diff --git a/config_data.yml b/config_data.yml index 3fe302a..d47e7f3 100644 --- a/config_data.yml +++ b/config_data.yml @@ -437,269 +437,249 @@ subdomains: port: 80 - name: tinyauth port: 3000 - -subfolders: - - name: airsonic - port: 4040 - - name: audiobookshelf + # --- MIGRATED FROM CUSTOM --- + - name: adguard port: 80 - - name: booksonic - port: 4040 - - name: couchpotato - port: 5050 - - name: domoticz - port: 8080 - - name: flaresolverr - port: 8191 - - name: headphones - port: 8181 - - name: lazylibrarian - port: 5299 - - name: medusa - port: 8081 - - name: metube - port: 8081 - - name: mylar - port: 8090 - - name: pyload - port: 8000 - - name: quassel-web - port: 64080 - - name: sickchill - port: 8081 - - name: sickrage - port: 8081 - - name: slskd - port: 5000 - - name: smokeping + extra_locations: + - path: /control + - path: /dns-query + - name: aria2-with-webui port: 80 - - name: webtop - port: 3000 - - name: znc - port: 6501 - - name: adminer + extra_locations: + - path: /jsonrpc + port: 6800 + proxy_pass_path: /jsonrpc + - path: /rpc + port: 6800 + proxy_pass_path: /rpc + - name: asciinema + port: 4000 + extra_locations: + - path: /dashboard + port: 4002 + - name: authelia + port: 9091 + extra_locations: + - path: /api + - name: authentik + port: 9000 + extra_locations: + - path: /api + - name: bitwarden port: 8080 - redirect: true - - name: autobrr - port: 7474 - redirect: true - - name: crontabui - port: 8000 - redirect: true - rewrite: true - - name: dockge - port: 5001 - redirect: true - - name: gatus + client_max_body_size: 128M + extra_locations: + - path: /admin + - path: /api + - path: /notifications/hub + - name: calibre port: 8080 - redirect: true - - name: miniflux - port: 8080 - redirect: true - - name: monitorr + buffering_off: true + extra_locations: + - path: /content-server/ + port: 8081 + - name: calibre-web + port: 8083 + proxy_set_headers: + - key: X-Scheme + value: $scheme + extra_locations: + - path: /opds/ + proxy_set_headers: + - key: X-Scheme + value: $scheme + - path: /kobo/ + proxy_set_headers: + - key: X-Forwarded-Host + value: $http_host + - key: X-Scheme + value: $scheme + custom_directives: + - proxy_buffer_size 128k + - proxy_buffers 4 256k + - proxy_busy_buffers_size 256k + - name: emby + port: 8096 + proxy_set_headers: + - key: Range + value: $http_range + - key: If-Range + value: $http_if_range + - name: emulatorjs port: 80 - redirect: true - - name: petio - port: 7777 - redirect: true - - name: planka - port: 1337 - redirect: true - - name: qui - port: 7476 - redirect: true - - name: shinobi + extra_locations: + - path: /backend/ + port: 3000 + - name: filebrowser port: 8080 - redirect: true - - name: spoolman - port: 8000 - redirect: true - - name: ddns-updater - port: 8000 - api: true - - name: kavita - port: 5000 - redirect: true - api: true - - name: komga - port: 25600 - redirect: true - api: true - - name: lidarr - port: 8686 - api: true - - name: radarr - port: 7878 - api: true - - name: readarr - port: 8787 - api: true - - name: sabnzbd - port: 8080 - api: true - - name: sonarr - port: 8989 - api: true - - name: whisparr - port: 6969 - api: true - - name: dokuwiki - port: 80 - redirect: true - rewrite: true - - name: duplicati - port: 8200 - redirect: true - rewrite: true - - name: filebot - port: 5800 - redirect: true - rewrite: true - - name: flood - port: 3000 - redirect: true - rewrite: true - - name: forgejo - port: 3000 - redirect: true - rewrite: true + extra_locations: + - path: /api/public + - path: /share + - path: /static - name: gitea port: 3000 - redirect: true - rewrite: true - - name: glances - port: 61208 - redirect: true - rewrite: true - - name: guacamole - port: 8080 - redirect: true - rewrite: true - buffering_off: true - - name: homepage - port: 3000 - rewrite: true - - name: lychee - port: 80 - redirect: true - rewrite: true - - name: netdata - port: 19999 - redirect: true - rewrite: true - - name: phpmyadmin - port: 80 - redirect: true - rewrite: true - - name: picard + extra_locations: + - path: /(api|info/lfs) + - name: homeassistant + port: 8123 + extra_locations: + - path: ^/(api|local|media)/ + - name: jackett + port: 9117 + extra_locations: + - path: /api + - path: /dl + - name: jdownloader port: 5800 - redirect: true - rewrite: true - - name: scope - port: 4040 - redirect: true - rewrite: true - - name: semaphore + extra_locations: + - path: /websockify + proxy_pass_path: /websockify + - name: metabase port: 3000 - rewrite: true - - name: thelounge + extra_locations: + - path: ^/api + - name: nzbget + port: 6789 + extra_locations: + - path: /(/[^\/:]*:[^\/:]*)?/jsonrpc + - path: /(/[^\/:]*:[^\/]*)?/jsonprpc + - path: /(/[^\/:]*:[^\/]*)?/xmlrpc + - name: nzbhydra + port: 5076 + extra_locations: + - path: /api + - path: /getnzb + - path: /gettorrent + - path: /rss + - path: /torznab/api + - name: ombi + port: 3579 + extra_locations: + - path: /api + - path: /swagger + custom_directives: + - if ($http_referer ~* /ombi) { rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect; } + - name: organizr + port: 80 + - name: pihole + port: 80 + proxy_hide_headers: + - X-Frame-Options + extra_locations: + - path: /admin + proxy_hide_headers: + - X-Frame-Options + - name: plex + port: 32400 + proxy_redirect_off: true + buffering_off: true + proxy_set_headers: + - { key: X-Plex-Client-Identifier, value: $http_x_plex_client_identifier } + - { key: X-Plex-Device, value: $http_x_plex_device } + - { key: X-Plex-Device-Name, value: $http_x_plex_device_name } + - { key: X-Plex-Platform, value: $http_x_plex_platform } + - { key: X-Plex-Platform-Version, value: $http_x_plex_platform_version } + - { key: X-Plex-Product, value: $http_x_plex_product } + - { key: X-Plex-Token, value: $http_x_plex_token } + - { key: X-Plex-Version, value: $http_x_plex_version } + - { key: X-Plex-Nocache, value: $http_x_plex_nocache } + - { key: X-Plex-Provides, value: $http_x_plex_provides } + - { key: X-Plex-Device-Vendor, value: $http_x_plex_device_vendor } + - { key: X-Plex-Model, value: $http_x_plex_model } + extra_locations: + - path: /library/streams/ + custom_directives: + - proxy_pass_request_headers off + - name: plexwebtools + port: 33400 + app: plex + - name: portainer port: 9000 - redirect: true - rewrite: true + proxy_hide_headers: + - X-Frame-Options + extra_locations: + - path: /api + proxy_hide_headers: + - X-Frame-Options + - name: prometheus + port: 9090 + extra_locations: + - path: /api + - path: /-/(healthy|ready|reload|quit) + - name: prowlarr + port: 9696 + extra_locations: + - path: /(/[0-9]+)?/api + - path: /(/[0-9]+)?/download + - name: pterodactylnode + port: 443 + extra_locations: + - path: /api + - name: sonarrtorss + port: 18989 + extra_locations: + - path: ^/(api/|sonarr$|rss$|atom$|json$) + - name: synclounge + port: 8088 + websockets: true + - name: syncthing + port: 8384 + proxy_hide_headers: + - Authorization + extra_locations: + - path: /rest + proxy_hide_headers: + - Authorization + - name: tautulli + port: 8181 + extra_locations: + - path: /api + - path: /newsletter + - path: /image + - name: transmission + port: 9091 + proxy_pass_headers: + - X-Transmission-Session-Id + extra_locations: + - path: /rpc + - name: ubooquity + port: 2202 + extra_locations: + - path: /admin + port: 2203 + - path: /admin-res + port: 2203 + - path: /admin-api + port: 2203 + - name: uptime-kuma + port: 3001 + extra_locations: + - path: /(status|assets|icon.svg) + - name: vaultwarden + port: 80 + client_max_body_size: 128M + extra_locations: + - path: ^/admin + - path: /api + - path: /notifications/hub + - name: watchstate + port: 8080 + extra_locations: + - path: /v1/api + - name: wikijs + port: 3000 + extra_locations: + - path: /graphql custom: subdomains: - - adguard - - aria2-with-webui - - asciinema - - authelia - - authentik - - bitwarden - - calibre - - calibre-web - code-server - - emby - - emulatorjs - - filebrowser - - gitea - - homeassistant - - jackett - - jdownloader - jellyfin - kasm - mailcow - - metabase - - nextcloud - nexusoss - - nzbget - - nzbhydra - - ombi - openvpn-as - openvscode-server - - organizr - - pihole - - plex - - plexwebtools - - portainer - - prometheus - - prowlarr - - pterodactylnode - pydio-cells - recipes - - rutorrent - - sonarrtorss - synapse - - synclounge - - syncthing - - tautulli - - transmission - - ubooquity - - uptime-kuma - - vaultwarden - - watchstate - - wikijs - subfolders: - - bazarr - - beets - - beszel - - boinc - - calibre - - calibre-web - - deluge - - dozzle - - emby - - filebrowser - - flexget - - freshrss - - gaps - - grafana - - jackett - - jenkins - - jfa-go - - mailu - - monica - - mytinytodo - - nextcloud - - nzbget - - nzbhydra - - ombi - - organizr-auth - - organizr - - pihole - - plex - - plexwebtools - - portainer - - prowlarr - - rclone - - rutorrent - - sonarrtorss - - synclounge - - syncthing - - tautulli - - themepark - - transmission - - tvheadend - - ubooquity - - vaultwarden - - wordpress - - youtube-dl diff --git a/custom_configs/adguard.subdomain.conf.sample b/custom_configs/adguard.subdomain.conf.sample deleted file mode 100644 index ab618d8..0000000 --- a/custom_configs/adguard.subdomain.conf.sample +++ /dev/null @@ -1,76 +0,0 @@ -## Version 2025/07/18 -# make sure that your adguard container is named adguard -# make sure that your dns has a cname set for adguard - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name adguard.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app adguard; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location /control { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app adguard; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location /dns-query { - # to properly use this please set `allow_unencrypted_doh: true` and `force_https: false` in adguard - # see https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app adguard; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/aria2-with-webui.subdomain.conf.sample b/custom_configs/aria2-with-webui.subdomain.conf.sample deleted file mode 100644 index 6e75fcc..0000000 --- a/custom_configs/aria2-with-webui.subdomain.conf.sample +++ /dev/null @@ -1,78 +0,0 @@ -## Version 2025/07/18 -# make sure that your aria2 container is named aria2-with-webui -# make sure that your dns has a cname set for aria2 -# -# The RPC port will need to be changed to 443 in the AriaNg/WebUI-Aria2 settings or by using the AriaNg command api -# e.g. https://aria2.example.com/#!/settings/rpc/set/https/aria2.example.com/443/jsonrpc -# https://aria2.example.com/#!/settings/rpc/set?protocol=https&host=aria2.example.com&port=443&interface=aria2-with-webui/jsonrpc - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name aria2.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app aria2-with-webui; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/aria2-with-webui)?/jsonrpc { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app aria2-with-webui; - set $upstream_port 6800; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port/jsonrpc; - - } - - location ~ (/aria2-with-webui)?/rpc { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app aria2-with-webui; - set $upstream_port 6800; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port/rpc; - - } -} diff --git a/custom_configs/asciinema.subdomain.conf.sample b/custom_configs/asciinema.subdomain.conf.sample deleted file mode 100644 index 8a1e687..0000000 --- a/custom_configs/asciinema.subdomain.conf.sample +++ /dev/null @@ -1,78 +0,0 @@ -## Version 2025/07/18 -# make sure that your asciinema container is named asciinema -# make sure that your dns has a cname set for asciinema - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name asciinema.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app asciinema; - set $upstream_port 4000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } - - location ~ (/asciinema)?/dashboard { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app asciinema; - set $upstream_port 4002; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } -} diff --git a/custom_configs/authelia.subdomain.conf.sample b/custom_configs/authelia.subdomain.conf.sample deleted file mode 100644 index 0c8276a..0000000 --- a/custom_configs/authelia.subdomain.conf.sample +++ /dev/null @@ -1,37 +0,0 @@ -## Version 2025/07/18 -# make sure that your authelia container is named authelia -# make sure that your dns has a cname set for authelia - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name authelia.