From d4fced1198d26bc0f69ffaa628774c09b5f3dd4b Mon Sep 17 00:00:00 2001 From: adepssimius Date: Wed, 14 Jun 2023 22:06:43 -0400 Subject: [PATCH 01/31] Add support for custom themes in qBittorrent --- qbittorrent.subdomain.conf.sample | 15 +++++++++++++++ qbittorrent.subfolder.conf.sample | 15 +++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/qbittorrent.subdomain.conf.sample b/qbittorrent.subdomain.conf.sample index 6bb63b6..bdf44f1 100644 --- a/qbittorrent.subdomain.conf.sample +++ b/qbittorrent.subdomain.conf.sample @@ -136,4 +136,19 @@ server { proxy_set_header Host $upstream_app:$upstream_port; proxy_set_header X-Forwarded-Host $host; } + + location ~ (/qbittorrent)?/css { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app qbittorrent; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /qbittorrent(.*) $1 break; + + proxy_set_header Referer ''; + proxy_set_header Host $upstream_app:$upstream_port; + proxy_set_header X-Forwarded-Host $host; + } } diff --git a/qbittorrent.subfolder.conf.sample b/qbittorrent.subfolder.conf.sample index bd56047..b4756ca 100644 --- a/qbittorrent.subfolder.conf.sample +++ b/qbittorrent.subfolder.conf.sample @@ -123,3 +123,18 @@ location ^~ /qbittorrent/scripts { proxy_set_header Host $upstream_app:$upstream_port; proxy_set_header X-Forwarded-Host $host; } + +location ^~ /qbittorrent/css { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app qbittorrent; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /qbittorrent(.*) $1 break; + + proxy_set_header Referer ''; + proxy_set_header Host $upstream_app:$upstream_port; + proxy_set_header X-Forwarded-Host $host; +} From c0fcbaf5680fc311bc89c0da361f91063a486b69 Mon Sep 17 00:00:00 2001 From: adepssimius Date: Wed, 14 Jun 2023 22:10:02 -0400 Subject: [PATCH 02/31] Update revision dates --- qbittorrent.subdomain.conf.sample | 2 +- qbittorrent.subfolder.conf.sample | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/qbittorrent.subdomain.conf.sample b/qbittorrent.subdomain.conf.sample index bdf44f1..244d3e9 100644 --- a/qbittorrent.subdomain.conf.sample +++ b/qbittorrent.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/05/31 +## Version 2023/06/14 # make sure that your qbittorrent container is named qbittorrent # make sure that your dns has a cname set for qbittorrent diff --git a/qbittorrent.subfolder.conf.sample b/qbittorrent.subfolder.conf.sample index b4756ca..4b55546 100644 --- a/qbittorrent.subfolder.conf.sample +++ b/qbittorrent.subfolder.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/05 +## Version 2023/06/14 # make sure that your qbittorrent container is named qbittorrent # qbittorrent does not require a base url setting From 87fac4e5aa56b9f9040ccfab1706c5f307ffbd82 Mon Sep 17 00:00:00 2001 From: realbuz Date: Tue, 5 Sep 2023 16:45:36 -0400 Subject: [PATCH 03/31] Update komga.subdomain.conf.sample 2023/09/05 docker has recently updated the port to 25600 from 8080 --- komga.subdomain.conf.sample | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/komga.subdomain.conf.sample b/komga.subdomain.conf.sample index 2cec3ba..99b24ff 100644 --- a/komga.subdomain.conf.sample +++ b/komga.subdomain.conf.sample @@ -38,7 +38,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app komga; - set $upstream_port 8080; + set $upstream_port 25600; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; @@ -48,7 +48,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app komga; - set $upstream_port 8080; + set $upstream_port 25600; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; From b205715ad8363ed545e9e3f7727f51c1dd0c4dd3 Mon Sep 17 00:00:00 2001 From: realbuz Date: Tue, 5 Sep 2023 16:46:25 -0400 Subject: [PATCH 04/31] Update komga.subfolder.conf.sample 2023/09/05 docker has recently updated the port to 25600 from 8080 --- komga.subfolder.conf.sample | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/komga.subfolder.conf.sample b/komga.subfolder.conf.sample index 7cd97d7..660812f 100644 --- a/komga.subfolder.conf.sample +++ b/komga.subfolder.conf.sample @@ -24,7 +24,7 @@ location ^~ /komga/ { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app komga; - set $upstream_port 8080 ; + set $upstream_port 25600 ; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; @@ -34,7 +34,7 @@ location ^~ /komga/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app komga; - set $upstream_port 8080; + set $upstream_port 25600; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } From a5729ec502a5582fc1b3a85c2d23b164c8b6a72e Mon Sep 17 00:00:00 2001 From: adepssimius Date: Tue, 5 Sep 2023 20:45:07 -0400 Subject: [PATCH 05/31] Fix alphebetization of routes --- qbittorrent.subdomain.conf.sample | 32 +++++++++++++++---------------- qbittorrent.subfolder.conf.sample | 32 +++++++++++++++---------------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/qbittorrent.subdomain.conf.sample b/qbittorrent.subdomain.conf.sample index 244d3e9..c7c8dd6 100644 --- a/qbittorrent.subdomain.conf.sample +++ b/qbittorrent.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/06/14 +## Version 2023/09/05 # make sure that your qbittorrent container is named qbittorrent # make sure that your dns has a cname set for qbittorrent @@ -77,6 +77,21 @@ server { proxy_set_header X-Forwarded-Host $host; } + location ~ (/qbittorrent)?/css { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app qbittorrent; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /qbittorrent(.*) $1 break; + + proxy_set_header Referer ''; + proxy_set_header Host $upstream_app:$upstream_port; + proxy_set_header X-Forwarded-Host $host; + } + location ~ (/qbittorrent)?/query { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; @@ -136,19 +151,4 @@ server { proxy_set_header Host $upstream_app:$upstream_port; proxy_set_header X-Forwarded-Host $host; } - - location ~ (/qbittorrent)?