synclounge
# make sure that your dns has a cname set for synclounge
# Use this with SyncLounge v3 and up.
# Make sure that you do not have HSTS enabled, otherwise http access won't work
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
listen 80;
listen [::]:80;
server_name synclounge.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app synclounge;
set $upstream_port 8088;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_buffering off;
proxy_socket_keepalive on;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
}
}
@@ -1,59 +0,0 @@
## Version 2023/02/05
# make sure that your synclounge container is named synclounge
# make sure that synclounge is set to work with the base url /synclounge/
# Use this with SyncLounge v3 or up
#
# To allow non-secure connections (http), which is required by some Plex clients, modify the first block in site-confs/default to look something like this:
#server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
#
# # Don't force redirect SyncLounge to https
# include /config/nginx/proxy-confs/synclounge.subfolder.conf;
#
# location / {
# return 301 https://$host$request_uri;
# }
#}
# Uncomment to force SyncLounge to always load over http. Only use this if you've allowed http per the above instructions.
#if ($scheme = https) {
# return 301 http://$host$request_uri;
#}
location /synclounge {
return 301 $scheme://$host/synclounge/;
}
location /synclounge/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app synclounge;
set $upstream_port 8088;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /synclounge(.*) $1 break;
proxy_buffering off;
proxy_socket_keepalive on;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
}
@@ -1,66 +0,0 @@
## Version 2025/07/18
# make sure that your syncthing container is named syncthing
# make sure that your dns has a cname set for syncthing
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name syncthing.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app syncthing;
set $upstream_port 8384;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_hide_header Authorization;
}
location ~ (/syncthing)?/rest {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app syncthing;
set $upstream_port 8384;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_hide_header Authorization;
}
}
@@ -1,44 +0,0 @@
## Version 2023/02/12
# make sure that your syncthing container is named syncthing
# syncthing does not require a base url setting
location /syncthing {
return 301 $scheme://$host/syncthing/;
}
location ^~ /syncthing/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app syncthing;
set $upstream_port 8384;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /syncthing(.*) $1 break;
proxy_hide_header Authorization;
}
location ^~ /syncthing/rest {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app syncthing;
set $upstream_port 8384;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /syncthing(.*) $1 break;
proxy_hide_header Authorization;
}
@@ -1,84 +0,0 @@
## Version 2025/07/18
# make sure that your tautulli container is named tautulli
# make sure that your dns has a cname set for tautulli
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name tautulli.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app tautulli;
set $upstream_port 8181;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/tautulli)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app tautulli;
set $upstream_port 8181;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/tautulli)?/newsletter {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app tautulli;
set $upstream_port 8181;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/tautulli)?/image {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app tautulli;
set $upstream_port 8181;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,57 +0,0 @@
## Version 2023/02/05
# make sure that your tautulli container is named tautulli
# make sure that tautulli is set to work with the base url /tautulli/
# first go into tautulli settings, under "Web Interface", click on show advanced, set the HTTP root to /tautulli and restart the tautulli container
location ^~ /tautulli {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app tautulli;
set $upstream_port 8181;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /tautulli/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app tautulli;
set $upstream_port 8181;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /tautulli/newsletter {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app tautulli;
set $upstream_port 8181;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /tautulli/image {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app tautulli;
set $upstream_port 8181;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,40 +0,0 @@
## Version 2023/02/05
# make sure that your theme-park container is named theme-park
# make sure that theme-park is set to work with the base url /theme-park/
# If you want to change the urlbase update the TP_URLBASE env on the theme-park container.
location /themepark {
return 301 $scheme://$host/themepark/;
}
location ^~ /themepark/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# If you don't want to cache the CSS files you can uncomment the lines below.