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - location / { - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app authelia; - set $upstream_port 9091; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/authelia)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app authelia; - set $upstream_port 9091; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/authentik.subdomain.conf.sample b/custom_configs/authentik.subdomain.conf.sample deleted file mode 100644 index 5b6c9cc..0000000 --- a/custom_configs/authentik.subdomain.conf.sample +++ /dev/null @@ -1,37 +0,0 @@ -## Version 2025/07/18 -# make sure that your authentik container is named authentik-server -# make sure that your dns has a cname set for authentik - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name authentik.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - location / { - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app authentik-server; - set $upstream_port 9000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/authentik)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app authentik-server; - set $upstream_port 9000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/bazarr.subfolder.conf.sample b/custom_configs/bazarr.subfolder.conf.sample deleted file mode 100644 index eede1dd..0000000 --- a/custom_configs/bazarr.subfolder.conf.sample +++ /dev/null @@ -1,40 +0,0 @@ -## Version 2023/02/05 -# make sure that your bazarr container is named bazarr -# make sure that bazarr is set to work with the base url /bazarr/ - -location /bazarr { - return 301 $scheme://$host/bazarr/; -} - -location ^~ /bazarr/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bazarr; - set $upstream_port 6767; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /bazarr/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bazarr; - set $upstream_port 6767; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} diff --git a/custom_configs/beets.subfolder.conf.sample b/custom_configs/beets.subfolder.conf.sample deleted file mode 100644 index 7a19a0b..0000000 --- a/custom_configs/beets.subfolder.conf.sample +++ /dev/null @@ -1,29 +0,0 @@ -## Version 2023/02/05 -# make sure that your beets container is named beets -# make sure that beets is set to work with the base url /beets/ -# first edit beets.yml and enable the reverse proxy settings, under "web" add "reverse_proxy: true" and restart the beets container - -location /beets { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app beets; - set $upstream_port 8337; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name /beets; -} diff --git a/custom_configs/beszel.subfolder.conf.sample b/custom_configs/beszel.subfolder.conf.sample deleted file mode 100644 index 050d3e9..0000000 --- a/custom_configs/beszel.subfolder.conf.sample +++ /dev/null @@ -1,41 +0,0 @@ -## Version 2023/02/05 -# make sure that your beszel container is named beszel -# make sure that beszel is set to work with the base url /beszel/ - - -location /beszel { - return 301 $scheme://$host/beszel/; -} - -location ^~ /beszel/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app beszel; - set $upstream_port 8090; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /beszel/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app beszel; - set $upstream_port 8090; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} diff --git a/custom_configs/bitwarden.subdomain.conf.sample b/custom_configs/bitwarden.subdomain.conf.sample deleted file mode 100644 index a5dd48a..0000000 --- a/custom_configs/bitwarden.subdomain.conf.sample +++ /dev/null @@ -1,104 +0,0 @@ -## Version 2025/07/18 -# make sure that your bitwarden container is named bitwarden -# make sure that your dns has a cname set for bitwarden -# if you are using bitwarden (the official image), use the bitwarden conf -# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf -# -# bitwarden defaults to port 8080 and can be changed using the environment variable BW_PORT_HTTP on the bitwarden container - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name bitwarden.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 128M; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/bitwarden)?/admin { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/bitwarden)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/bitwarden)?/notifications/hub { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/boinc.subfolder.conf.sample b/custom_configs/boinc.subfolder.conf.sample deleted file mode 100644 index 21dab87..0000000 --- a/custom_configs/boinc.subfolder.conf.sample +++ /dev/null @@ -1,60 +0,0 @@ -## Version 2023/02/05 -# make sure that your bionc container is named bionc -# make sure that bionc is set to work with the base url /bionc/ -# In boinc docker arguments, set an env variable for SUBFOLDER=/boinc/ - -location /boinc { - return 301 $scheme://$host/boinc/; -} - -location ^~ /boinc/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app boinc; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_buffering off; -} - -# If using subfolders for multiple Linux Desktop containers (full gui apps being rendered over web). -# You will need to modify this path and modify the the client settings in the application. -# Settings > Advanced > Websocket > Path -# IE websockify-boinc -location ^~ /websockify { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app boinc; - set $upstream_port 6901; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_buffering off; -} diff --git a/custom_configs/calibre-web.subdomain.conf.sample b/custom_configs/calibre-web.subdomain.conf.sample deleted file mode 100644 index b5109bd..0000000 --- a/custom_configs/calibre-web.subdomain.conf.sample +++ /dev/null @@ -1,86 +0,0 @@ -## Version 2025/07/18 -# make sure that your calibre-web container is named calibre-web -# make sure that your dns has a cname set for calibre-web - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name calibre-web.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - # To use Authelia to log in to Calibre-Web, make sure "Reverse Proxy Login" is - # enabled, "Reverse Proxy Header Name" is set to Remote-User, and each Authelia - # user also has a corresponding user manually created in Calibre-Web. - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app calibre-web; - set $upstream_port 8083; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_set_header X-Scheme $scheme; - } - - # OPDS feed for eBook reader apps - # Even if you use Authelia, the OPDS feed requires a password to be set for - # the user directly in Calibre-Web, as eBook reader apps don't support - # form-based logins, only HTTP Basic auth. - location /opds/ { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app calibre-web; - set $upstream_port 8083; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header X-Scheme $scheme; - } - - # Feed for Kobo - location /kobo/ { - include /config/nginx/resolver.conf; - set $upstream_app calibre-web; - set $upstream_port 8083; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Scheme $scheme; - proxy_buffer_size 128k; - proxy_buffers 4 256k; - proxy_busy_buffers_size 256k; - } -} diff --git a/custom_configs/calibre-web.subfolder.conf.sample b/custom_configs/calibre-web.subfolder.conf.sample deleted file mode 100644 index 011c6fc..0000000 --- a/custom_configs/calibre-web.subfolder.conf.sample +++ /dev/null @@ -1,64 +0,0 @@ -## Version 2023/02/05 -# make sure that your calibre-web container is named calibre-web -# calibre-web does not require a base url setting - -location /calibre-web { - return 301 $scheme://$host/calibre-web/; -} - -location ^~ /calibre-web/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - # To use Authelia to log in to Calibre-Web, make sure "Reverse Proxy Login" is - # enabled, "Reverse Proxy Header Name" is set to Remote-User, and each Authelia - # user also has a corresponding user manually created in Calibre-Web. - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app calibre-web; - set $upstream_port 8083; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name /calibre-web; -} - -# OPDS feed for eBook reader apps -# Even if you use Authelia, the OPDS feed requires a password to be set for -# the user directly in Calibre-Web, as eBook reader apps don't support -# form-based logins, only HTTP Basic auth. -location ^~ /calibre-web/opds/ { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app calibre-web; - set $upstream_port 8083; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name /calibre-web; -} - -# Feed for Kobo -location ^~ /calibre-web/kobo/ { - include /config/nginx/resolver.conf; - set $upstream_app calibre-web; - set $upstream_port 8083; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name /calibre-web; - proxy_buffer_size 128k; - proxy_buffers 4 256k; - proxy_busy_buffers_size 256k; -} diff --git a/custom_configs/calibre.subdomain.conf.sample b/custom_configs/calibre.subdomain.conf.sample deleted file mode 100644 index 08a54df..0000000 --- a/custom_configs/calibre.subdomain.conf.sample +++ /dev/null @@ -1,87 +0,0 @@ -## Version 2025/07/18 -# make sure that your calibre container is named calibre -# make sure that your dns has a cname set for calibre -# for the content server, go into calibre preferences / sharing over the net / advanced and -# set the first option for prefix url to '/content-server', save and restart the container -# the content server will be accessible at 'https://calibre.domain.com/content-server/' - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name calibre.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app calibre; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_buffering off; - } - - location /content-server { - return 301 $scheme://$host/content-server/; - } - - location ^~ /content-server/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app calibre; - set $upstream_port 8081; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } -} diff --git a/custom_configs/calibre.subfolder.conf.sample b/custom_configs/calibre.subfolder.conf.sample deleted file mode 100644 index f9192b7..0000000 --- a/custom_configs/calibre.subfolder.conf.sample +++ /dev/null @@ -1,89 +0,0 @@ -## Version 2023/02/05 -# make sure that your calibre container is named calibre -# make sure that calibre is set to work with the base url /calibre/ -# In calibre docker arguments, set an env variable for SUBFOLDER=/calibre/ -# for the content server, go into calibre preferences / sharing over the net / advanced and -# set the first option for prefix url to '/content-server', save and restart the container -# the content server will be accessible at 'https://domain.com/content-server/' - -location /calibre { - return 301 $scheme://$host/calibre/; -} - -location ^~ /calibre/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app calibre; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location /content-server { - return 301 $scheme://$host/content-server/; -} - -location ^~ /content-server/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app calibre; - set $upstream_port 8081; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -# If using subfolders for multiple Linux Desktop containers (full gui apps being rendered over web). -# You will need to modify this path and modify the the client settings in the application. -# Settings > Advanced > Websocket > Path -# IE websockify-calibre -location ^~ /websockify { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app calibre; - set $upstream_port 6901; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_buffering off; -} diff --git a/custom_configs/deluge.subfolder.conf.sample b/custom_configs/deluge.subfolder.conf.sample deleted file mode 100644 index 74aab62..0000000 --- a/custom_configs/deluge.subfolder.conf.sample +++ /dev/null @@ -1,32 +0,0 @@ -## Version 2023/02/05 -# make sure that your deluge container is named deluge -# deluge does not require a base url setting - -location /deluge { - return 301 $scheme://$host/deluge/; -} - -location ^~ /deluge/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app deluge; - set $upstream_port 8112; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /deluge(.