mirror of
https://github.com/linuxserver/reverse-proxy-confs.git
synced 2026-07-11 19:12:32 +02:00
144 lines
5.0 KiB
Django/Jinja
144 lines
5.0 KiB
Django/Jinja
## Version 2025/08/28
|
|
# make sure that your {{ item.name }} container is named {{ item.name }}
|
|
# make sure that your dns has a cname set for {{ item.name }}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
# listen 443 quic;
|
|
listen [::]:443 ssl;
|
|
# listen [::]:443 quic;
|
|
|
|
server_name {{ item.name }}.*;
|
|
|
|
include /config/nginx/ssl.conf;
|
|
|
|
client_max_body_size {{ item.client_max_body_size | default('0') }};
|
|
{% if item.proxy_redirect_off %}
|
|
proxy_redirect off;
|
|
{% endif %}
|
|
{% if item.buffering_off %}
|
|
proxy_buffering off;
|
|
{% endif %}
|
|
|
|
# enable for ldap auth (requires ldap-location.conf in the location block)
|
|
#include /config/nginx/ldap-server.conf;
|
|
|
|
# enable for Authelia (requires authelia-location.conf in the location block)
|
|
#include /config/nginx/authelia-server.conf;
|
|
|
|
# enable for Authentik (requires authentik-location.conf in the location block)
|
|
#include /config/nginx/authentik-server.conf;
|
|
|
|
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
|
|
#include /config/nginx/tinyauth-server.conf;
|
|
|
|
location / {
|
|
# enable the next two lines for http auth
|
|
#auth_basic "Restricted";
|
|
#auth_basic_user_file /config/nginx/.htpasswd;
|
|
|
|
# enable for ldap auth (requires ldap-server.conf in the server block)
|
|
#include /config/nginx/ldap-location.conf;
|
|
|
|
# enable for Authelia (requires authelia-server.conf in the server block)
|
|
#include /config/nginx/authelia-location.conf;
|
|
|
|
# enable for Authentik (requires authentik-server.conf in the server block)
|
|
#include /config/nginx/authentik-location.conf;
|
|
|
|
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
|
|
#include /config/nginx/tinyauth-location.conf;
|
|
|
|
include /config/nginx/proxy.conf;
|
|
include /config/nginx/resolver.conf;
|
|
set $upstream_app {{ item.name }};
|
|
set $upstream_port {{ item.port }};
|
|
set $upstream_proto {% if item.https %}https{% else %}http{% endif %};
|
|
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
|
|
{% if item.hide_xframe %}
|
|
proxy_hide_header X-Frame-Options;
|
|
{% endif %}
|
|
{% if item.iframe_friendly %}
|
|
# Uncomment to allow loading in an iframe (i.e. Organizr)
|
|
#proxy_hide_header X-Frame-Options;
|
|
{% endif %}
|
|
{% if item.hide_x_forwarded_port %}
|
|
# Hide proxy port to prevent CSRF errors
|
|
proxy_hide_header X-Forwarded-Port;
|
|
{% endif %}
|
|
{% if item.set_x_scheme %}
|
|
proxy_set_header X-Scheme https;
|
|
{% endif %}
|
|
{% if item.websockets %}
|
|
proxy_buffering off;
|
|
proxy_socket_keepalive on;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
|
|
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
|
|
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
|
|
{% endif %}
|
|
{% if item.proxy_pass_headers %}
|
|
{% for header in item.proxy_pass_headers %}
|
|
proxy_pass_header {{ header }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if item.proxy_set_headers %}
|
|
{% for header in item.proxy_set_headers %}
|
|
proxy_set_header {{ header.key }} {{ header.value }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if item.proxy_hide_headers %}
|
|
{% for header in item.proxy_hide_headers %}
|
|
proxy_hide_header {{ header }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if item.add_headers %}
|
|
{% for header in item.add_headers %}
|
|
add_header {{ header.key }} "{{ header.value }}";
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if item.custom_directives %}
|
|
{% for directive in item.custom_directives %}
|
|
{{ directive }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
}
|
|
{% if item.api %}
|
|
location ~ (?:/{{ item.name }})?/api {
|
|
include /config/nginx/proxy.conf;
|
|
include /config/nginx/resolver.conf;
|
|
set $upstream_app {{ item.name }};
|
|
set $upstream_port {{ item.port }};
|
|
set $upstream_proto {% if item.https %}https{% else %}http{% endif %};
|
|
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
|
|
}
|
|
{% endif %}
|
|
{% if item.extra_locations %}
|
|
{% for loc in item.extra_locations %}
|
|
location ~ (?:/{{ item.name }})?{{ loc.path }} {
|
|
include /config/nginx/proxy.conf;
|
|
include /config/nginx/resolver.conf;
|
|
set $upstream_app {{ loc.app | default(item.name) }};
|
|
set $upstream_port {{ loc.port | default(item.port) }};
|
|
set $upstream_proto {% if loc.https %}https{% elif item.https and loc.https is not defined %}https{% else %}http{% endif %};
|
|
proxy_pass $upstream_proto://$upstream_app:$upstream_port{% if loc.proxy_pass_path %}{{ loc.proxy_pass_path }}{% endif %};
|
|
{% if loc.proxy_set_headers %}
|
|
{% for header in loc.proxy_set_headers %}
|
|
proxy_set_header {{ header.key }} {{ header.value }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if loc.proxy_hide_headers %}
|
|
{% for header in loc.proxy_hide_headers %}
|
|
proxy_hide_header {{ header }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if loc.custom_directives %}
|
|
{% for directive in loc.custom_directives %}
|
|
{{ directive }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
}
|
|
{% endfor %}
|
|
{% endif %}
|
|
}
|