# add_header Last-Modified $date_gmt;
# add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
# if_modified_since off;
# expires -1;
# etag off;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
sub_filter_types *;
sub_filter 'url("/css/' 'url("/themepark/css/';
sub_filter_once off;
set $upstream_app theme-park;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,73 +0,0 @@
## Version 2025/07/18
# Make sure that DNS has a cname set for transmission
#
# Some Transmission Chrome extensions cannot handle HTTP/2 proxies as they
# rely on the HTTP Status Text to determine if they should add the
# X-Transmission-Session-Id header or not. HTTP/2 does not return this text
# so jQuery responses are empty. This causes RPCs to fail.
#
# If your extension is affected, you can remove http2 from
# /config/nginx/nginx.conf or submit a bug report with the
# extension developer to fix their extensions to support HTTP/2.
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name transmission.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app transmission;
set $upstream_port 9091;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_pass_header X-Transmission-Session-Id;
}
location ~ (/transmission)?/rpc {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app transmission;
set $upstream_port 9091;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,47 +0,0 @@
## Version 2023/02/05
# make sure that your transmission container is named transmission
# transmission does not require a base url setting
#
# Some Transmission Chrome extensions cannot handle HTTP/2 proxies as they
# rely on the HTTP Status Text to determine if they should add the
# X-Transmission-Session-Id header or not. HTTP/2 does not return this text
# so jQuery responses are empty. This causes RPCs to fail.
#
# If your extension is affected, you can remove http2 from the default server
# in /config/nginx/site-confs/default or listen on a different port that has
# no http2 servers defined. Better yet, submit a bug report with the
# extension developer to fix their extensions to support HTTP/2.
location ^~ /transmission {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app transmission;
set $upstream_port 9091;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_pass_header X-Transmission-Session-Id;
}
location ^~ /transmission/rpc {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app transmission;
set $upstream_port 9091;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,44 +0,0 @@
## Version 2023/02/05
# make sure that your tvheadend container is named tvheadend
# make sure that tvheadend is set to work with the base url /tvheadend/
# Before activating this config you need to do two things:
# - enable a setting in the tvheadend web interface
# - change your RUN_OPTS for tvheadend.
#
# You need to enable the setting "PROXY protocol & X-Forwarded For"
# in the tvheadend web interface. This setting can be found in
# "Configuration" -> "General" -> "Base" in the "HTTP Server Settings" Group.
# You need to set the View level to Expert to see it. Once activated, you may need to
# restart your tvheadend container. When testing this config, please be reminded
# that the tvheadend docker can take a very long time to start (>10mins).
#
# For the subfolder to work you also need to edit your tvheadend docker compose / cli config
# and set http_root in RUN_OPTS to tvheadend, e.g. in docker compose:
# - RUN_OPTS= --http_root /tvheadend
location /tvheadend {
return 301 $scheme://$host/tvheadend/;
}
location /tvheadend/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app tvheadend;
set $upstream_port 9981;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,84 +0,0 @@
## Version 2025/07/18
# make sure that your ubooquity container is named ubooquity
# make sure that your dns has a cname set for ubooquity
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name ubooquity.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app ubooquity;
set $upstream_port 2202;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /admin {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app ubooquity;
set $upstream_port 2203;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /admin-res {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app ubooquity;
set $upstream_port 2203;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /admin-api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app ubooquity;
set $upstream_port 2203;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,37 +0,0 @@