*) $1 break; - proxy_set_header X-Deluge-Base "/deluge/"; -} diff --git a/custom_configs/dozzle.subfolder.conf.sample b/custom_configs/dozzle.subfolder.conf.sample deleted file mode 100644 index b0cd5bd..0000000 --- a/custom_configs/dozzle.subfolder.conf.sample +++ /dev/null @@ -1,34 +0,0 @@ -## Version 2023/02/05 -# make sure that your dozzle container is named dozzle -# make sure that dozzle is set to work with the base url /dozzle/ -# First either add "--base /dozzle" or "-e DOZZLE_BASE=/dozzle" to your docker run command, and restart the Dozzle container - -location /dozzle { - return 301 $scheme://$host/dozzle/; -} - -location ^~ /dozzle/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app dozzle; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - chunked_transfer_encoding off; - proxy_buffering off; - proxy_cache off; -} diff --git a/custom_configs/emby.subdomain.conf.sample b/custom_configs/emby.subdomain.conf.sample deleted file mode 100644 index 04aab92..0000000 --- a/custom_configs/emby.subdomain.conf.sample +++ /dev/null @@ -1,33 +0,0 @@ -## Version 2025/07/18 -# make sure that your emby container is named emby -# make sure that your dns has a cname set for emby -# if emby is running in bridge mode and the container is named "emby", the below config should work as is -# if not, replace the line "set $upstream_app emby;" with "set $upstream_app ;" -# or "set $upstream_app ;" for host mode, HOSTIP being the IP address of emby -# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url, -# and set the "Secure connection mode" to "Handled by reverse proxy" - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name emby.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - location / { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app emby; - set $upstream_port 8096; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_set_header Range $http_range; - proxy_set_header If-Range $http_if_range; - } -} diff --git a/custom_configs/emby.subfolder.conf.sample b/custom_configs/emby.subfolder.conf.sample deleted file mode 100644 index b2295c7..0000000 --- a/custom_configs/emby.subfolder.conf.sample +++ /dev/null @@ -1,34 +0,0 @@ -## Version 2023/02/05 -# make sure that your emby container is named emby -# emby does not require a base url setting -# if emby is running in bridge mode and the container is named "emby", the below config should work as is -# if not, replace the line "set $upstream_app emby;" with "set $upstream_app ;" -# or "set $upstream_app ;" for host mode, HOSTIP being the IP address of emby -# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url and subdomain, -# and set the "Secure connection mode" to "Handled by reverse proxy" - -location /emby { - return 301 $scheme://$host/emby/; -} - -location ^~ /emby/ { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app emby; - set $upstream_port 8096; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_set_header Range $http_range; - proxy_set_header If-Range $http_if_range; -} - -location ^~ /embywebsocket { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app emby; - set $upstream_port 8096; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} diff --git a/custom_configs/emulatorjs.subdomain.conf.sample b/custom_configs/emulatorjs.subdomain.conf.sample deleted file mode 100644 index 4a1da24..0000000 --- a/custom_configs/emulatorjs.subdomain.conf.sample +++ /dev/null @@ -1,85 +0,0 @@ -## Version 2025/07/18 -# make sure that your emulatorjs container is named emulatorjs -# make sure that your dns has a cname set for emulatorjs -# In emulatorjs docker arguments, set an env variable for SUBFOLDER=/backend/ -# The backend interface will be accessible at https://emulatorjs.yourdomain.com/backend/ -# Don't forget to enable auth at least for the /backend/ location - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name emulatorjs.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app emulatorjs; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } - - location /backend { - return 301 $scheme://$host/backend/; - } - - location ^~ /backend/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app emulatorjs; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } -} diff --git a/custom_configs/filebrowser.subdomain.conf.sample b/custom_configs/filebrowser.subdomain.conf.sample deleted file mode 100644 index dcbc4ff..0000000 --- a/custom_configs/filebrowser.subdomain.conf.sample +++ /dev/null @@ -1,80 +0,0 @@ -## Version 2025/07/18 -# make sure that your filebrowser container is named filebrowser -# make sure that your dns has a cname set for filebrowser - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name filebrowser.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app filebrowser; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } - - location ~ (/filebrowser)?/api/public { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app filebrowser; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } - - location ~ (/filebrowser)?/share { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app filebrowser; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } - - location ~ (/filebrowser)?/static { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app filebrowser; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } -} diff --git a/custom_configs/filebrowser.subfolder.conf.sample b/custom_configs/filebrowser.subfolder.conf.sample deleted file mode 100644 index 8c7ceaf..0000000 --- a/custom_configs/filebrowser.subfolder.conf.sample +++ /dev/null @@ -1,61 +0,0 @@ -## Version 2023/02/05 -# make sure that your filebrowser container is named filebrowser -# make sure that filebrowser is set to work with the base url /filebrowser/ -# set this environment variable on your filebrowser container FB_BASEURL=/filebrowser - -location /filebrowser { - return 301 $scheme://$host/filebrowser/; -} - -location ^~ /filebrowser/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app filebrowser; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /filebrowser/api/public { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app filebrowser; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /filebrowser/share { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app filebrowser; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /filebrowser/static { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app filebrowser; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} diff --git a/custom_configs/flexget.subfolder.conf.sample b/custom_configs/flexget.subfolder.conf.sample deleted file mode 100644 index 12f1566..0000000 --- a/custom_configs/flexget.subfolder.conf.sample +++ /dev/null @@ -1,39 +0,0 @@ -## Version 2023/02/12 -# make sure that your flexget container is named flexget -# make sure that flexget is set to work with the base url /flexget/ -# make sure to set 'base_url: /flexget' under your flexget's config.yml web_server block - -location /flexget { - return 301 $scheme://$host/flexget/; -} - -location ^~ /flexget/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app flexget; - set $upstream_port 5050; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; -} - -location ^~ /flexget/api/ { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app flexget; - set $upstream_port 5050; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; -} diff --git a/custom_configs/freshrss.subfolder.conf.sample b/custom_configs/freshrss.subfolder.conf.sample deleted file mode 100644 index 208d400..0000000 --- a/custom_configs/freshrss.subfolder.conf.sample +++ /dev/null @@ -1,36 +0,0 @@ -## Version 2023/02/05 -# make sure that your freshrss container is named freshrss -# freshrss does not require a base url setting - -location /freshrss { - return 301 $scheme://$host/freshrss/; -} - -location ^~ /freshrss/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app freshrss; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /freshrss(.*) $1 break; - proxy_buffering off; - proxy_set_header X-Forwarded-Port $server_port; - proxy_cookie_path / "/; HTTPOnly; Secure"; - proxy_set_header Authorization $http_authorization; - proxy_pass_header Authorization; -} diff --git a/custom_configs/gaps.subfolder.conf.sample b/custom_configs/gaps.subfolder.conf.sample deleted file mode 100644 index 9f99ff7..0000000 --- a/custom_configs/gaps.subfolder.conf.sample +++ /dev/null @@ -1,33 +0,0 @@ -## Version 2023/02/05 -# make sure that your gaps container is named gaps -# make sure that gaps is set to work with the base url /gaps/ -# In your Docker compose (or docker run) add: BASE_URL: /gaps - -location /gaps { - return 301 $scheme://$host/gaps/; -} - -location ^~ /gaps/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app gaps; - set $upstream_port 8484; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - # Uncomment to allow loading in an iframe (i.e. Organizr) - # proxy_hide_header X-Frame-Options; -} diff --git a/custom_configs/gitea.subdomain.conf.sample b/custom_configs/gitea.subdomain.conf.sample deleted file mode 100644 index 7c1024f..0000000 --- a/custom_configs/gitea.subdomain.conf.sample +++ /dev/null @@ -1,69 +0,0 @@ -## Version 2025/07/18 -# make sure that your gitea container is named gitea -# make sure that your dns has a cname set for gitea -# edit the following parameters in /data/gitea/conf/app.ini -# [server] -# SSH_DOMAIN = gitea.server.com -# ROOT_URL = https://gitea.server.com/ -# DOMAIN = gitea.server.com - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name gitea.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app gitea; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/gitea)?/(api|info/lfs) { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app gitea; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/grafana.subfolder.conf.sample b/custom_configs/grafana.subfolder.conf.sample deleted file mode 100644 index f460c48..0000000 --- a/custom_configs/grafana.subfolder.conf.sample +++ /dev/null @@ -1,50 +0,0 @@ -## Version 2023/04/20 -# make sure that your grafana container is named grafana -# make sure that grafana is set to work with the base url /grafana/ -# grafana requires environment variables set thus: -# environment: -# - "GF_SERVER_ROOT_URL=https://my.domain.com/grafana" -# - "GF_SERVER_DOMAIN=https://my.domain.com/" - -location ^~ /grafana/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app grafana; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - # Clear Authorization Header if you are using http auth and normal Grafana auth - #proxy_set_header Authorization ""; - - rewrite ^/grafana/(.*)$ /$1 break; - -} - -location ^~ /grafana/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app grafana; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - # Clear Authorization Header if you are using http auth and normal Grafana auth - #proxy_set_header Authorization ""; - - rewrite ^/grafana/(.*)$ /$1 break; - -} diff --git a/custom_configs/homeassistant.subdomain.conf.sample b/custom_configs/homeassistant.subdomain.conf.sample deleted file mode 100644 index b7e5a2b..0000000 --- a/custom_configs/homeassistant.subdomain.conf.sample +++ /dev/null @@ -1,72 +0,0 @@ -## Version 2025/07/18 -# make sure that your homeassistant container is named homeassistant -# make sure that your dns has a cname set for homeassistant - -# As of homeassistant 2021.7.0, it is now required to define the network range your proxy resides in, this is done in Homeassitants configuration.yaml -# https://www.home-assistant.io/integrations/http/#trusted_proxies -# Example below uses the default dockernetwork ranges, you may need to update this if you dont use defaults. -# -# http: -# use_x_forwarded_for: true -# trusted_proxies: -# - 172.16.0.0/12 - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name homeassistant.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app homeassistant; - set $upstream_port 8123; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ ^/(api|local|media)/ { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app homeassistant; - set $upstream_port 8123; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } -} diff --git a/custom_configs/jackett.subdomain.conf.sample b/custom_configs/jackett.subdomain.conf.sample deleted file mode 100644 index c761222..0000000 --- a/custom_configs/jackett.subdomain.conf.sample +++ /dev/null @@ -1,74 +0,0 @@ -## Version 2025/07/18 -# make sure that your jackett container is named jackett -# make sure that your dns has a cname set for jackett - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name jackett.