diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index 00f8489..b5c1825 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4.0.0 + uses: actions/checkout@v4.1.1 - name: Check Allowed File Names run: | diff --git a/bitwarden.subdomain.conf.sample b/bitwarden.subdomain.conf.sample index 4621ec9..0b5eeb9 100644 --- a/bitwarden.subdomain.conf.sample +++ b/bitwarden.subdomain.conf.sample @@ -1,7 +1,10 @@ -## Version 2023/05/31 +## Version 2023/11/12 # make sure that your bitwarden container is named bitwarden # make sure that your dns has a cname set for bitwarden -# set the environment variable WEBSOCKET_ENABLED=true on your bitwarden container +# if you are using bitwarden (the official image), use the bitwarden conf +# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf +# +# bitwarden defaults to port 8080 and can be changed using the environment variable BW_PORT_HTTP on the bitwarden container server { listen 443 ssl http2; @@ -39,7 +42,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; - set $upstream_port 80; + set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; @@ -62,7 +65,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; - set $upstream_port 80; + set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; @@ -72,7 +75,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; - set $upstream_port 80; + set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; @@ -82,17 +85,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; - set $upstream_port 3012; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/bitwarden)?/notifications/hub/negotiate { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 80; + set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; diff --git a/bitwarden.subfolder.conf.sample b/bitwarden.subfolder.conf.sample deleted file mode 100644 index b41a86d..0000000 --- a/bitwarden.subfolder.conf.sample +++ /dev/null @@ -1,86 +0,0 @@ -## Version 2023/02/13 -# make sure that your bitwarden container is named bitwarden -# make sure that bitwarden is set to work with the base url /bitwarden/ -## Environmental Variable DOMAIN=https:///bitwarden must be set in bitwarden container including subfolder. -## This is using ports 80 and 3012 - -location /bitwarden { - return 301 $scheme://$host/bitwarden/; -} - -location ^~ /bitwarden/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ (/bitwarden)?/admin { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ (/bitwarden)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ (/bitwarden)?/notifications/hub { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 3012; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ (/bitwarden)?/notifications/hub/negotiate { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - diff --git a/grampsweb.subdomain.conf.sample b/grampsweb.subdomain.conf.sample new file mode 100644 index 0000000..6d77c7a --- /dev/null +++ b/grampsweb.subdomain.conf.sample @@ -0,0 +1,56 @@ +## Version 2023/10/15 +# make sure that your grampsweb container is named grampsweb +# make sure that your dns has a cname set for grampsweb + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name grampsweb.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 500m; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app grampsweb; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/grampsweb)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app grampsweb; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/homebox.subdomain.conf.sample b/homebox.subdomain.conf.sample new file mode 100644 index 0000000..8b5597b --- /dev/null +++ b/homebox.subdomain.conf.sample @@ -0,0 +1,56 @@ +## Version 2023/10/21 +# make sure that your homebox container is named homebox +# make sure that your dns has a cname set for homebox + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name homebox.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app homebox; + set $upstream_port 7745; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/homebox)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app homebox; + set $upstream_port 7745; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/immich.subdomain.conf.sample b/immich.subdomain.conf.sample new file mode 100644 index 0000000..bda5f62 --- /dev/null +++ b/immich.subdomain.conf.sample @@ -0,0 +1,57 @@ +## Version 2023/11/26 +# make sure that your immich container is named immich +# make sure that your dns has a cname set for immich +# immich v1.88+ only + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name immich.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app immich-server; + set $upstream_port 3001; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/immich)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app immich-server; + set $upstream_port 3001; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/komga.subdomain.conf.sample b/komga.subdomain.conf.sample index 2cec3ba..6cf2191 100644 --- a/komga.subdomain.conf.sample +++ b/komga.