/css { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } } diff --git a/qbittorrent.subfolder.conf.sample b/qbittorrent.subfolder.conf.sample index 4b55546..a1bc0c6 100644 --- a/qbittorrent.subfolder.conf.sample +++ b/qbittorrent.subfolder.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/06/14 +## Version 2023/09/05 # make sure that your qbittorrent container is named qbittorrent # qbittorrent does not require a base url setting @@ -64,6 +64,21 @@ location ^~ /qbittorrent/command { proxy_set_header X-Forwarded-Host $host; } +location ^~ /qbittorrent/css { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app qbittorrent; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /qbittorrent(.*) $1 break; + + proxy_set_header Referer ''; + proxy_set_header Host $upstream_app:$upstream_port; + proxy_set_header X-Forwarded-Host $host; +} + location ^~ /qbittorrent/query { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; @@ -123,18 +138,3 @@ location ^~ /qbittorrent/scripts { proxy_set_header Host $upstream_app:$upstream_port; proxy_set_header X-Forwarded-Host $host; } - -location ^~ /qbittorrent/css { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /qbittorrent(.*) $1 break; - - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} From a3bfd0d47e1f1de20af94d5aed15e19591aec1f0 Mon Sep 17 00:00:00 2001 From: realbuz Date: Wed, 6 Sep 2023 08:28:44 -0400 Subject: [PATCH 06/31] Update komga.subfolder.conf.sample updated date --- komga.subfolder.conf.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/komga.subfolder.conf.sample b/komga.subfolder.conf.sample index 660812f..f9e60d6 100644 --- a/komga.subfolder.conf.sample +++ b/komga.subfolder.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/05 +## Version 2023/09/05 # make sure that your komga container is named komga # make sure that komga is set to work with the base url /komga/ # First make sure your Container has set an Baseurl set via docker-compose File "envirnoment: SERVER_SERVLET_CONTEXT_PATH=/komga" and recreate the container. From 3fc3fd9cb674964be2f543aeb0b8da70a15e9bcd Mon Sep 17 00:00:00 2001 From: realbuz Date: Wed, 6 Sep 2023 08:30:28 -0400 Subject: [PATCH 07/31] Update komga.subdomain.conf.sample updated date --- komga.subdomain.conf.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/komga.subdomain.conf.sample b/komga.subdomain.conf.sample index 99b24ff..6cf2191 100644 --- a/komga.subdomain.conf.sample +++ b/komga.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/05/31 +## Version 2023/09/05 # make sure that your komga container is named komga # make sure that your dns has a cname set for komga From 5096bccce99dded7e777351d9fee0fba862efb53 Mon Sep 17 00:00:00 2001 From: PrivatePasta <63346955+PrivatePasta@users.noreply.github.com> Date: Wed, 13 Sep 2023 17:51:37 +0530 Subject: [PATCH 08/31] Update prowlarr.subfolder.conf.sample Downloads through Radarr seems to make requests to Prowlarr at /download instead of /api. In the old config, if the Authelia config is enabled, these /download requests would be blocked by Authelia --- prowlarr.subfolder.conf.sample | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/prowlarr.subfolder.conf.sample b/prowlarr.subfolder.conf.sample index b67d44e..cb37349 100644 --- a/prowlarr.subfolder.conf.sample +++ b/prowlarr.subfolder.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/05 +## Version 2023/09/13 # make sure that your prowlarr container is named prowlarr # make sure that prowlarr is set to work with the base url /prowlarr/ @@ -34,3 +34,13 @@ location ~ /prowlarr(/[0-9]+)?/api { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + +location ~ /prowlarr(/[0-9]+)?/download { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app prowlarr; + set $upstream_port 9696; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} From b6cc0482a9ffdb8d206312ee93905b6f5f3c8b47 Mon Sep 17 00:00:00 2001 From: PrivatePasta <63346955+PrivatePasta@users.noreply.github.com> Date: Sun, 17 Sep 2023 02:48:46 +0530 Subject: [PATCH 09/31] Update prowlarr.subdomain.conf.sample with /download endpoint --- prowlarr.subdomain.conf.sample | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/prowlarr.subdomain.conf.sample b/prowlarr.subdomain.conf.sample index f54cf54..b6dc5a4 100644 --- a/prowlarr.subdomain.conf.sample +++ b/prowlarr.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/05/31 +## Version 2023/09/13 # make sure that your prowlarr container is named prowlarr # make sure that your dns has a cname set for prowlarr @@ -51,4 +51,14 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + + location ~ /prowlarr(/[0-9]+)?/download { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app prowlarr; + set $upstream_port 9696; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } } From 663e9c296e3fdf022b8d67f0a43fe7eb182a4bf6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Sep 2023 20:36:16 +0000 Subject: [PATCH 10/31] Bump actions/checkout from 4.0.0 to 4.1.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.0.0...v4.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/check_samples.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index 00f8489..d645f0d 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4.0.0 + uses: actions/checkout@v4.1.0 - name: Check Allowed File Names run: | From 10dc95fcec9baa7b5867cf5e20648d748436adce Mon Sep 17 00:00:00 2001 From: JOnathan duMonT <5204724+JOduMonT@users.noreply.github.com> Date: Thu, 28 Sep 2023 10:57:26 +0200 Subject: [PATCH 11/31] Create nocodb.subdomain.conf.sample --- nocodb.subdomain.conf.sample | 45 ++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 nocodb.subdomain.conf.sample diff --git a/nocodb.subdomain.conf.sample b/nocodb.subdomain.conf.sample new file mode 100644 index 0000000..26e877b --- /dev/null +++ b/nocodb.subdomain.conf.sample @@ -0,0 +1,45 @@ +## Version 2023/09/28 +# make sure that your nocodb container is named nocodb +# make sure that your dns has a cname set for nocodb + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name nocodb.