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app jackett; - set $upstream_port 9117; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/jackett)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app jackett; - set $upstream_port 9117; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/jackett)?/dl { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app jackett; - set $upstream_port 9117; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/jackett.subfolder.conf.sample b/custom_configs/jackett.subfolder.conf.sample deleted file mode 100644 index 030b96c..0000000 --- a/custom_configs/jackett.subfolder.conf.sample +++ /dev/null @@ -1,46 +0,0 @@ -## Version 2023/02/05 -# make sure that your jackett container is named jackett -# make sure that jackett is set to work with the base url /jackett/ - -location ^~ /jackett { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app jackett; - set $upstream_port 9117; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /jackett/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app jackett; - set $upstream_port 9117; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /jackett/dl { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app jackett; - set $upstream_port 9117; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} diff --git a/custom_configs/jdownloader.subdomain.conf.sample b/custom_configs/jdownloader.subdomain.conf.sample deleted file mode 100644 index 72cd4e0..0000000 --- a/custom_configs/jdownloader.subdomain.conf.sample +++ /dev/null @@ -1,62 +0,0 @@ -## Version 2025/08/07 -# make sure that your jdownloader container is named jdownloader -# make sure that your dns has a cname set for jdownloader - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name jdownloader.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app jdownloader; - set $upstream_port 5800; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } - - location ~ (/jdownloader)?/websockify { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app jdownloader; - set $upstream_port 5800; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port/websockify; - } -} diff --git a/custom_configs/jenkins.subfolder.conf.sample b/custom_configs/jenkins.subfolder.conf.sample deleted file mode 100644 index ac6e7e2..0000000 --- a/custom_configs/jenkins.subfolder.conf.sample +++ /dev/null @@ -1,39 +0,0 @@ -## Version 2023/02/05 -# make sure that your jenkins container is named jenkins -# make sure that jenkins is set to work with the base url /jenkins/ -# First either add '--prefix=/jenkins' or '-e JENKINS_OPTS="--prefix=/jenkins"' to your docker run command, and restart the Jenkins container. -# Also be sure to add '/jenkins/' to your URL under: Jenkins > Configuration > Manage Jenkins > Jenkins URL - -location /jenkins { - return 301 $scheme://$host/jenkins/; -} - -location ^~ /jenkins/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app jenkins; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - # This is the maximum upload size - client_max_body_size 10m; - sendfile off; - proxy_max_temp_file_size 0; - proxy_temp_file_write_size 64k; - proxy_request_buffering off; - proxy_buffering off; -} diff --git a/custom_configs/jfa-go.subfolder.conf.sample b/custom_configs/jfa-go.subfolder.conf.sample deleted file mode 100644 index 0709ebc..0000000 --- a/custom_configs/jfa-go.subfolder.conf.sample +++ /dev/null @@ -1,33 +0,0 @@ -## Version 2023/02/05 -# make sure that your jfa-go container is named jfa-go -# make sure to set the URL base (“Reverse Proxy subfolder”) in jfa-go > Settings > General (ui > url_base in jfa-go config.ini) to "/jfa-go/" - -location /jfa-go { - return 301 $scheme://$host/jfa-go/; -} - -location ^~ /jfa-go/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app jfa-go; - set $upstream_port 8056; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - # Remove the CSP header set for Jellyfin - proxy_hide_header Content-Security-Policy; - add_header Content-Security-Policy ""; -} diff --git a/custom_configs/mailu.subfolder.conf.sample b/custom_configs/mailu.subfolder.conf.sample deleted file mode 100644 index 5a4cfef..0000000 --- a/custom_configs/mailu.subfolder.conf.sample +++ /dev/null @@ -1,60 +0,0 @@ -## Version 2023/02/05 -# make sure that your mailu container is named mailu -# mailu does not require a base url setting - -# This config have been tested with "TLS_FLAVOR=mail" -# To avoid errors you must change in docker-compose ports: 80 and 443, more info: https://mailu.io/1.7/reverse.html - -location /admin { - return 301 $scheme://$host/admin/; -} - -location ^~ /admin/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app front; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location /webmail { - return 301 $scheme://$host/webmail/; -} - -location ^~ /webmail/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app front; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} diff --git a/custom_configs/metabase.subdomain.conf.sample b/custom_configs/metabase.subdomain.conf.sample deleted file mode 100644 index 445bc70..0000000 --- a/custom_configs/metabase.subdomain.conf.sample +++ /dev/null @@ -1,62 +0,0 @@ -## Version 2025/07/18 -# make sure that your metabase container is named metabase -# make sure that your dns has a cname set for metabase - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name metabase.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app metabase; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } - - location ~ ^/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app metabase; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } -} diff --git a/custom_configs/monica.subfolder.conf.sample b/custom_configs/monica.subfolder.conf.sample deleted file mode 100644 index 2e7c84d..0000000 --- a/custom_configs/monica.subfolder.conf.sample +++ /dev/null @@ -1,31 +0,0 @@ -## Version 2023/02/05 -# make sure that your monica container is named monica -# make sure that monica is set to work with the base url /monica/ -# Set the monica Docker container's APP_URL to a fully-qualified domain that ends with /monica/ and restart the container. -# Example: https://yourhost.cc/monica/ - -location /monica { - return 301 $scheme://$host/monica/; -} - -location ^~ /monica/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app monica; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; -} diff --git a/custom_configs/mytinytodo.subfolder.conf.sample b/custom_configs/mytinytodo.subfolder.conf.sample deleted file mode 100644 index 6a09929..0000000 --- a/custom_configs/mytinytodo.subfolder.conf.sample +++ /dev/null @@ -1,31 +0,0 @@ -## Version 2023/02/05 -# make sure that your mytinytodo container is named mytinytodo -# make sure that mytinytodo is set to work with the base url /todo/ -# works with https://github.com/breakall/mytinytodo-docker -# set the mtt_url to 'https://your.domain.com/todo/' in db/config.php - -location /todo { - return 301 $scheme://$host/todo/; -} - -location ^~ /todo/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app mytinytodo; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port/; -} diff --git a/custom_configs/nextcloud.subfolder.conf.sample b/custom_configs/nextcloud.subfolder.conf.sample deleted file mode 100644 index f206d06..0000000 --- a/custom_configs/nextcloud.subfolder.conf.sample +++ /dev/null @@ -1,51 +0,0 @@ -## Version 2024/04/25 -# make sure that your nextcloud container is named nextcloud -# make sure that nextcloud is set to work with the base url /nextcloud/ -# Assuming this container is called "swag", edit your nextcloud container's config -# located at /config/www/nextcloud/config/config.php and add the following lines before the ");": -# 'trusted_proxies' => [gethostbyname('swag')], -# 'overwritewebroot' => '/nextcloud', -# 'overwrite.cli.url' => 'https://example.com/nextcloud', -# -# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: -# array ( -# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. -# 1 => 'example.com', -# ), - -location ^~ /.well-known { - # The rules in this block are an adaptation of the rules - # in the Nextcloud `.htaccess` that concern `/.well-known`. - - location = /.well-known/carddav { return 301 /nextcloud/remote.php/dav/; } - location = /.well-known/caldav { return 301 /nextcloud/remote.php/dav/; } - - # Let Nextcloud's API for `/.well-known` URIs handle all other - # requests by passing them to the front-end controller. - return 301 /nextcloud/index.php$request_uri; -} - -location ^~ /nextcloud/ { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nextcloud; - set $upstream_port 443; - set $upstream_proto https; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /nextcloud(.*) $1 break; - - proxy_set_header Range $http_range; - proxy_set_header If-Range $http_if_range; - proxy_ssl_session_reuse off; - - # Hide proxy response headers from Nextcloud that conflict with ssl.conf - # Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan - proxy_hide_header Referrer-Policy; - proxy_hide_header X-Content-Type-Options; - proxy_hide_header X-Frame-Options; - proxy_hide_header X-XSS-Protection; - - # Disable proxy buffering - proxy_buffering off; -} diff --git a/custom_configs/nzbget.subdomain.conf.sample b/custom_configs/nzbget.subdomain.conf.sample deleted file mode 100644 index 02fcc4f..0000000 --- a/custom_configs/nzbget.subdomain.conf.sample +++ /dev/null @@ -1,84 +0,0 @@ -## Version 2025/07/18 -# make sure that your nzbget container is named nzbget -# make sure that your dns has a cname set for nzbget - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name nzbget.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbget; - set $upstream_port 6789; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/nzbget)?(/[^\/:]*:[^\/:]*)?/jsonrpc { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbget; - set $upstream_port 6789; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/nzbget)?(/[^\/:]*:[^\/]*)?/jsonprpc { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbget; - set $upstream_port 6789; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/nzbget)?(/[^\/:]*:[^\/]*)?/xmlrpc { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbget; - set $upstream_port 6789; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/nzbget.subfolder.conf.sample b/custom_configs/nzbget.subfolder.conf.sample deleted file mode 100644 index 2daf488..0000000 --- a/custom_configs/nzbget.subfolder.conf.sample +++ /dev/null @@ -1,57 +0,0 @@ -## Version 2023/02/05 -# make sure that your nzbget container is named nzbget -# make sure that nzbget is set to work with the base url /nzbget/ -# nzbget does not require a base url setting - -location /nzbget { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbget; - set $upstream_port 6789; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ /nzbget(/[^\/:]*:[^\/]*)?/jsonrpc { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbget; - set $upstream_port 6789; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ /nzbget(/[^\/:]*:[^\/]*)?/jsonprpc { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbget; - set $upstream_port 6789; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ /nzbget(/[^\/:]*:[^\/]*)?/xmlrpc { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbget; - set $upstream_port 6789; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} diff --git a/custom_configs/nzbhydra.subdomain.conf.sample b/custom_configs/nzbhydra.subdomain.conf.sample deleted file mode 100644 index 753f92c..0000000 --- a/custom_configs/nzbhydra.subdomain.conf.sample +++ /dev/null @@ -1,104 +0,0 @@ -## Version 2025/07/18 -# make sure that your nzbhydra container is named nzbhydra2 -# make sure that your dns has a cname set for nzbhydra - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name nzbhydra.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbhydra2; - set $upstream_port 5076; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/nzbhydra)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbhydra2; - set $upstream_port 5076; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/nzbhydra)?/getnzb { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbhydra2; - set $upstream_port 5076; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/nzbhydra)?