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/05/31 +## Version 2023/09/05 # make sure that your komga container is named komga # make sure that your dns has a cname set for komga @@ -38,7 +38,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app komga; - set $upstream_port 8080; + set $upstream_port 25600; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; @@ -48,7 +48,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app komga; - set $upstream_port 8080; + set $upstream_port 25600; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; diff --git a/komga.subfolder.conf.sample b/komga.subfolder.conf.sample index 7cd97d7..f9e60d6 100644 --- a/komga.subfolder.conf.sample +++ b/komga.subfolder.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/05 +## Version 2023/09/05 # make sure that your komga container is named komga # make sure that komga is set to work with the base url /komga/ # First make sure your Container has set an Baseurl set via docker-compose File "envirnoment: SERVER_SERVLET_CONTEXT_PATH=/komga" and recreate the container. @@ -24,7 +24,7 @@ location ^~ /komga/ { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app komga; - set $upstream_port 8080 ; + set $upstream_port 25600 ; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; @@ -34,7 +34,7 @@ location ^~ /komga/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app komga; - set $upstream_port 8080; + set $upstream_port 25600; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } diff --git a/linkace.subdomain.conf.sample b/linkace.subdomain.conf.sample new file mode 100644 index 0000000..884da71 --- /dev/null +++ b/linkace.subdomain.conf.sample @@ -0,0 +1,46 @@ +## Version 2023/09/29 +# make sure that your linkace container is named linkace +# make sure that your dns has a cname set for linkace +# use linkace:simple package with included proxy + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name linkace.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app linkace; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} \ No newline at end of file diff --git a/mealie.subdomain.conf.sample b/mealie.subdomain.conf.sample index 5a5b77a..9ba52ff 100644 --- a/mealie.subdomain.conf.sample +++ b/mealie.subdomain.conf.sample @@ -37,7 +37,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app mealie; - set $upstream_port 80; + set $upstream_port 9000; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; diff --git a/nocodb.subdomain.conf.sample b/nocodb.subdomain.conf.sample new file mode 100644 index 0000000..26e877b --- /dev/null +++ b/nocodb.subdomain.conf.sample @@ -0,0 +1,45 @@ +## Version 2023/09/28 +# make sure that your nocodb container is named nocodb +# make sure that your dns has a cname set for nocodb + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name nocodb.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app nocodb; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/phoneinfoga.subdomain.conf.sample b/phoneinfoga.subdomain.conf.sample new file mode 100644 index 0000000..ea0fd0c --- /dev/null +++ b/phoneinfoga.subdomain.conf.sample @@ -0,0 +1,46 @@ +## Version 2023/11/30 +# make sure that your phoneinfoga container is named phoneinfoga +# make sure that your dns has a cname set for phoneinfoga +# add command: 'serve' to your docker compose, so the PhoneInfoga web server starts + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name phoneinfoga.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app phoneinfoga; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/prowlarr.subdomain.conf.sample b/prowlarr.subdomain.conf.sample index f54cf54..1162da7 100644 --- a/prowlarr.subdomain.conf.sample +++ b/prowlarr.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/05/31 +## Version 2023/09/13 # make sure that your prowlarr container is named prowlarr # make sure that your dns has a cname set for prowlarr @@ -51,4 +51,14 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + + location ~ (/prowlarr)?(/[0-9]+)?/download { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app prowlarr; + set $upstream_port 9696; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } } diff --git a/prowlarr.subfolder.conf.sample b/prowlarr.subfolder.conf.sample index b67d44e..cb37349 100644 --- a/prowlarr.subfolder.conf.sample +++ b/prowlarr.subfolder.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/05 +## Version 2023/09/13 # make sure that your prowlarr container is named prowlarr # make sure that prowlarr is set to work with the base url /prowlarr/ @@ -34,3 +34,13 @@ location ~ /prowlarr(/[0-9]+)?/api { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + +location ~ /prowlarr(/[0-9]+)?