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app nocodb; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} From 2a5ec41cafab7a4ccafddffe73f66f84429858b6 Mon Sep 17 00:00:00 2001 From: Jurrer Date: Fri, 29 Sep 2023 12:57:35 +0000 Subject: [PATCH 12/31] Create linkace.subdomain.conf.sample --- linkace.subdomain.conf.sample | 62 +++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 linkace.subdomain.conf.sample diff --git a/linkace.subdomain.conf.sample b/linkace.subdomain.conf.sample new file mode 100644 index 0000000..6b4f2c7 --- /dev/null +++ b/linkace.subdomain.conf.sample @@ -0,0 +1,62 @@ +## Version 2023/09/29 +# make sure that your linkace container is named linkace +# make sure that your dns has a cname set for linkace +# use linkace:simple package with included proxy + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name linkace.*; + + # enable to indicate to search engines to not index this site + # add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + + # Content security headers for Laravel + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app linkace; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + +} \ No newline at end of file From 2d577f0687eeffb02291d3c07e0af3f8bd8a2e4d Mon Sep 17 00:00:00 2001 From: Jurrer Date: Fri, 29 Sep 2023 13:03:01 +0000 Subject: [PATCH 13/31] Create storm.subdomain.conf.sample --- storm.subdomain.conf.sample | 54 +++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 storm.subdomain.conf.sample diff --git a/storm.subdomain.conf.sample b/storm.subdomain.conf.sample new file mode 100644 index 0000000..1866741 --- /dev/null +++ b/storm.subdomain.conf.sample @@ -0,0 +1,54 @@ +## Version 2023/02/05 +# reverse proxy config for a modern deluge interface named storm +# https://github.com/relvacode/storm +# make sure that your storm container is named storm +# make sure that your dns has a cname set for storm + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name storm.*; + + # enable to indicate to search engines to not index this site + # add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app storm; + set $upstream_port 8221; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + + } + + +} From 4a6acdc792e1934b962518506d5991306b242beb Mon Sep 17 00:00:00 2001 From: Jurrer Date: Fri, 29 Sep 2023 13:21:52 +0000 Subject: [PATCH 14/31] Create your-spotify.subdomain.conf.sample --- your-spotify.subdomain.conf.sample | 102 +++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 your-spotify.subdomain.conf.sample diff --git a/your-spotify.subdomain.conf.sample b/your-spotify.subdomain.conf.sample new file mode 100644 index 0000000..a7bb0ba --- /dev/null +++ b/your-spotify.subdomain.conf.sample @@ -0,0 +1,102 @@ +## Version 2023/09/29 +# https://github.com/Yooooomi/your_spotify +# this app requires separate server and web containers. It uses web and server URLs for api callbacks, thus a double config is required. +# make sure that your YourSpotify client container is named your-spotify-web +# make sure that your YourSpotify server container is named your-spotify-server +# make sure that your dns has a cname set for your-spotify and your-spotify-server +# do not forget to finish configuration following instructions in apps repository. CLIENT_ENDPOINT=https://your-spotify.[your domain]; API_ENDPOINT=https://your-spotify-server.[your domain]. + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name your-spotify.*; + + # enable to indicate to search engines to not index this site + #add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app your-spotify-web; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + +} + + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name your-spotify-server.*; + + # enable to indicate to search engines to not index this site + #add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app your-spotify-server; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + +} \ No newline at end of file From 9d40ac2638e25184009893823ccf6d38b590bb6e Mon Sep 17 00:00:00 2001 From: aptalca <541623+aptalca@users.noreply.github.com> Date: Tue, 10 Oct 2023 16:01:28 -0400 Subject: [PATCH 15/31] comment out api bypass in qbit, add disclaimer --- qbittorrent.subdomain.conf.sample | 178 ++++++++++++++++-------------- qbittorrent.subfolder.conf.sample | 178 ++++++++++++++++-------------- 2 files changed, 186 insertions(+), 170 deletions(-) diff --git a/qbittorrent.subdomain.conf.sample b/qbittorrent.subdomain.conf.sample index c7c8dd6..4dd6135 100644 --- a/qbittorrent.subdomain.conf.sample +++ b/qbittorrent.subdomain.conf.sample @@ -1,6 +1,14 @@ -## Version 2023/09/05 +## Version 2023/10/10 # make sure that your qbittorrent container is named qbittorrent # make sure that your dns has a cname set for qbittorrent +# Api and related location bypasses are now commented out by default +# due to users easily misconfiguring qbittorrent to allow +# public access through the api endpoint by including SWAG in +# "Bypass authentication for clients in whitelisted IP subnets", +# which results in all connections through SWAG to be considered +# local and bypassing auth, which also applies to qbittorrent's +# api endpoint (webui api) +# enable at your own risk server { listen 443 ssl http2; @@ -47,108 +55,108 @@ server { proxy_set_header X-Forwarded-Host $host; } - location ~ (/qbittorrent)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # location ~ (/qbittorrent)?/api { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; + # rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } - location ~ (/qbittorrent)?