/gettorrent { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbhydra2; - set $upstream_port 5076; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/nzbhydra)?/rss { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbhydra2; - set $upstream_port 5076; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/nzbhydra)?/torznab/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbhydra2; - set $upstream_port 5076; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/nzbhydra.subfolder.conf.sample b/custom_configs/nzbhydra.subfolder.conf.sample deleted file mode 100644 index 22a721d..0000000 --- a/custom_configs/nzbhydra.subfolder.conf.sample +++ /dev/null @@ -1,77 +0,0 @@ -## Version 2023/02/05 -# make sure that your nzbhydra container is named nzbhydra2 -# make sure that nzbhydra is set to work with the base url /nzbhydra/ -# first go into nzbhydra settings, set the URL Base to /nzbhydra, then disable CSRF protection on the same page and restart the nzbhydra container - -location ^~ /nzbhydra { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbhydra2; - set $upstream_port 5076; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /nzbhydra/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbhydra2; - set $upstream_port 5076; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /nzbhydra/getnzb { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbhydra2; - set $upstream_port 5076; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /nzbhydra/gettorrent { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbhydra2; - set $upstream_port 5076; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /nzbhydra/rss { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbhydra2; - set $upstream_port 5076; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /nzbhydra/torznab/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app nzbhydra2; - set $upstream_port 5076; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} diff --git a/custom_configs/ombi.subdomain.conf.sample b/custom_configs/ombi.subdomain.conf.sample deleted file mode 100644 index e166364..0000000 --- a/custom_configs/ombi.subdomain.conf.sample +++ /dev/null @@ -1,80 +0,0 @@ -## Version 2025/07/18 -# make sure that your ombi container is named ombi -# make sure that your dns has a cname set for ombi - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name ombi.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app ombi; - set $upstream_port 3579; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - # This allows access to the actual api - location ~ (/ombi)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app ombi; - set $upstream_port 3579; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - # This allows access to the documentation for the api - location ~ (/ombi)?/swagger { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app ombi; - set $upstream_port 3579; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - if ($http_referer ~* /ombi) { - rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect; - } -} diff --git a/custom_configs/ombi.subfolder.conf.sample b/custom_configs/ombi.subfolder.conf.sample deleted file mode 100644 index a72188a..0000000 --- a/custom_configs/ombi.subfolder.conf.sample +++ /dev/null @@ -1,61 +0,0 @@ -## Version 2023/02/05 -# make sure that your ombi container is named ombi -# make sure that ombi is set to work with the base url /ombi/ -# first go into ombi settings, under the menu "Ombi" set the base url to /ombi and restart the ombi container - -location /ombi { - return 301 $scheme://$host/ombi/; -} - -location ^~ /ombi/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app ombi; - set $upstream_port 3579; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -# This allows access to the actual api -location ^~ /ombi/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app ombi; - set $upstream_port 3579; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -if ($http_referer ~* /ombi) { - rewrite ^/api/(.*) /ombi/api/$1? redirect; -} - -# This allows access to the documentation for the api -location ^~ /ombi/swagger { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app ombi; - set $upstream_port 3579; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -if ($http_referer ~* /ombi) { - rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect; -} diff --git a/custom_configs/organizr-auth.subfolder.conf.sample b/custom_configs/organizr-auth.subfolder.conf.sample deleted file mode 100644 index cb55d38..0000000 --- a/custom_configs/organizr-auth.subfolder.conf.sample +++ /dev/null @@ -1,41 +0,0 @@ -## Version 2023/02/05 -# make sure that your organizr container is named organizr -# To use config this with subfolder proxies: -# Rename this file to organizr-auth.subfolder.conf -# Add one of the auth_request lines from the comments below -# ex: -# auth_request /auth-0; -# -# To use config this with subdomain proxies: -# Rename this file to organizr-auth.subfolder.conf (the subfolder file name is still used) -# Add the following line in your other subdomain proxy configs -# include /config/nginx/proxy-confs/organizr-auth.subfolder.conf; -# Add one of the auth_request lines from the comments below -# ex: -# include /config/nginx/proxy-confs/organizr-auth.subfolder.conf; -# auth_request /auth-0; - -location ~ /auth-([0-9]+) { - internal; - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_auth_app organizr; - set $upstream_auth_port 80; - set $upstream_auth_proto http; - proxy_pass $upstream_auth_proto://$upstream_auth_app:$upstream_auth_port/api/v2/auth?group=$1; - - proxy_set_header Content-Length ""; - - # Do not uncomment the lines below, these are examples for use in other proxy configs - #auth_request /auth-0; #=Admin - #auth_request /auth-1; #=Co-Admin - #auth_request /auth-2; #=Super User - #auth_request /auth-3; #=Power User - #auth_request /auth-4; #=User - #auth_request /auth-998; #=Logged In - #auth_request /auth-999; #=Guest -} - -# Optional redirect server authentication errors to organizr authentication page -# NOTE: $host must be modified to your public URL when using subdomain proxies -#error_page 401 $scheme://$host/?error=$status&return=$scheme://$http_host$request_uri; diff --git a/custom_configs/organizr.subdomain.conf.sample b/custom_configs/organizr.subdomain.conf.sample deleted file mode 100644 index 08509dd..0000000 --- a/custom_configs/organizr.subdomain.conf.sample +++ /dev/null @@ -1,58 +0,0 @@ -## Version 2025/07/18 -# make sure that your organizr container is named organizr -# make sure that your dns has a cname set for organizr - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name organizr.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app organizr; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - # Optional redirect server errors to organizr error pages - #error_page 400 402 403 404 405 408 500 502 503 504 $scheme://$host/?error=$status; - -} diff --git a/custom_configs/organizr.subfolder.conf.sample b/custom_configs/organizr.subfolder.conf.sample deleted file mode 100644 index aed65c3..0000000 --- a/custom_configs/organizr.subfolder.conf.sample +++ /dev/null @@ -1,29 +0,0 @@ -## Version 2023/02/05 -# make sure that your organizr container is named organizr -# In order to use this location block you need to edit the default file one folder up and comment out the / and ~ \.php$ locations - -location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app organizr; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -# Optional redirect server errors to organizr error pages -#error_page 400 402 403 404 405 408 500 502 503 504 $scheme://$host/?error=$status; diff --git a/custom_configs/pihole.subdomain.conf.sample b/custom_configs/pihole.subdomain.conf.sample deleted file mode 100644 index 342f3c7..0000000 --- a/custom_configs/pihole.subdomain.conf.sample +++ /dev/null @@ -1,82 +0,0 @@ -## Version 2025/07/18 -# make sure that your pihole container is named pihole -# make sure that your dns has a cname set for pihole - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name pihole.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app pihole; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_hide_header X-Frame-Options; - } - - location /admin { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app pihole; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_hide_header X-Frame-Options; - } -} diff --git a/custom_configs/pihole.subfolder.conf.sample b/custom_configs/pihole.subfolder.conf.sample deleted file mode 100644 index dbc330e..0000000 --- a/custom_configs/pihole.subfolder.conf.sample +++ /dev/null @@ -1,61 +0,0 @@ -## Version 2023/02/05 -# make sure that your pihole container is named pihole -# pihole does not require a base url setting - -location /pihole { - return 301 $scheme://$host/pihole/; -} - -location ^~ /pihole/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app pihole; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /pihole(.*) $1 break; - proxy_hide_header X-Frame-Options; -} - -location /pihole/admin { - return 301 $scheme://$host/pihole/admin/; -} - -location ^~ /pihole/admin/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app pihole; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /pihole(.*) $1 break; - proxy_hide_header X-Frame-Options; -} diff --git a/custom_configs/plex.subdomain.conf.sample b/custom_configs/plex.subdomain.conf.sample deleted file mode 100644 index 78a94af..0000000 --- a/custom_configs/plex.subdomain.conf.sample +++ /dev/null @@ -1,80 +0,0 @@ -## Version 2025/07/18 -# make sure that your plex container is named plex -# make sure that your dns has a cname set for plex -# if plex is running in bridge mode and the container is named "plex", the below config should work as is -# if not, replace the line "set $upstream_app plex;" with "set $upstream_app ;" -# or "set $upstream_app ;" for host mode, HOSTIP being the IP address of plex -# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443") - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name plex.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - proxy_redirect off; - proxy_buffering off; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app plex; - set $upstream_port 32400; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; - proxy_set_header X-Plex-Device $http_x_plex_device; - proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; - proxy_set_header X-Plex-Platform $http_x_plex_platform; - proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; - proxy_set_header X-Plex-Product $http_x_plex_product; - proxy_set_header X-Plex-Token $http_x_plex_token; - proxy_set_header X-Plex-Version $http_x_plex_version; - proxy_set_header X-Plex-Nocache $http_x_plex_nocache; - proxy_set_header X-Plex-Provides $http_x_plex_provides; - proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; - proxy_set_header X-Plex-Model $http_x_plex_model; - } - - location /library/streams/ { - set $upstream_app plex; - set $upstream_port 32400; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_pass_request_headers off; - } -} diff --git a/custom_configs/plex.subfolder.conf.sample b/custom_configs/plex.subfolder.conf.sample deleted file mode 100644 index d1e2ef1..0000000 --- a/custom_configs/plex.subfolder.conf.sample +++ /dev/null @@ -1,54 +0,0 @@ -## Version 2023/02/05 -#******** This config no longer works as intended. The web app loads, but no direct connection to server is made. ********* -#******** PRs welcome for anyone who figures out how to fix it. Use the subdomain config in the meantime. ******* - -# make sure that your plex container is named plex -# if plex is running in bridge mode and the container is named "plex", the below config should work as is -# if not, replace the line "set $upstream_app plex;" with "set $upstream_app ;" -# or "set $upstream_app ;" for host mode, HOSTIP being the IP address of plex -# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://yourdomain.url:443/plex") - -location /plex { - return 301 $scheme://$host/plex/; -} - -location ^~ /plex/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app plex; - set $upstream_port 32400; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /plex(.