/download { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app prowlarr; + set $upstream_port 9696; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/qbittorrent.subdomain.conf.sample b/qbittorrent.subdomain.conf.sample index 6bb63b6..4dd6135 100644 --- a/qbittorrent.subdomain.conf.sample +++ b/qbittorrent.subdomain.conf.sample @@ -1,6 +1,14 @@ -## Version 2023/05/31 +## Version 2023/10/10 # make sure that your qbittorrent container is named qbittorrent # make sure that your dns has a cname set for qbittorrent +# Api and related location bypasses are now commented out by default +# due to users easily misconfiguring qbittorrent to allow +# public access through the api endpoint by including SWAG in +# "Bypass authentication for clients in whitelisted IP subnets", +# which results in all connections through SWAG to be considered +# local and bypassing auth, which also applies to qbittorrent's +# api endpoint (webui api) +# enable at your own risk server { listen 443 ssl http2; @@ -47,93 +55,108 @@ server { proxy_set_header X-Forwarded-Host $host; } - location ~ (/qbittorrent)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # location ~ (/qbittorrent)?/api { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; + # rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } - location ~ (/qbittorrent)?/command { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # location ~ (/qbittorrent)?/command { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; + # rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } - location ~ (/qbittorrent)?/query { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # location ~ (/qbittorrent)?/css { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; + # rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } - location ~ (/qbittorrent)?/login { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # location ~ (/qbittorrent)?/query { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; + # rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } - location ~ (/qbittorrent)?/sync { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # location ~ (/qbittorrent)?/login { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; + # rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } - location ~ (/qbittorrent)?/scripts { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # location ~ (/qbittorrent)?/sync { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; + # rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } + + # location ~ (/qbittorrent)?/scripts { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # rewrite /qbittorrent(.*) $1 break; + + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } } diff --git a/qbittorrent.subfolder.conf.sample b/qbittorrent.subfolder.conf.sample index bd56047..d0bd429 100644 --- a/qbittorrent.subfolder.conf.sample +++ b/qbittorrent.subfolder.conf.sample @@ -1,6 +1,14 @@ -## Version 2023/02/05 +## Version 2023/10/10 # make sure that your qbittorrent container is named qbittorrent # qbittorrent does not require a base url setting +# Api and related location bypasses are now commented out by default +# due to users easily misconfiguring qbittorrent to allow +# public access through the api endpoint by including SWAG in +# "Bypass authentication for clients in whitelisted IP subnets", +# which results in all connections through SWAG to be considered +# local and bypassing auth, which also applies to qbittorrent's +# api endpoint (webui api) +# enable at your own risk location /qbittorrent { return 301 $scheme://$host/qbittorrent/; @@ -34,92 +42,107 @@ location ^~ /qbittorrent/ { proxy_set_header X-Forwarded-Host $host; } -location ^~ /qbittorrent/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; +# location ^~ /qbittorrent/api { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; +# rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } -location ^~ /qbittorrent/command { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; +# location ^~ /qbittorrent/command { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; +# rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } -location ^~ /qbittorrent/query { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; +# location ^~ /qbittorrent/css { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; +# rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } -location ^~ /qbittorrent/login { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; +# location ^~ /qbittorrent/query { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; +# rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } -location ^~ /qbittorrent/sync { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; +# location ^~ /qbittorrent/login { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; +# rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } -location ^~ /qbittorrent/scripts { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; +# location ^~ /qbittorrent/sync { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; +# rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } + +# location ^~ /qbittorrent/scripts { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +# rewrite /qbittorrent(.*) $1 break; + +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } diff --git a/storm.subdomain.conf.sample b/storm.subdomain.conf.sample new file mode 100644 index 0000000..e112dde --- /dev/null +++ b/storm.subdomain.conf.sample @@ -0,0 +1,51 @@ +## Version 2023/02/05 +# reverse proxy config for a modern deluge interface named storm +# https://github.com/relvacode/storm +# make sure that your storm container is named storm +# make sure that your dns has a cname set for storm + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name storm.