/command { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # location ~ (/qbittorrent)?/command { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; + # rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } - location ~ (/qbittorrent)?/css { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # location ~ (/qbittorrent)?/css { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; + # rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } - location ~ (/qbittorrent)?/query { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # location ~ (/qbittorrent)?/query { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; + # rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } - location ~ (/qbittorrent)?/login { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # location ~ (/qbittorrent)?/login { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; + # rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } - location ~ (/qbittorrent)?/sync { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # location ~ (/qbittorrent)?/sync { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; + # rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } - location ~ (/qbittorrent)?/scripts { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # location ~ (/qbittorrent)?/scripts { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app qbittorrent; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; + # rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; - } + # proxy_set_header Referer ''; + # proxy_set_header Host $upstream_app:$upstream_port; + # proxy_set_header X-Forwarded-Host $host; + # } } diff --git a/qbittorrent.subfolder.conf.sample b/qbittorrent.subfolder.conf.sample index a1bc0c6..d0bd429 100644 --- a/qbittorrent.subfolder.conf.sample +++ b/qbittorrent.subfolder.conf.sample @@ -1,6 +1,14 @@ -## Version 2023/09/05 +## Version 2023/10/10 # make sure that your qbittorrent container is named qbittorrent # qbittorrent does not require a base url setting +# Api and related location bypasses are now commented out by default +# due to users easily misconfiguring qbittorrent to allow +# public access through the api endpoint by including SWAG in +# "Bypass authentication for clients in whitelisted IP subnets", +# which results in all connections through SWAG to be considered +# local and bypassing auth, which also applies to qbittorrent's +# api endpoint (webui api) +# enable at your own risk location /qbittorrent { return 301 $scheme://$host/qbittorrent/; @@ -34,107 +42,107 @@ location ^~ /qbittorrent/ { proxy_set_header X-Forwarded-Host $host; } -location ^~ /qbittorrent/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; +# location ^~ /qbittorrent/api { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; +# rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } -location ^~ /qbittorrent/command { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; +# location ^~ /qbittorrent/command { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; +# rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } -location ^~ /qbittorrent/css { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; +# location ^~ /qbittorrent/css { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; +# rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } -location ^~ /qbittorrent/query { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; +# location ^~ /qbittorrent/query { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; +# rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } -location ^~ /qbittorrent/login { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; +# location ^~ /qbittorrent/login { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; +# rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } -location ^~ /qbittorrent/sync { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; +# location ^~ /qbittorrent/sync { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; +# rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } -location ^~ /qbittorrent/scripts { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app qbittorrent; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; +# location ^~ /qbittorrent/scripts { +# include /config/nginx/proxy.conf; +# include /config/nginx/resolver.conf; +# set $upstream_app qbittorrent; +# set $upstream_port 8080; +# set $upstream_proto http; +# proxy_pass $upstream_proto://$upstream_app:$upstream_port; - rewrite /qbittorrent(.*) $1 break; +# rewrite /qbittorrent(.*) $1 break; - proxy_set_header Referer ''; - proxy_set_header Host $upstream_app:$upstream_port; - proxy_set_header X-Forwarded-Host $host; -} +# proxy_set_header Referer ''; +# proxy_set_header Host $upstream_app:$upstream_port; +# proxy_set_header X-Forwarded-Host $host; +# } From c924cf20e4c36a6664db334bac2e2d3032784d17 Mon Sep 17 00:00:00 2001 From: Jurrer Date: Sun, 15 Oct 2023 20:37:20 +0200 Subject: [PATCH 16/31] remove unnecessary headers --- linkace.subdomain.conf.sample | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/linkace.subdomain.conf.sample b/linkace.subdomain.conf.sample index 6b4f2c7..bad95ee 100644 --- a/linkace.subdomain.conf.sample +++ b/linkace.subdomain.conf.sample @@ -11,16 +11,6 @@ server { # enable to indicate to search engines to not index this site # add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; - - # Content security headers for Laravel - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Content-Type-Options "nosniff"; - - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - include /config/nginx/ssl.conf; @@ -55,8 +45,5 @@ server { set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } - - } \ No newline at end of file From 12046b8415cf5f97acc7b7be9ed624f0e3ad1c8b Mon Sep 17 00:00:00 2001 From: RagingCub Date: Sun, 15 Oct 2023 16:45:33 -0400 Subject: [PATCH 17/31] Add template for grampsweb --- grampsweb.subdomain.conf.sample | 56 +++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 grampsweb.subdomain.conf.sample diff --git a/grampsweb.subdomain.conf.sample b/grampsweb.subdomain.conf.sample new file mode 100644 index 0000000..e39f442 --- /dev/null +++ b/grampsweb.subdomain.conf.sample @@ -0,0 +1,56 @@ +## Version 2023/10/15 +# make sure that your grampsweb container is named grampsweb +# make sure that your dns has a cname set for grampsweb + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name grampsweb.