*) $1 break; - - proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; - proxy_set_header X-Plex-Device $http_x_plex_device; - proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; - proxy_set_header X-Plex-Platform $http_x_plex_platform; - proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; - proxy_set_header X-Plex-Product $http_x_plex_product; - proxy_set_header X-Plex-Token $http_x_plex_token; - proxy_set_header X-Plex-Version $http_x_plex_version; - proxy_set_header X-Plex-Nocache $http_x_plex_nocache; - proxy_set_header X-Plex-Provides $http_x_plex_provides; - proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; - proxy_set_header X-Plex-Model $http_x_plex_model; -} - -if ($http_referer ~* /plex) { - rewrite ^/web/(.*) /plex/web/$1? redirect; -} diff --git a/custom_configs/plexwebtools.subdomain.conf.sample b/custom_configs/plexwebtools.subdomain.conf.sample deleted file mode 100644 index 92904b0..0000000 --- a/custom_configs/plexwebtools.subdomain.conf.sample +++ /dev/null @@ -1,54 +0,0 @@ -## Version 2025/07/18 -# make sure that your plex container is named plex -# make sure that your dns has a cname set for plexwebtools - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name plexwebtools.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app plex; - set $upstream_port 33400; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/plexwebtools.subfolder.conf.sample b/custom_configs/plexwebtools.subfolder.conf.sample deleted file mode 100644 index 6175209..0000000 --- a/custom_configs/plexwebtools.subfolder.conf.sample +++ /dev/null @@ -1,30 +0,0 @@ -## Version 2023/02/05 -# make sure that your plex container is named plex -# make sure that plexwebtools is set to work with the base url /plexwebtools/ - -location /plexwebtools { - return 301 $scheme://$host/plexwebtools/; -} - -location ^~ /plexwebtools/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app plex; - set $upstream_port 33400; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} diff --git a/custom_configs/portainer.subdomain.conf.sample b/custom_configs/portainer.subdomain.conf.sample deleted file mode 100644 index 4119144..0000000 --- a/custom_configs/portainer.subdomain.conf.sample +++ /dev/null @@ -1,66 +0,0 @@ -## Version 2025/07/18 -# make sure that your portainer container is named portainer -# make sure that your dns has a cname set for portainer - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name portainer.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app portainer; - set $upstream_port 9000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 - } - - location ~ (/portainer)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app portainer; - set $upstream_port 9000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 - } -} diff --git a/custom_configs/portainer.subfolder.conf.sample b/custom_configs/portainer.subfolder.conf.sample deleted file mode 100644 index bf0f2e6..0000000 --- a/custom_configs/portainer.subfolder.conf.sample +++ /dev/null @@ -1,44 +0,0 @@ -## Version 2023/02/12 -# make sure that your portainer container is named portainer -# portainer does not require a base url setting - -location /portainer { - return 301 $scheme://$host/portainer/; -} - -location ^~ /portainer/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app portainer; - set $upstream_port 9000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /portainer(.*) $1 break; - proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 -} - -location ^~ /portainer/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app portainer; - set $upstream_port 9000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /portainer(.*) $1 break; - proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 -} diff --git a/custom_configs/prometheus.subdomain.conf.sample b/custom_configs/prometheus.subdomain.conf.sample deleted file mode 100644 index 1b2ab86..0000000 --- a/custom_configs/prometheus.subdomain.conf.sample +++ /dev/null @@ -1,78 +0,0 @@ -## Version 2025/07/18 -# make sure that your prometheus container is named prometheus -# make sure that your dns has a cname set for prometheus - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name prometheus.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app prometheus; - set $upstream_port 9090; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/prometheus)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app prometheus; - set $upstream_port 9090; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/prometheus)?/-/(healthy|ready|reload|quit) { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app prometheus; - set $upstream_port 9090; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/prowlarr.subdomain.conf.sample b/custom_configs/prowlarr.subdomain.conf.sample deleted file mode 100644 index 681d76f..0000000 --- a/custom_configs/prowlarr.subdomain.conf.sample +++ /dev/null @@ -1,72 +0,0 @@ -## Version 2025/07/18 -# make sure that your prowlarr container is named prowlarr -# make sure that your dns has a cname set for prowlarr - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name prowlarr.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app prowlarr; - set $upstream_port 9696; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } - - location ~ (/prowlarr)?(/[0-9]+)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app prowlarr; - set $upstream_port 9696; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } - - location ~ (/prowlarr)?(/[0-9]+)?/download { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app prowlarr; - set $upstream_port 9696; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/prowlarr.subfolder.conf.sample b/custom_configs/prowlarr.subfolder.conf.sample deleted file mode 100644 index cb37349..0000000 --- a/custom_configs/prowlarr.subfolder.conf.sample +++ /dev/null @@ -1,46 +0,0 @@ -## Version 2023/09/13 -# make sure that your prowlarr container is named prowlarr -# make sure that prowlarr is set to work with the base url /prowlarr/ - -location /prowlarr { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app prowlarr; - set $upstream_port 9696; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ /prowlarr(/[0-9]+)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app prowlarr; - set $upstream_port 9696; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ /prowlarr(/[0-9]+)?/download { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app prowlarr; - set $upstream_port 9696; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} diff --git a/custom_configs/pterodactylnode.subdomain.conf.sample b/custom_configs/pterodactylnode.subdomain.conf.sample deleted file mode 100644 index 85bf09b..0000000 --- a/custom_configs/pterodactylnode.subdomain.conf.sample +++ /dev/null @@ -1,67 +0,0 @@ -## Version 2025/07/18 -# this is for nodes, not your actual panel -# make sure you set your node to use 443 as its API port -# make sure that your pterodactylnode container is named pterodactylnode -# make sure that your dns has a cname set for pterodactylnode - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name pterodactylnode.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app pterodactylnode; - set $upstream_port 443; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/pterodactylnode)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app pterodactylnode; - set $upstream_port 443; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/rclone.subfolder.conf.sample b/custom_configs/rclone.subfolder.conf.sample deleted file mode 100644 index ce1bacc..0000000 --- a/custom_configs/rclone.subfolder.conf.sample +++ /dev/null @@ -1,42 +0,0 @@ -## Version 2023/02/05 -# make sure that your rclone container is named rclone -# rclone does not require a base url setting - -location /rclone { - return 301 $scheme://$host/rclone/; -} - -location ^~ /rclone/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app rclone; - set $upstream_port 5800; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /rclone(.*) $1 break; -} - -location ^~ /rclone/websockify { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app rclone; - set $upstream_port 5800; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port/websockify/; - - rewrite /rclone(.*) $1 break; -} diff --git a/custom_configs/rutorrent.subfolder.conf.sample b/custom_configs/rutorrent.subfolder.conf.sample deleted file mode 100644 index bd45a7a..0000000 --- a/custom_configs/rutorrent.subfolder.conf.sample +++ /dev/null @@ -1,59 +0,0 @@ -## Version 2023/02/05 -# make sure that your rutorrent container is named rutorrent -# rutorrent does not require a base url setting - -location /rutorrent { - return 301 $scheme://$host/rutorrent/; -} - -location ^~ /rutorrent/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app rutorrent; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /rutorrent(.*) $1 break; -} - -location ^~ /rutorrent/RPC2 { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # block rpc access by default because it is unprotected - # you can comment out the next line to enable remote rpc calls - deny all; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app rutorrent; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /rutorrent(.*) $1 break; -} diff --git a/custom_configs/sonarrtorss.subdomain.conf.sample b/custom_configs/sonarrtorss.subdomain.conf.sample deleted file mode 100644 index 42a58d3..0000000 --- a/custom_configs/sonarrtorss.subdomain.conf.sample +++ /dev/null @@ -1,62 +0,0 @@ -## Version 2025/07/18 -# make sure that your sonarrtorss container is named sonarrtorss -# make sure that your dns has a cname set for sonarrtorss - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name sonarrtorss.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app sonarrtorss; - set $upstream_port 18989; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } - - location ~ ^/(api/|sonarr$|rss$|atom$|json$) { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app sonarrtorss; - set $upstream_port 18989; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } -} diff --git a/custom_configs/sonarrtorss.subfolder.conf.sample b/custom_configs/sonarrtorss.subfolder.conf.sample deleted file mode 100644 index 8b5c37a..0000000 --- a/custom_configs/sonarrtorss.subfolder.conf.sample +++ /dev/null @@ -1,38 +0,0 @@ -## Version 2024/06/21 -# make sure that your sonarrtorss container is named sonarrtorss -# sonarrtorss does not require a base url setting - -location ^~ /sonarrtorss { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app sonarrtorss; - set $upstream_port 18989; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /sonarrtorss(.*) $1 break; -} - -location ~ ^/sonarrtorss/(api/|sonarr$|rss$|atom$|json$) { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app sonarrtorss; - set $upstream_port 18989; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /sonarrtorss(.*) $1 break; -} diff --git a/custom_configs/synclounge.subdomain.conf.sample b/custom_configs/synclounge.subdomain.conf.sample deleted file mode 100644 index b652279..0000000 --- a/custom_configs/synclounge.subdomain.conf.sample +++ /dev/null @@ -1,66 +0,0 @@ -## Version 2025/07/18 -# make sure that your synclounge container is named synclounge -# make sure that your dns has a cname set for synclounge -# Use this with SyncLounge v3 and up. -# Make sure that you do not have HSTS enabled, otherwise http access won't work - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - listen 80; - listen [::]:80; - - server_name synclounge.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app synclounge; - set $upstream_port 8088; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_buffering off; - proxy_socket_keepalive on; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; - proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; - proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; - - } -} diff --git a/custom_configs/synclounge.subfolder.conf.sample b/custom_configs/synclounge.subfolder.conf.sample deleted file mode 100644 index dc98fb6..0000000 --- a/custom_configs/synclounge.subfolder.conf.sample +++ /dev/null @@ -1,59 +0,0 @@ -## Version 2023/02/05 -# make sure that your synclounge container is named synclounge -# make sure that synclounge is set to work with the base url /synclounge/ -# Use this with SyncLounge v3 or up -# -# To allow non-secure connections (http), which is required by some Plex clients, modify the first block in site-confs/default to look something like this: -#server { -# listen 80 default_server; -# listen [::]:80 default_server; -# server_name _; -# -# # Don't force redirect SyncLounge to https -# include /config/nginx/proxy-confs/synclounge.subfolder.conf; -# -# location / { -# return 301 https://$host$request_uri; -# } -#} - -# Uncomment to force SyncLounge to always load over http. Only use this if you've allowed http per the above instructions. -#if ($scheme = https) { -# return 301 http://$host$request_uri; -#} - -location /synclounge { - return 301 $scheme://$host/synclounge/; -} - -location /synclounge/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app synclounge; - set $upstream_port 8088; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /synclounge(.