Files
2025-09-01 17:28:36 -04:00

144 lines
5.0 KiB
Django/Jinja

## Version 2025/08/28
# make sure that your {{ item.name }} container is named {{ item.name }}
# make sure that your dns has a cname set for {{ item.name }}
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name {{ item.name }}.*;
include /config/nginx/ssl.conf;
client_max_body_size {{ item.client_max_body_size | default('0') }};
{% if item.proxy_redirect_off %}
proxy_redirect off;
{% endif %}
{% if item.buffering_off %}
proxy_buffering off;
{% endif %}
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app {{ item.name }};
set $upstream_port {{ item.port }};
set $upstream_proto {% if item.https %}https{% else %}http{% endif %};
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
{% if item.hide_xframe %}
proxy_hide_header X-Frame-Options;
{% endif %}
{% if item.iframe_friendly %}
# Uncomment to allow loading in an iframe (i.e. Organizr)
#proxy_hide_header X-Frame-Options;
{% endif %}
{% if item.hide_x_forwarded_port %}
# Hide proxy port to prevent CSRF errors
proxy_hide_header X-Forwarded-Port;
{% endif %}
{% if item.set_x_scheme %}
proxy_set_header X-Scheme https;
{% endif %}
{% if item.websockets %}
proxy_buffering off;
proxy_socket_keepalive on;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
{% endif %}
{% if item.proxy_pass_headers %}
{% for header in item.proxy_pass_headers %}
proxy_pass_header {{ header }};
{% endfor %}
{% endif %}
{% if item.proxy_set_headers %}
{% for header in item.proxy_set_headers %}
proxy_set_header {{ header.key }} {{ header.value }};
{% endfor %}
{% endif %}
{% if item.proxy_hide_headers %}
{% for header in item.proxy_hide_headers %}
proxy_hide_header {{ header }};
{% endfor %}
{% endif %}
{% if item.add_headers %}
{% for header in item.add_headers %}
add_header {{ header.key }} "{{ header.value }}";
{% endfor %}
{% endif %}
{% if item.custom_directives %}
{% for directive in item.custom_directives %}
{{ directive }};
{% endfor %}
{% endif %}
}
{% if item.api %}
location ~ (?:/{{ item.name }})?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app {{ item.name }};
set $upstream_port {{ item.port }};
set $upstream_proto {% if item.https %}https{% else %}http{% endif %};
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
{% endif %}
{% if item.extra_locations %}
{% for loc in item.extra_locations %}
location ~ (?:/{{ item.name }})?{{ loc.path }} {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app {{ loc.app | default(item.name) }};
set $upstream_port {{ loc.port | default(item.port) }};
set $upstream_proto {% if loc.https %}https{% elif item.https and loc.https is not defined %}https{% else %}http{% endif %};
proxy_pass $upstream_proto://$upstream_app:$upstream_port{% if loc.proxy_pass_path %}{{ loc.proxy_pass_path }}{% endif %};
{% if loc.proxy_set_headers %}
{% for header in loc.proxy_set_headers %}
proxy_set_header {{ header.key }} {{ header.value }};
{% endfor %}
{% endif %}
{% if loc.proxy_hide_headers %}
{% for header in loc.proxy_hide_headers %}
proxy_hide_header {{ header }};
{% endfor %}
{% endif %}
{% if loc.custom_directives %}
{% for directive in loc.custom_directives %}
{{ directive }};
{% endfor %}
{% endif %}
}
{% endfor %}
{% endif %}
}