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 500m; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app grampsweb; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app grampsweb; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From f8fef63a9e6d0667e37e71651f640eb85674970f Mon Sep 17 00:00:00 2001 From: PrivatePasta <63346955+PrivatePasta@users.noreply.github.com> Date: Tue, 17 Oct 2023 18:26:10 +0530 Subject: [PATCH 18/31] Update prowlarr.subdomain.conf.sample Co-authored-by: Eric Nemchik --- prowlarr.subdomain.conf.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prowlarr.subdomain.conf.sample b/prowlarr.subdomain.conf.sample index b6dc5a4..1162da7 100644 --- a/prowlarr.subdomain.conf.sample +++ b/prowlarr.subdomain.conf.sample @@ -52,7 +52,7 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - location ~ /prowlarr(/[0-9]+)?/download { + location ~ (/prowlarr)?(/[0-9]+)?/download { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app prowlarr; From 270a2c77db53a2b6c45e54b3ac6b0dc4386e252e Mon Sep 17 00:00:00 2001 From: Loup Labelle <22670054+RagingCub@users.noreply.github.com> Date: Tue, 17 Oct 2023 09:52:55 -0400 Subject: [PATCH 19/31] Update grampsweb.subdomain.conf.sample Co-authored-by: Eric Nemchik --- grampsweb.subdomain.conf.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grampsweb.subdomain.conf.sample b/grampsweb.subdomain.conf.sample index e39f442..6d77c7a 100644 --- a/grampsweb.subdomain.conf.sample +++ b/grampsweb.subdomain.conf.sample @@ -44,7 +44,7 @@ server { } - location ~ (/)?/api { + location ~ (/grampsweb)?/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app grampsweb; From 0558de6424c43e7713276aa26d4c44ac39a831b2 Mon Sep 17 00:00:00 2001 From: Jurrer Date: Tue, 17 Oct 2023 16:31:09 +0200 Subject: [PATCH 20/31] unify configs, split your-spotify config --- linkace.subdomain.conf.sample | 3 -- storm.subdomain.conf.sample | 3 -- your-spotify-api.subdomain.conf.sample | 51 +++++++++++++++++++++ your-spotify.subdomain.conf.sample | 63 +++----------------------- 4 files changed, 58 insertions(+), 62 deletions(-) create mode 100644 your-spotify-api.subdomain.conf.sample diff --git a/linkace.subdomain.conf.sample b/linkace.subdomain.conf.sample index bad95ee..884da71 100644 --- a/linkace.subdomain.conf.sample +++ b/linkace.subdomain.conf.sample @@ -9,9 +9,6 @@ server { server_name linkace.*; - # enable to indicate to search engines to not index this site - # add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; - include /config/nginx/ssl.conf; client_max_body_size 0; diff --git a/storm.subdomain.conf.sample b/storm.subdomain.conf.sample index 1866741..e112dde 100644 --- a/storm.subdomain.conf.sample +++ b/storm.subdomain.conf.sample @@ -10,9 +10,6 @@ server { server_name storm.*; - # enable to indicate to search engines to not index this site - # add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; - include /config/nginx/ssl.conf; client_max_body_size 0; diff --git a/your-spotify-api.subdomain.conf.sample b/your-spotify-api.subdomain.conf.sample new file mode 100644 index 0000000..2ebba5a --- /dev/null +++ b/your-spotify-api.subdomain.conf.sample @@ -0,0 +1,51 @@ +## Version 2023/10/17 +# https://github.com/Yooooomi/your_spotify +# this is not a standalone config, it requires configured your-spotify web container for full functionality. +# it uses server URLs for api callbacks, thus a server is required +# make sure that your YourSpotify api container is named your-spotify-server +# make sure that your dns has a cname set for your-spotify-server +# do not forget to finish configuration following instructions in apps repository. API_ENDPOINT=https://your-spotify-server.[your domain]. + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name your-spotify-server.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app your-spotify-server; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + +} \ No newline at end of file diff --git a/your-spotify.subdomain.conf.sample b/your-spotify.subdomain.conf.sample index a7bb0ba..e698f22 100644 --- a/your-spotify.subdomain.conf.sample +++ b/your-spotify.subdomain.conf.sample @@ -1,19 +1,16 @@ -## Version 2023/09/29 +## Version 2023/10/17 # https://github.com/Yooooomi/your_spotify -# this app requires separate server and web containers. It uses web and server URLs for api callbacks, thus a double config is required. -# make sure that your YourSpotify client container is named your-spotify-web -# make sure that your YourSpotify server container is named your-spotify-server -# make sure that your dns has a cname set for your-spotify and your-spotify-server -# do not forget to finish configuration following instructions in apps repository. CLIENT_ENDPOINT=https://your-spotify.[your domain]; API_ENDPOINT=https://your-spotify-server.[your domain]. +# this is not a standalone config, it requires configured your-spotify api container for full functionality. +# it uses server URLs for api callbacks, thus a server is required +# make sure that your YourSpotify web container is named your-spotify-web +# make sure that your dns has a cname set for your-spotify +# do not forget to finish configuration following instructions in apps repository. CLIENT_ENDPOINT=https://your-spotify.