*) $1 break; - - proxy_buffering off; - proxy_socket_keepalive on; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; - proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; - proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; - -} diff --git a/custom_configs/syncthing.subdomain.conf.sample b/custom_configs/syncthing.subdomain.conf.sample deleted file mode 100644 index cdc3d45..0000000 --- a/custom_configs/syncthing.subdomain.conf.sample +++ /dev/null @@ -1,66 +0,0 @@ -## Version 2025/07/18 -# make sure that your syncthing container is named syncthing -# make sure that your dns has a cname set for syncthing - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name syncthing.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app syncthing; - set $upstream_port 8384; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_hide_header Authorization; - } - - location ~ (/syncthing)?/rest { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app syncthing; - set $upstream_port 8384; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_hide_header Authorization; - } -} diff --git a/custom_configs/syncthing.subfolder.conf.sample b/custom_configs/syncthing.subfolder.conf.sample deleted file mode 100644 index 17f719e..0000000 --- a/custom_configs/syncthing.subfolder.conf.sample +++ /dev/null @@ -1,44 +0,0 @@ -## Version 2023/02/12 -# make sure that your syncthing container is named syncthing -# syncthing does not require a base url setting - -location /syncthing { - return 301 $scheme://$host/syncthing/; -} - -location ^~ /syncthing/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app syncthing; - set $upstream_port 8384; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /syncthing(.*) $1 break; - proxy_hide_header Authorization; -} - -location ^~ /syncthing/rest { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app syncthing; - set $upstream_port 8384; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /syncthing(.*) $1 break; - proxy_hide_header Authorization; -} diff --git a/custom_configs/tautulli.subdomain.conf.sample b/custom_configs/tautulli.subdomain.conf.sample deleted file mode 100644 index fa48707..0000000 --- a/custom_configs/tautulli.subdomain.conf.sample +++ /dev/null @@ -1,84 +0,0 @@ -## Version 2025/07/18 -# make sure that your tautulli container is named tautulli -# make sure that your dns has a cname set for tautulli - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name tautulli.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app tautulli; - set $upstream_port 8181; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/tautulli)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app tautulli; - set $upstream_port 8181; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/tautulli)?/newsletter { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app tautulli; - set $upstream_port 8181; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/tautulli)?/image { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app tautulli; - set $upstream_port 8181; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/tautulli.subfolder.conf.sample b/custom_configs/tautulli.subfolder.conf.sample deleted file mode 100644 index 55e9eed..0000000 --- a/custom_configs/tautulli.subfolder.conf.sample +++ /dev/null @@ -1,57 +0,0 @@ -## Version 2023/02/05 -# make sure that your tautulli container is named tautulli -# make sure that tautulli is set to work with the base url /tautulli/ -# first go into tautulli settings, under "Web Interface", click on show advanced, set the HTTP root to /tautulli and restart the tautulli container - -location ^~ /tautulli { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app tautulli; - set $upstream_port 8181; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /tautulli/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app tautulli; - set $upstream_port 8181; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /tautulli/newsletter { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app tautulli; - set $upstream_port 8181; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /tautulli/image { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app tautulli; - set $upstream_port 8181; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} diff --git a/custom_configs/themepark.subfolder.conf.sample b/custom_configs/themepark.subfolder.conf.sample deleted file mode 100644 index 6fff1b3..0000000 --- a/custom_configs/themepark.subfolder.conf.sample +++ /dev/null @@ -1,40 +0,0 @@ -## Version 2023/02/05 -# make sure that your theme-park container is named theme-park -# make sure that theme-park is set to work with the base url /theme-park/ -# If you want to change the urlbase update the TP_URLBASE env on the theme-park container. - -location /themepark { - return 301 $scheme://$host/themepark/; -} - -location ^~ /themepark/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # If you don't want to cache the CSS files you can uncomment the lines below. - # add_header Last-Modified $date_gmt; - # add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; - # if_modified_since off; - # expires -1; - # etag off; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - sub_filter_types *; - sub_filter 'url("/css/' 'url("/themepark/css/'; - sub_filter_once off; - set $upstream_app theme-park; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; -} diff --git a/custom_configs/transmission.subdomain.conf.sample b/custom_configs/transmission.subdomain.conf.sample deleted file mode 100644 index 272d0dc..0000000 --- a/custom_configs/transmission.subdomain.conf.sample +++ /dev/null @@ -1,73 +0,0 @@ -## Version 2025/07/18 -# Make sure that DNS has a cname set for transmission -# -# Some Transmission Chrome extensions cannot handle HTTP/2 proxies as they -# rely on the HTTP Status Text to determine if they should add the -# X-Transmission-Session-Id header or not. HTTP/2 does not return this text -# so jQuery responses are empty. This causes RPCs to fail. -# -# If your extension is affected, you can remove http2 from -# /config/nginx/nginx.conf or submit a bug report with the -# extension developer to fix their extensions to support HTTP/2. - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name transmission.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app transmission; - set $upstream_port 9091; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_pass_header X-Transmission-Session-Id; - } - - location ~ (/transmission)?/rpc { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app transmission; - set $upstream_port 9091; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/transmission.subfolder.conf.sample b/custom_configs/transmission.subfolder.conf.sample deleted file mode 100644 index 059eb32..0000000 --- a/custom_configs/transmission.subfolder.conf.sample +++ /dev/null @@ -1,47 +0,0 @@ -## Version 2023/02/05 -# make sure that your transmission container is named transmission -# transmission does not require a base url setting -# -# Some Transmission Chrome extensions cannot handle HTTP/2 proxies as they -# rely on the HTTP Status Text to determine if they should add the -# X-Transmission-Session-Id header or not. HTTP/2 does not return this text -# so jQuery responses are empty. This causes RPCs to fail. -# -# If your extension is affected, you can remove http2 from the default server -# in /config/nginx/site-confs/default or listen on a different port that has -# no http2 servers defined. Better yet, submit a bug report with the -# extension developer to fix their extensions to support HTTP/2. - -location ^~ /transmission { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app transmission; - set $upstream_port 9091; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_pass_header X-Transmission-Session-Id; -} - -location ^~ /transmission/rpc { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app transmission; - set $upstream_port 9091; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} diff --git a/custom_configs/tvheadend.subfolder.conf.sample b/custom_configs/tvheadend.subfolder.conf.sample deleted file mode 100644 index 3b76946..0000000 --- a/custom_configs/tvheadend.subfolder.conf.sample +++ /dev/null @@ -1,44 +0,0 @@ -## Version 2023/02/05 -# make sure that your tvheadend container is named tvheadend -# make sure that tvheadend is set to work with the base url /tvheadend/ -# Before activating this config you need to do two things: -# - enable a setting in the tvheadend web interface -# - change your RUN_OPTS for tvheadend. -# -# You need to enable the setting "PROXY protocol & X-Forwarded For" -# in the tvheadend web interface. This setting can be found in -# "Configuration" -> "General" -> "Base" in the "HTTP Server Settings" Group. -# You need to set the View level to Expert to see it. Once activated, you may need to -# restart your tvheadend container. When testing this config, please be reminded -# that the tvheadend docker can take a very long time to start (>10mins). -# -# For the subfolder to work you also need to edit your tvheadend docker compose / cli config -# and set http_root in RUN_OPTS to tvheadend, e.g. in docker compose: -# - RUN_OPTS= --http_root /tvheadend - -location /tvheadend { - return 301 $scheme://$host/tvheadend/; -} - -location /tvheadend/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - - set $upstream_app tvheadend; - set $upstream_port 9981; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; -} diff --git a/custom_configs/ubooquity.subdomain.conf.sample b/custom_configs/ubooquity.subdomain.conf.sample deleted file mode 100644 index 4438cae..0000000 --- a/custom_configs/ubooquity.subdomain.conf.sample +++ /dev/null @@ -1,84 +0,0 @@ -## Version 2025/07/18 -# make sure that your ubooquity container is named ubooquity -# make sure that your dns has a cname set for ubooquity - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name ubooquity.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app ubooquity; - set $upstream_port 2202; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location /admin { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app ubooquity; - set $upstream_port 2203; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location /admin-res { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app ubooquity; - set $upstream_port 2203; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location /admin-api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app ubooquity; - set $upstream_port 2203; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/ubooquity.subfolder.conf.sample b/custom_configs/ubooquity.subfolder.conf.sample deleted file mode 100644 index b1a6a5b..0000000 --- a/custom_configs/ubooquity.subfolder.conf.sample +++ /dev/null @@ -1,37 +0,0 @@ -## Version 2023/02/05 -# make sure that your ubooquity container is named ubooquity -# make sure that ubooquity is set to work with the base url /ubooquity/ -# set the reverse proxy prefix in the admin gui to ubooquity. - -location ^~ /ubooquity { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app ubooquity; - set $upstream_port 2202; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /ubooquity/admin { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app ubooquity; - set $upstream_port 2203; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} diff --git a/custom_configs/uptime-kuma.subdomain.conf.sample b/custom_configs/uptime-kuma.subdomain.conf.sample deleted file mode 100644 index a0a17d5..0000000 --- a/custom_configs/uptime-kuma.subdomain.conf.sample +++ /dev/null @@ -1,64 +0,0 @@ -## Version 2025/07/18 -# make sure that your uptime-kuma container is named uptime-kuma -# make sure that your dns has a cname set for uptime-kuma - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name uptime-kuma.