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app storm; + set $upstream_port 8221; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + + } + + +} diff --git a/unifi-network-application.subdomain.conf.sample b/unifi-network-application.subdomain.conf.sample index cc0c67f..0d77afc 100644 --- a/unifi-network-application.subdomain.conf.sample +++ b/unifi-network-application.subdomain.conf.sample @@ -3,6 +3,7 @@ # make sure that your dns has a cname set for unifi # NOTE: If you use the proxy_cookie_path setting in proxy.conf you need to remove HTTPOnly; # ex: proxy_cookie_path / "/; Secure"; +# change $upstream_port to 443 if connecting to a Unifi Cloud Key server { listen 443 ssl http2; diff --git a/vaultwarden.subdomain.conf.sample b/vaultwarden.subdomain.conf.sample index 475d84c..a7ac06d 100644 --- a/vaultwarden.subdomain.conf.sample +++ b/vaultwarden.subdomain.conf.sample @@ -1,7 +1,10 @@ -## Version 2023/05/31 +## Version 2023/11/12 # make sure that your vaultwarden container is named vaultwarden # make sure that your dns has a cname set for vaultwarden -# set the environment variable WEBSOCKET_ENABLED=true on your vaultwarden container +# if you are using bitwarden (the official image), use the bitwarden conf +# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf +# +# vaultwarden defaults to port 80 and can be changed using the environment variable ROCKET_PORT on the vaultwarden container server { listen 443 ssl http2; @@ -79,16 +82,6 @@ server { } location ~ (/vaultwarden)?/notifications/hub { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app vaultwarden; - set $upstream_port 3012; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - - location ~ (/vaultwarden)?/notifications/hub/negotiate { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; diff --git a/vaultwarden.subfolder.conf.sample b/vaultwarden.subfolder.conf.sample index 85aedfe..2bba167 100644 --- a/vaultwarden.subfolder.conf.sample +++ b/vaultwarden.subfolder.conf.sample @@ -1,8 +1,12 @@ -## Version 2023/03/27 +## Version 2023/11/12 # make sure that your vaultwarden container is named vaultwarden # make sure that vaultwarden is set to work with the base url /vaultwarden/ -## Environmental Variable DOMAIN=https:///vaultwarden must be set in vaultwarden container including subfolder. -## This is using ports 80 and 3012 +# if you are using bitwarden (the official image), use the bitwarden conf +# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf +# +# vaultwarden defaults to port 80 and can be changed using the environment variable ROCKET_PORT on the vaultwarden container +# +# Environmental Variable DOMAIN=https:///vaultwarden must be set in vaultwarden container including subfolder. location /vaultwarden { return 301 $scheme://$host/vaultwarden/; @@ -65,16 +69,6 @@ location ~ (/vaultwarden)?/api { } location ~ (/vaultwarden)?/notifications/hub { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app vaultwarden; - set $upstream_port 3012; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ (/vaultwarden)?/notifications/hub/negotiate { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; diff --git a/your-spotify-api.subdomain.conf.sample b/your-spotify-api.subdomain.conf.sample new file mode 100644 index 0000000..2ebba5a --- /dev/null +++ b/your-spotify-api.subdomain.conf.sample @@ -0,0 +1,51 @@ +## Version 2023/10/17 +# https://github.com/Yooooomi/your_spotify +# this is not a standalone config, it requires configured your-spotify web container for full functionality. +# it uses server URLs for api callbacks, thus a server is required +# make sure that your YourSpotify api container is named your-spotify-server +# make sure that your dns has a cname set for your-spotify-server +# do not forget to finish configuration following instructions in apps repository. API_ENDPOINT=https://your-spotify-server.[your domain]. + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name your-spotify-server.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app your-spotify-server; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + +} \ No newline at end of file diff --git a/your-spotify.subdomain.conf.sample b/your-spotify.subdomain.conf.sample new file mode 100644 index 0000000..e698f22 --- /dev/null +++ b/your-spotify.subdomain.conf.sample @@ -0,0 +1,53 @@ +## Version 2023/10/17 +# https://github.com/Yooooomi/your_spotify +# this is not a standalone config, it requires configured your-spotify api container for full functionality. +# it uses server URLs for api callbacks, thus a server is required +# make sure that your YourSpotify web container is named your-spotify-web +# make sure that your dns has a cname set for your-spotify +# do not forget to finish configuration following instructions in apps repository. CLIENT_ENDPOINT=https://your-spotify.[your domain] + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name your-spotify.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app your-spotify-web; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + +} + +