## Version 2023/02/05
# make sure that your ubooquity container is named ubooquity
# make sure that ubooquity is set to work with the base url /ubooquity/
# set the reverse proxy prefix in the admin gui to ubooquity.
location ^~ /ubooquity {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app ubooquity;
set $upstream_port 2202;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /ubooquity/admin {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app ubooquity;
set $upstream_port 2203;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,64 +0,0 @@
## Version 2025/07/18
# make sure that your uptime-kuma container is named uptime-kuma
# make sure that your dns has a cname set for uptime-kuma
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name uptime-kuma.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app uptime-kuma;
set $upstream_port 3001;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ /(status|assets|icon.svg) {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app uptime-kuma;
set $upstream_port 3001;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,111 +0,0 @@
## Version 2025/07/18
# make sure that your vaultwarden container is named vaultwarden
# make sure that your dns has a cname set for vaultwarden
# if you are using bitwarden (the official image), use the bitwarden conf
# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf
#
# vaultwarden defaults to port 80 and can be changed using the environment variable ROCKET_PORT on the vaultwarden container
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name vaultwarden.*;
include /config/nginx/ssl.conf;
client_max_body_size 128M;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ ^(/vaultwarden)?/admin {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
# if you enable admin page via ADMIN_TOKEN env variable
# consider restricting access to LAN only via uncommenting the following lines
#allow 10.0.0.0/8;
#allow 172.16.0.0/12;
#allow 192.168.0.0/16;
#deny all;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/vaultwarden)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/vaultwarden)?/notifications/hub {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,87 +0,0 @@
## Version 2023/11/12
# make sure that your vaultwarden container is named vaultwarden
# make sure that vaultwarden is set to work with the base url /vaultwarden/
# if you are using bitwarden (the official image), use the bitwarden conf
# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf
#
# vaultwarden defaults to port 80 and can be changed using the environment variable ROCKET_PORT on the vaultwarden container
#
# Environmental Variable DOMAIN=https://<DOMAIN>/vaultwarden must be set in vaultwarden container including subfolder.
location /vaultwarden {
return 301 $scheme://$host/vaultwarden/;
}
location ^~ /vaultwarden/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ ^(/vaultwarden)?/admin {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# if you enable admin page via ADMIN_TOKEN env variable
# consider restricting access to LAN only via uncommenting the following lines
#allow 10.0.0.0/8;
#allow 172.16.0.0/12;
#allow 192.168.0.0/16;
#deny all;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/vaultwarden)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/vaultwarden)?/notifications/hub {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,66 +0,0 @@
## Version 2025/07/18
# make sure that your radarr container is named watchstate
# make sure that your dns has a cname set for watchstate
# the api endpoint is not behind auth, so please make sure to enable
# "Webhook match backend id" in backend settings
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name watchstate.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app watchstate;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ /v1/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app watchstate;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,64 +0,0 @@
## Version 2025/07/18
# make sure that your wikijs container is named wikijs
# make sure that your dns has a cname set for wikijs
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name wikijs.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app wikijs;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/wikijs)?/graphql {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app wikijs;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
@@ -1,28 +0,0 @@
## Version 2023/02/05
# make sure that your wordpress container is named wordpress
# make sure that wordpress is set to work with the base url /wordpress/
# In order to use this location block you need to edit the default file one folder up and comment out the / location as well as the "~ \.php$" location
# tested with the official wordpress docker image
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app wordpress;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
@@ -1,35 +0,0 @@
## Version 2023/02/05
# make sure that your youtube-dl-server container is named youtube-dl-server
# youtube-dl-server does not require a base url setting
# Works with this youtube-dl Fork: https://github.com/nbr23/youtube-dl-server
location /youtube-dl {
return 301 $scheme://$host/youtube-dl/;
}
location ^~ /youtube-dl/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app youtube-dl-server;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header Referer '';
# next line doesn't work with the latest version of: https://github.com/nbr23/youtube-dl-server
# proxy_set_header Host $upstream_app:8080;
rewrite /youtube-dl(.*) $1 break;
}
-23
View File
@@ -42,7 +42,6 @@ def generate_configs():
lstrip_blocks=True
)
subdomain_template = env.get_template('subdomain.conf.j2')
subfolder_template = env.get_template('subfolder.conf.j2')
print("Jinja2 templates loaded successfully.")
except Exception as e:
print(f"ERROR: Failed to load Jinja2 templates from '{TEMPLATE_DIR}': {e}. Exiting.")