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app uptime-kuma; - set $upstream_port 3001; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ /(status|assets|icon.svg) { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app uptime-kuma; - set $upstream_port 3001; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/vaultwarden.subdomain.conf.sample b/custom_configs/vaultwarden.subdomain.conf.sample deleted file mode 100644 index 761607b..0000000 --- a/custom_configs/vaultwarden.subdomain.conf.sample +++ /dev/null @@ -1,111 +0,0 @@ -## Version 2025/07/18 -# make sure that your vaultwarden container is named vaultwarden -# make sure that your dns has a cname set for vaultwarden -# if you are using bitwarden (the official image), use the bitwarden conf -# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf -# -# vaultwarden defaults to port 80 and can be changed using the environment variable ROCKET_PORT on the vaultwarden container - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name vaultwarden.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 128M; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app vaultwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ ^(/vaultwarden)?/admin { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - # if you enable admin page via ADMIN_TOKEN env variable - # consider restricting access to LAN only via uncommenting the following lines - #allow 10.0.0.0/8; - #allow 172.16.0.0/12; - #allow 192.168.0.0/16; - #deny all; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app vaultwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/vaultwarden)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app vaultwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/vaultwarden)?/notifications/hub { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app vaultwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/vaultwarden.subfolder.conf.sample b/custom_configs/vaultwarden.subfolder.conf.sample deleted file mode 100644 index f97dc89..0000000 --- a/custom_configs/vaultwarden.subfolder.conf.sample +++ /dev/null @@ -1,87 +0,0 @@ -## Version 2023/11/12 -# make sure that your vaultwarden container is named vaultwarden -# make sure that vaultwarden is set to work with the base url /vaultwarden/ -# if you are using bitwarden (the official image), use the bitwarden conf -# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf -# -# vaultwarden defaults to port 80 and can be changed using the environment variable ROCKET_PORT on the vaultwarden container -# -# Environmental Variable DOMAIN=https:///vaultwarden must be set in vaultwarden container including subfolder. - -location /vaultwarden { - return 301 $scheme://$host/vaultwarden/; -} - -location ^~ /vaultwarden/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app vaultwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ ^(/vaultwarden)?/admin { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # if you enable admin page via ADMIN_TOKEN env variable - # consider restricting access to LAN only via uncommenting the following lines - #allow 10.0.0.0/8; - #allow 172.16.0.0/12; - #allow 192.168.0.0/16; - #deny all; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app vaultwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ (/vaultwarden)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app vaultwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ (/vaultwarden)?/notifications/hub { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app vaultwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - diff --git a/custom_configs/watchstate.subdomain.conf.sample b/custom_configs/watchstate.subdomain.conf.sample deleted file mode 100644 index 5f16843..0000000 --- a/custom_configs/watchstate.subdomain.conf.sample +++ /dev/null @@ -1,66 +0,0 @@ -## Version 2025/07/18 -# make sure that your radarr container is named watchstate -# make sure that your dns has a cname set for watchstate -# the api endpoint is not behind auth, so please make sure to enable -# "Webhook match backend id" in backend settings - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name watchstate.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app watchstate; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ /v1/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app watchstate; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/wikijs.subdomain.conf.sample b/custom_configs/wikijs.subdomain.conf.sample deleted file mode 100644 index 1071ace..0000000 --- a/custom_configs/wikijs.subdomain.conf.sample +++ /dev/null @@ -1,64 +0,0 @@ -## Version 2025/07/18 -# make sure that your wikijs container is named wikijs -# make sure that your dns has a cname set for wikijs - -server { - listen 443 ssl; -# listen 443 quic; - listen [::]:443 ssl; -# listen [::]:443 quic; - - server_name wikijs.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - # enable for Tinyauth (requires tinyauth-location.conf in the location block) - #include /config/nginx/tinyauth-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - # enable for Tinyauth (requires tinyauth-server.conf in the server block) - #include /config/nginx/tinyauth-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app wikijs; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/wikijs)?/graphql { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app wikijs; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/custom_configs/wordpress.subfolder.conf.sample b/custom_configs/wordpress.subfolder.conf.sample deleted file mode 100644 index 6b47885..0000000 --- a/custom_configs/wordpress.subfolder.conf.sample +++ /dev/null @@ -1,28 +0,0 @@ -## Version 2023/02/05 -# make sure that your wordpress container is named wordpress -# make sure that wordpress is set to work with the base url /wordpress/ -# In order to use this location block you need to edit the default file one folder up and comment out the / location as well as the "~ \.php$" location -# tested with the official wordpress docker image - -location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app wordpress; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} diff --git a/custom_configs/youtube-dl.subfolder.conf.sample b/custom_configs/youtube-dl.subfolder.conf.sample deleted file mode 100644 index b07a58f..0000000 --- a/custom_configs/youtube-dl.subfolder.conf.sample +++ /dev/null @@ -1,35 +0,0 @@ -## Version 2023/02/05 -# make sure that your youtube-dl-server container is named youtube-dl-server -# youtube-dl-server does not require a base url setting -# Works with this youtube-dl Fork: https://github.com/nbr23/youtube-dl-server - -location /youtube-dl { - return 301 $scheme://$host/youtube-dl/; -} - -location ^~ /youtube-dl/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app youtube-dl-server; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_set_header Referer ''; - # next line doesn't work with the latest version of: https://github.com/nbr23/youtube-dl-server - # proxy_set_header Host $upstream_app:8080; - rewrite /youtube-dl(.*) $1 break; -} diff --git a/generate_configs.py b/generate_configs.py index 0c0f027..8f81c65 100644 --- a/generate_configs.py +++ b/generate_configs.py @@ -42,7 +42,6 @@ def generate_configs(): lstrip_blocks=True ) subdomain_template = env.get_template('subdomain.conf.j2') - subfolder_template = env.get_template('subfolder.conf.j2') print("Jinja2 templates loaded successfully.") except Exception as e: print(f"ERROR: Failed to load Jinja2 templates from '{TEMPLATE_DIR}': {e}. Exiting.") @@ -59,17 +58,6 @@ def generate_configs(): f.write(rendered_content) print(f" [OK] Generated {filename}") - # Generate templated subfolder configs - print("\n--- Generating Templated Subfolder Configs ---") - subfolder_items = data.get('subfolders', []) - for item in subfolder_items: - filename = f"{item['name']}.subfolder.conf.sample" - output_path = os.path.join(OUTPUT_DIR, filename) - rendered_content = subfolder_template.render(item=item) - with open(output_path, 'w') as f: - f.write(rendered_content) - print(f" [OK] Generated {filename}") - # Copy custom configs print("\n--- Copying Custom Configs ---") if not os.path.isdir(CUSTOM_DIR): @@ -86,17 +74,6 @@ def generate_configs(): else: print(f" [!!] WARNING: Custom config file not found: {source_path}") - # Process custom subfolders - for app_name in data.get('custom', {}).get('subfolders', []): - filename = f"{app_name}.subfolder.conf.sample" - source_path = os.path.join(CUSTOM_DIR, filename) - dest_path = os.path.join(OUTPUT_DIR, filename) - if os.path.exists(source_path): - shutil.copy(source_path, dest_path) - print(f" [OK] Copied {filename}") - else: - print(f" [!!] WARNING: Custom config file not found: {source_path}") - print("\n--- Generation Complete ---") if __name__ == "__main__": diff --git a/templates/subdomain.conf.j2 b/templates/subdomain.conf.j2 index 2b5df86..af958cb 100644 --- a/templates/subdomain.conf.j2 +++ b/templates/subdomain.conf.j2 @@ -68,6 +68,39 @@ server { {% endif %} {% if item.set_x_scheme %} proxy_set_header X-Scheme https; +{% endif %} +{% if item.websockets %} + proxy_buffering off; + proxy_socket_keepalive on; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; + proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; + proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; +{% endif %} +{% if item.proxy_pass_headers %} +{% for header in item.proxy_pass_headers %} + proxy_pass_header {{ header }}; +{% endfor %} +{% endif %} +{% if item.proxy_set_headers %} +{% for header in item.proxy_set_headers %} + proxy_set_header {{ header.key }} {{ header.value }}; +{% endfor %} +{% endif %} +{% if item.proxy_hide_headers %} +{% for header in item.proxy_hide_headers %} + proxy_hide_header {{ header }}; +{% endfor %} +{% endif %} +{% if item.add_headers %} +{% for header in item.add_headers %} + add_header {{ header.key }} "{{ header.value }}"; +{% endfor %} +{% endif %} +{% if item.custom_directives %} +{% for directive in item.custom_directives %} + {{ directive }}; +{% endfor %} {% endif %} } {% if item.api %} @@ -80,4 +113,31 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } {% endif %} +{% if item.extra_locations %} +{% for loc in item.extra_locations %} + location ~ (?:/{{ item.name }})?{{ loc.path }} { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app {{ loc.app | default(item.name) }}; + set $upstream_port {{ loc.port | default(item.port) }}; + set $upstream_proto {% if loc.https %}https{% elif item.https and loc.https is not defined %}https{% else %}http{% endif %}; + proxy_pass $upstream_proto://$upstream_app:$upstream_port{% if loc.proxy_pass_path %}{{ loc.proxy_pass_path }}{% endif %}; +{% if loc.proxy_set_headers %} +{% for header in loc.proxy_set_headers %} + proxy_set_header {{ header.key }} {{ header.value }}; +{% endfor %} +{% endif %} +{% if loc.proxy_hide_headers %} +{% for header in loc.proxy_hide_headers %} + proxy_hide_header {{ header }}; +{% endfor %} +{% endif %} +{% if loc.custom_directives %} +{% for directive in loc.custom_directives %} + {{ directive }}; +{% endfor %} +{% endif %} + } +{% endfor %} +{% endif %} } diff --git a/templates/subfolder.conf.j2 b/templates/subfolder.conf.j2 deleted file mode 100644 index 3e70ab0..0000000 --- a/templates/subfolder.conf.j2 +++ /dev/null @@ -1,49 +0,0 @@ -## Version 2025/08/28 -# make sure that your {{ item.name }} container is named {{ item.name }} -# make sure that {{ item.name }} is set to work with the base url /{{ item.name }}/ - -{% if item.redirect %} -location /{{ item.name }} { - return 301 $scheme://$host/{{ item.name }}/; -} - -location ^~ /{{ item.name }}/ { -{% else %} -location ^~ /{{ item.name }} { -{% endif %} - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app {{ item.name }}; - set $upstream_port {{ item.port }}; - set $upstream_proto {% if item.https %}https{% else %}http{% endif %}; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; -{% if item.rewrite %} - rewrite /{{ item.name }}(.*) $1 break; -{% endif %} -{% if item.buffering_off %} - proxy_buffering off; -{% endif %} -} -{% if item.api %} -location ^~ /{{ item.name }}/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app {{ item.name }}; - set $upstream_port {{ item.port }}; - set $upstream_proto {% if item.https %}https{% else %}http{% endif %}; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; -} -{% endif %}