[your domain] server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name your-spotify.*; - - # enable to indicate to search engines to not index this site - #add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + server_name your-spotify.*; include /config/nginx/ssl.conf; @@ -54,49 +51,3 @@ server { } -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name your-spotify-server.*; - - # enable to indicate to search engines to not index this site - #add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app your-spotify-server; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - -} \ No newline at end of file From faa2926b1f3053248d388bf1cb520c824b7add2e Mon Sep 17 00:00:00 2001 From: jed-cmp Date: Sat, 21 Oct 2023 19:30:19 -0500 Subject: [PATCH 21/31] Add template for homebox --- homebox.subdomain.conf.sample | 56 +++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 homebox.subdomain.conf.sample diff --git a/homebox.subdomain.conf.sample b/homebox.subdomain.conf.sample new file mode 100644 index 0000000..8b5597b --- /dev/null +++ b/homebox.subdomain.conf.sample @@ -0,0 +1,56 @@ +## Version 2023/10/21 +# make sure that your homebox container is named homebox +# make sure that your dns has a cname set for homebox + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name homebox.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app homebox; + set $upstream_port 7745; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/homebox)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app homebox; + set $upstream_port 7745; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From 38e561f369bc7faa2451baa97b24901d0fb4be28 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 20:59:10 +0000 Subject: [PATCH 22/31] Bump actions/checkout from 4.1.0 to 4.1.1 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/check_samples.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index d645f0d..b5c1825 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4.1.0 + uses: actions/checkout@v4.1.1 - name: Check Allowed File Names run: | From f3e8794c7b33bbd1763e6b26a09c08b44a35085b Mon Sep 17 00:00:00 2001 From: Nojwe <46374242+Nojwe@users.noreply.github.com> Date: Wed, 8 Nov 2023 15:21:23 -0500 Subject: [PATCH 23/31] Update unifi-network-application.subdomain.conf.sample Add comment to use port 443 when connecting to a Unifi Cloud Key --- unifi-network-application.subdomain.conf.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unifi-network-application.subdomain.conf.sample b/unifi-network-application.subdomain.conf.sample index cc0c67f..7b17e51 100644 --- a/unifi-network-application.subdomain.conf.sample +++ b/unifi-network-application.subdomain.conf.sample @@ -40,7 +40,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app unifi-network-application; - set $upstream_port 8443; + set $upstream_port 8443; #change to 443 if connecting to a Unifi Cloud Key set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; From f02608e2cf0d5f068cb02e397db2ccf19e4b39df Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 11 Nov 2023 13:36:10 -0600 Subject: [PATCH 24/31] update bitwarden/vaultwarden templates Signed-off-by: Eric Nemchik --- bitwarden.subdomain.conf.sample | 5 ++--- bitwarden.subfolder.conf.sample | 5 ++--- vaultwarden.subdomain.conf.sample | 5 ++--- vaultwarden.subfolder.conf.sample | 5 ++--- 4 files changed, 8 insertions(+), 12 deletions(-) diff --git a/bitwarden.subdomain.conf.sample b/bitwarden.subdomain.conf.sample index 4621ec9..36e14b0 100644 --- a/bitwarden.subdomain.conf.sample +++ b/bitwarden.subdomain.conf.sample @@ -1,7 +1,6 @@ -## Version 2023/05/31 +## Version 2023/11/11 # make sure that your bitwarden container is named bitwarden # make sure that your dns has a cname set for bitwarden -# set the environment variable WEBSOCKET_ENABLED=true on your bitwarden container server { listen 443 ssl http2; @@ -82,7 +81,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; - set $upstream_port 3012; + set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; diff --git a/bitwarden.subfolder.conf.sample b/bitwarden.subfolder.conf.sample index b41a86d..0d11e2b 100644 --- a/bitwarden.subfolder.conf.sample +++ b/bitwarden.subfolder.conf.sample @@ -1,8 +1,7 @@ -## Version 2023/02/13 +## Version 2023/11/11 # make sure that your bitwarden container is named bitwarden # make sure that bitwarden is set to work with the base url /bitwarden/ ## Environmental Variable DOMAIN=https:///bitwarden must be set in bitwarden container including subfolder. -## This is using ports 80 and 3012 location /bitwarden { return 301 $scheme://$host/bitwarden/; @@ -68,7 +67,7 @@ location ~ (/bitwarden)?/notifications/hub { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; - set $upstream_port 3012; + set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; diff --git a/vaultwarden.subdomain.conf.sample b/vaultwarden.subdomain.conf.sample index 475d84c..d7d2087 100644 --- a/vaultwarden.subdomain.conf.sample +++ b/vaultwarden.subdomain.conf.sample @@ -1,7 +1,6 @@ -## Version 2023/05/31 +## Version 2023/11/11 # make sure that your vaultwarden container is named vaultwarden # make sure that your dns has a cname set for vaultwarden -# set the environment variable WEBSOCKET_ENABLED=true on your vaultwarden container server { listen 443 ssl http2; @@ -82,7 +81,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; - set $upstream_port 3012; + set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; diff --git a/vaultwarden.subfolder.conf.sample b/vaultwarden.subfolder.conf.sample index 85aedfe..2a5b8b4 100644 --- a/vaultwarden.subfolder.conf.sample +++ b/vaultwarden.subfolder.conf.sample @@ -1,8 +1,7 @@ -## Version 2023/03/27 +## Version 2023/11/11 # make sure that your vaultwarden container is named vaultwarden # make sure that vaultwarden is set to work with the base url /vaultwarden/ ## Environmental Variable DOMAIN=https:///vaultwarden must be set in vaultwarden container including subfolder. -## This is using ports 80 and 3012 location /vaultwarden { return 301 $scheme://$host/vaultwarden/; @@ -68,7 +67,7 @@ location ~ (/vaultwarden)?