@@ -59,17 +58,6 @@ def generate_configs():
f.write(rendered_content)
print(f" [OK] Generated {filename}")
# Generate templated subfolder configs
print("\n--- Generating Templated Subfolder Configs ---")
subfolder_items = data.get('subfolders', [])
for item in subfolder_items:
filename = f"{item['name']}.subfolder.conf.sample"
output_path = os.path.join(OUTPUT_DIR, filename)
rendered_content = subfolder_template.render(item=item)
with open(output_path, 'w') as f:
f.write(rendered_content)
print(f" [OK] Generated {filename}")
# Copy custom configs
print("\n--- Copying Custom Configs ---")
if not os.path.isdir(CUSTOM_DIR):
@@ -86,17 +74,6 @@ def generate_configs():
else:
print(f" [!!] WARNING: Custom config file not found: {source_path}")
# Process custom subfolders
for app_name in data.get('custom', {}).get('subfolders', []):
filename = f"{app_name}.subfolder.conf.sample"
source_path = os.path.join(CUSTOM_DIR, filename)
dest_path = os.path.join(OUTPUT_DIR, filename)
if os.path.exists(source_path):
shutil.copy(source_path, dest_path)
print(f" [OK] Copied {filename}")
else:
print(f" [!!] WARNING: Custom config file not found: {source_path}")
print("\n--- Generation Complete ---")
if __name__ == "__main__":
+60
View File
@@ -68,6 +68,39 @@ server {
{% endif %}
{% if item.set_x_scheme %}
proxy_set_header X-Scheme https;
{% endif %}
{% if item.websockets %}
proxy_buffering off;
proxy_socket_keepalive on;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
{% endif %}
{% if item.proxy_pass_headers %}
{% for header in item.proxy_pass_headers %}
proxy_pass_header {{ header }};
{% endfor %}
{% endif %}
{% if item.proxy_set_headers %}
{% for header in item.proxy_set_headers %}
proxy_set_header {{ header.key }} {{ header.value }};
{% endfor %}
{% endif %}
{% if item.proxy_hide_headers %}
{% for header in item.proxy_hide_headers %}
proxy_hide_header {{ header }};
{% endfor %}
{% endif %}
{% if item.add_headers %}
{% for header in item.add_headers %}
add_header {{ header.key }} "{{ header.value }}";
{% endfor %}
{% endif %}
{% if item.custom_directives %}
{% for directive in item.custom_directives %}
{{ directive }};
{% endfor %}
{% endif %}
}
{% if item.api %}
@@ -80,4 +113,31 @@ server {
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
{% endif %}
{% if item.extra_locations %}
{% for loc in item.extra_locations %}
location ~ (?:/{{ item.name }})?{{ loc.path }} {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app {{ loc.app | default(item.name) }};
set $upstream_port {{ loc.port | default(item.port) }};
set $upstream_proto {% if loc.https %}https{% elif item.https and loc.https is not defined %}https{% else %}http{% endif %};
proxy_pass $upstream_proto://$upstream_app:$upstream_port{% if loc.proxy_pass_path %}{{ loc.proxy_pass_path }}{% endif %};
{% if loc.proxy_set_headers %}
{% for header in loc.proxy_set_headers %}
proxy_set_header {{ header.key }} {{ header.value }};
{% endfor %}
{% endif %}
{% if loc.proxy_hide_headers %}
{% for header in loc.proxy_hide_headers %}
proxy_hide_header {{ header }};
{% endfor %}
{% endif %}
{% if loc.custom_directives %}
{% for directive in loc.custom_directives %}
{{ directive }};
{% endfor %}
{% endif %}
}
{% endfor %}
{% endif %}
}
-49
View File
@@ -1,49 +0,0 @@
## Version 2025/08/28
# make sure that your {{ item.name }} container is named {{ item.name }}
# make sure that {{ item.name }} is set to work with the base url /{{ item.name }}/
{% if item.redirect %}
location /{{ item.name }} {
return 301 $scheme://$host/{{ item.name }}/;
}
location ^~ /{{ item.name }}/ {
{% else %}
location ^~ /{{ item.name }} {
{% endif %}
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app {{ item.name }};
set $upstream_port {{ item.port }};
set $upstream_proto {% if item.https %}https{% else %}http{% endif %};
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
{% if item.rewrite %}
rewrite /{{ item.name }}(.*) $1 break;
{% endif %}
{% if item.buffering_off %}
proxy_buffering off;
{% endif %}
}
{% if item.api %}
location ^~ /{{ item.name }}/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app {{ item.name }};
set $upstream_port {{ item.port }};
set $upstream_proto {% if item.https %}https{% else %}http{% endif %};
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
{% endif %}