/notifications/hub { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; - set $upstream_port 3012; + set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; From 778c764abc6fd30701637c208f2ce329e2d574ce Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 11 Nov 2023 14:06:52 -0600 Subject: [PATCH 25/31] remove unused negotiate endpoint Signed-off-by: Eric Nemchik --- bitwarden.subdomain.conf.sample | 10 ---------- bitwarden.subfolder.conf.sample | 10 ---------- vaultwarden.subdomain.conf.sample | 10 ---------- vaultwarden.subfolder.conf.sample | 10 ---------- 4 files changed, 40 deletions(-) diff --git a/bitwarden.subdomain.conf.sample b/bitwarden.subdomain.conf.sample index 36e14b0..44b939a 100644 --- a/bitwarden.subdomain.conf.sample +++ b/bitwarden.subdomain.conf.sample @@ -86,14 +86,4 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - - location ~ (/bitwarden)?/notifications/hub/negotiate { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } } diff --git a/bitwarden.subfolder.conf.sample b/bitwarden.subfolder.conf.sample index 0d11e2b..b9caeae 100644 --- a/bitwarden.subfolder.conf.sample +++ b/bitwarden.subfolder.conf.sample @@ -73,13 +73,3 @@ location ~ (/bitwarden)?/notifications/hub { } -location ~ (/bitwarden)?/notifications/hub/negotiate { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - diff --git a/vaultwarden.subdomain.conf.sample b/vaultwarden.subdomain.conf.sample index d7d2087..0b82bcd 100644 --- a/vaultwarden.subdomain.conf.sample +++ b/vaultwarden.subdomain.conf.sample @@ -86,14 +86,4 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - - location ~ (/vaultwarden)?/notifications/hub/negotiate { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app vaultwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } } diff --git a/vaultwarden.subfolder.conf.sample b/vaultwarden.subfolder.conf.sample index 2a5b8b4..3b7b3db 100644 --- a/vaultwarden.subfolder.conf.sample +++ b/vaultwarden.subfolder.conf.sample @@ -73,13 +73,3 @@ location ~ (/vaultwarden)?/notifications/hub { } -location ~ (/vaultwarden)?/notifications/hub/negotiate { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app vaultwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - From ddcc002e2b810a04990df8f587695ed6a2b4ad1b Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sun, 12 Nov 2023 10:26:28 -0600 Subject: [PATCH 26/31] clarify correct config for *warden Signed-off-by: Eric Nemchik --- bitwarden.subdomain.conf.sample | 14 +++--- bitwarden.subfolder.conf.sample | 75 ------------------------------- vaultwarden.subdomain.conf.sample | 6 ++- vaultwarden.subfolder.conf.sample | 9 +++- 4 files changed, 21 insertions(+), 83 deletions(-) delete mode 100644 bitwarden.subfolder.conf.sample diff --git a/bitwarden.subdomain.conf.sample b/bitwarden.subdomain.conf.sample index 44b939a..0b5eeb9 100644 --- a/bitwarden.subdomain.conf.sample +++ b/bitwarden.subdomain.conf.sample @@ -1,6 +1,10 @@ -## Version 2023/11/11 +## Version 2023/11/12 # make sure that your bitwarden container is named bitwarden # make sure that your dns has a cname set for bitwarden +# if you are using bitwarden (the official image), use the bitwarden conf +# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf +# +# bitwarden defaults to port 8080 and can be changed using the environment variable BW_PORT_HTTP on the bitwarden container server { listen 443 ssl http2; @@ -38,7 +42,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; - set $upstream_port 80; + set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; @@ -61,7 +65,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; - set $upstream_port 80; + set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; @@ -71,7 +75,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; - set $upstream_port 80; + set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; @@ -81,7 +85,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; - set $upstream_port 80; + set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; diff --git a/bitwarden.subfolder.conf.sample b/bitwarden.subfolder.conf.sample deleted file mode 100644 index b9caeae..0000000 --- a/bitwarden.subfolder.conf.sample +++ /dev/null @@ -1,75 +0,0 @@ -## Version 2023/11/11 -# make sure that your bitwarden container is named bitwarden -# make sure that bitwarden is set to work with the base url /bitwarden/ -## Environmental Variable DOMAIN=https:///bitwarden must be set in bitwarden container including subfolder. - -location /bitwarden { - return 301 $scheme://$host/bitwarden/; -} - -location ^~ /bitwarden/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ (/bitwarden)?/admin { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ (/bitwarden)?/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ~ (/bitwarden)?/notifications/hub { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app bitwarden; - set $upstream_port 80; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - diff --git a/vaultwarden.subdomain.conf.sample b/vaultwarden.subdomain.conf.sample index 0b82bcd..a7ac06d 100644 --- a/vaultwarden.subdomain.conf.sample +++ b/vaultwarden.subdomain.conf.sample @@ -1,6 +1,10 @@ -## Version 2023/11/11 +## Version 2023/11/12 # make sure that your vaultwarden container is named vaultwarden # make sure that your dns has a cname set for vaultwarden +# if you are using bitwarden (the official image), use the bitwarden conf +# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf +# +# vaultwarden defaults to port 80 and can be changed using the environment variable ROCKET_PORT on the vaultwarden container server { listen 443 ssl http2; diff --git a/vaultwarden.subfolder.conf.sample b/vaultwarden.subfolder.conf.sample index 3b7b3db..2bba167 100644 --- a/vaultwarden.subfolder.conf.sample +++ b/vaultwarden.subfolder.conf.sample @@ -1,7 +1,12 @@ -## Version 2023/11/11 +## Version 2023/11/12 # make sure that your vaultwarden container is named vaultwarden # make sure that vaultwarden is set to work with the base url /vaultwarden/ -## Environmental Variable DOMAIN=https:///vaultwarden must be set in vaultwarden container including subfolder. +# if you are using bitwarden (the official image), use the bitwarden conf +# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf +# +# vaultwarden defaults to port 80 and can be changed using the environment variable ROCKET_PORT on the vaultwarden container +# +# Environmental Variable DOMAIN=https:///vaultwarden must be set in vaultwarden container including subfolder. location /vaultwarden { return 301 $scheme://$host/vaultwarden/; From 009129adccecb273dab66e7ccf0dc3743689449f Mon Sep 17 00:00:00 2001 From: Nojwe <46374242+Nojwe@users.noreply.github.com> Date: Sun, 12 Nov 2023 20:35:52 -0500 Subject: [PATCH 27/31] Update unifi-network-application.subdomain.conf.sample --- unifi-network-application.subdomain.conf.sample | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/unifi-network-application.subdomain.conf.sample b/unifi-network-application.subdomain.conf.sample index 7b17e51..c6fea4d 100644 --- a/unifi-network-application.subdomain.conf.sample +++ b/unifi-network-application.subdomain.conf.sample @@ -3,6 +3,7 @@ # make sure that your dns has a cname set for unifi # NOTE: If you use the proxy_cookie_path setting in proxy.conf you need to remove HTTPOnly; # ex: proxy_cookie_path / "/; Secure"; +# change $upstream_port to 443 if connecting to a Unifi Cloud Key server { listen 443 ssl http2; @@ -40,7 +41,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app unifi-network-application; - set $upstream_port 8443; #change to 443 if connecting to a Unifi Cloud Key + set $upstream_port 8443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; From 0c9f2b47f86ee0b7142cfe4e381f1e69ca73efca Mon Sep 17 00:00:00 2001 From: driz <40674481+drizuid@users.noreply.github.com> Date: Tue, 14 Nov 2023 11:20:05 -0500 Subject: [PATCH 28/31] Update mealie.subdomain.conf.sample --- mealie.subdomain.conf.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mealie.subdomain.conf.sample b/mealie.subdomain.conf.sample index 5a5b77a..9ba52ff 100644 --- a/mealie.subdomain.conf.sample +++ b/mealie.subdomain.conf.sample @@ -37,7 +37,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app mealie; - set $upstream_port 80; + set $upstream_port 9000; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; From 9de228a98a12c32e59d03c98929cf00aaef68b53 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Fri, 24 Nov 2023 07:52:26 -0600 Subject: [PATCH 29/31] Update unifi-network-application.subdomain.conf.sample --- unifi-network-application.subdomain.conf.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unifi-network-application.subdomain.conf.sample b/unifi-network-application.subdomain.conf.sample index c6fea4d..0d77afc 100644 --- a/unifi-network-application.subdomain.conf.sample +++ b/unifi-network-application.subdomain.conf.sample @@ -41,7 +41,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app unifi-network-application; - set $upstream_port 8443; + set $upstream_port 8443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; From ba35348ee416d64935694a003a8e1266208e9570 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nagy=20L=C3=A1szl=C3=B3=20Zolt=C3=A1n?= <884277+NLZ@users.noreply.github.com> Date: Sun, 26 Nov 2023 16:25:19 +0100 Subject: [PATCH 30/31] Added immich.subdomain.conf.sample --- immich.subdomain.conf.sample | 57 ++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 immich.subdomain.conf.sample diff --git a/immich.subdomain.conf.sample b/immich.subdomain.conf.sample new file mode 100644 index 0000000..bda5f62 --- /dev/null +++ b/immich.subdomain.conf.sample @@ -0,0 +1,57 @@ +## Version 2023/11/26 +# make sure that your immich container is named immich +# make sure that your dns has a cname set for immich +# immich v1.88+ only + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name immich.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app immich-server; + set $upstream_port 3001; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/immich)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app immich-server; + set $upstream_port 3001; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From 63d5a2e8bfb4eef3a5a9c12d3f2517dd82bd907d Mon Sep 17 00:00:00 2001 From: "J. Scott Elblein" Date: Thu, 30 Nov 2023 03:13:47 -0600 Subject: [PATCH 31/31] Create phoneinfoga.subdomain.conf.sample For the project: https://github.com/sundowndev/phoneinfoga Container: https://hub.docker.com/r/sundowndev/phoneinfoga --- phoneinfoga.subdomain.conf.sample | 46 +++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 phoneinfoga.subdomain.conf.sample diff --git a/phoneinfoga.subdomain.conf.sample b/phoneinfoga.subdomain.conf.sample new file mode 100644 index 0000000..ea0fd0c --- /dev/null +++ b/phoneinfoga.subdomain.conf.sample @@ -0,0 +1,46 @@ +## Version 2023/11/30 +# make sure that your phoneinfoga container is named phoneinfoga +# make sure that your dns has a cname set for phoneinfoga +# add command: 'serve' to your docker compose, so the PhoneInfoga web server starts + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name phoneinfoga.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app phoneinfoga; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +}