github/reverse-proxy-confs
1
0
Fork 0
mirror of https://github.com/linuxserver/reverse-proxy-confs.git synced 2025-07-06 13:01:35 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #2 from linuxserver/master

Browse source 
[pull] master from linuxserver:master
This commit is contained in:
Joseph Harry 2023-12-15 16:03:50 -06:00 committed by GitHub
commit 07b57f7812
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
22 changed files with 705 additions and 283 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/check_samples.yml vendored
View file

@ -12,7 +12,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4.0.0 uses: actions/checkout@v4.1.1
- name: Check Allowed File Names - name: Check Allowed File Names
run: | run: |

25
bitwarden.subdomain.conf.sample
View file

@ -1,7 +1,10 @@
## Version 2023/05/31 ## Version 2023/11/12
# make sure that your bitwarden container is named bitwarden # make sure that your bitwarden container is named bitwarden
# make sure that your dns has a cname set for bitwarden # make sure that your dns has a cname set for bitwarden
# set the environment variable WEBSOCKET_ENABLED=true on your bitwarden container # if you are using bitwarden (the official image), use the bitwarden conf
# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf
#
# bitwarden defaults to port 8080 and can be changed using the environment variable BW_PORT_HTTP on the bitwarden container
server { server {
listen 443 ssl http2; listen 443 ssl http2;
@ -39,7 +42,7 @@ server {
include /config/nginx/proxy.conf; include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; include /config/nginx/resolver.conf;
set $upstream_app bitwarden; set $upstream_app bitwarden;
set $upstream_port 80; set $upstream_port 8080;
set $upstream_proto http; set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_pass $upstream_proto://$upstream_app:$upstream_port;
@ -62,7 +65,7 @@ server {
include /config/nginx/proxy.conf; include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; include /config/nginx/resolver.conf;
set $upstream_app bitwarden; set $upstream_app bitwarden;
set $upstream_port 80; set $upstream_port 8080;
set $upstream_proto http; set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_pass $upstream_proto://$upstream_app:$upstream_port;
@ -72,7 +75,7 @@ server {
include /config/nginx/proxy.conf; include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; include /config/nginx/resolver.conf;
set $upstream_app bitwarden; set $upstream_app bitwarden;
set $upstream_port 80; set $upstream_port 8080;
set $upstream_proto http; set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_pass $upstream_proto://$upstream_app:$upstream_port;
@ -82,17 +85,7 @@ server {
include /config/nginx/proxy.conf; include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; include /config/nginx/resolver.conf;
set $upstream_app bitwarden; set $upstream_app bitwarden;
set $upstream_port 3012; set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/bitwarden)?/notifications/hub/negotiate {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bitwarden;
set $upstream_port 80;
set $upstream_proto http; set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_pass $upstream_proto://$upstream_app:$upstream_port;

86
bitwarden.subfolder.conf.sample
View file

@ -1,86 +0,0 @@
## Version 2023/02/13
# make sure that your bitwarden container is named bitwarden
# make sure that bitwarden is set to work with the base url /bitwarden/
## Environmental Variable DOMAIN=https://<DOMAIN>/bitwarden must be set in bitwarden container including subfolder.
## This is using ports 80 and 3012
location /bitwarden {
return 301 $scheme://$host/bitwarden/;
}
location ^~ /bitwarden/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bitwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/bitwarden)?/admin {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bitwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/bitwarden)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bitwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/bitwarden)?/notifications/hub {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bitwarden;
set $upstream_port 3012;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/bitwarden)?/notifications/hub/negotiate {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bitwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}

56
grampsweb.subdomain.conf.sample Normal file
View file

@ -0,0 +1,56 @@
## Version 2023/10/15
# make sure that your grampsweb container is named grampsweb
# make sure that your dns has a cname set for grampsweb
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name grampsweb.*;
include /config/nginx/ssl.conf;
client_max_body_size 500m;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app grampsweb;
set $upstream_port 5000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/grampsweb)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app grampsweb;
set $upstream_port 5000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

56
homebox.subdomain.conf.sample Normal file
View file

@ -0,0 +1,56 @@
## Version 2023/10/21
# make sure that your homebox container is named homebox
# make sure that your dns has a cname set for homebox
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name homebox.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app homebox;
set $upstream_port 7745;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/homebox)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app homebox;
set $upstream_port 7745;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

57
immich.subdomain.conf.sample Normal file
View file

@ -0,0 +1,57 @@
## Version 2023/11/26
# make sure that your immich container is named immich
# make sure that your dns has a cname set for immich
# immich v1.88+ only
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name immich.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app immich-server;
set $upstream_port 3001;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/immich)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app immich-server;
set $upstream_port 3001;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

6
komga.subdomain.conf.sample
View file

@ -1,4 +1,4 @@
## Version 2023/05/31 ## Version 2023/09/05
# make sure that your komga container is named komga # make sure that your komga container is named komga
# make sure that your dns has a cname set for komga # make sure that your dns has a cname set for komga
@ -38,7 +38,7 @@ server {
include /config/nginx/proxy.conf; include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; include /config/nginx/resolver.conf;
set $upstream_app komga; set $upstream_app komga;
set $upstream_port 8080; set $upstream_port 25600;
set $upstream_proto http; set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_pass $upstream_proto://$upstream_app:$upstream_port;
@ -48,7 +48,7 @@ server {
include /config/nginx/proxy.conf; include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; include /config/nginx/resolver.conf;
set $upstream_app komga; set $upstream_app komga;
set $upstream_port 8080; set $upstream_port 25600;
set $upstream_proto http; set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_pass $upstream_proto://$upstream_app:$upstream_port;

6
komga.subfolder.conf.sample
View file

@ -1,4 +1,4 @@
## Version 2023/02/05 ## Version 2023/09/05
# make sure that your komga container is named komga # make sure that your komga container is named komga
# make sure that komga is set to work with the base url /komga/ # make sure that komga is set to work with the base url /komga/
# First make sure your Container has set an Baseurl set via docker-compose File "envirnoment: SERVER_SERVLET_CONTEXT_PATH=/komga" and recreate the container. # First make sure your Container has set an Baseurl set via docker-compose File "envirnoment: SERVER_SERVLET_CONTEXT_PATH=/komga" and recreate the container.
@ -24,7 +24,7 @@ location ^~ /komga/ {
include /config/nginx/proxy.conf; include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; include /config/nginx/resolver.conf;
set $upstream_app komga; set $upstream_app komga;
set $upstream_port 8080 ; set $upstream_port 25600 ;
set $upstream_proto http; set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_pass $upstream_proto://$upstream_app:$upstream_port;
@ -34,7 +34,7 @@ location ^~ /komga/api {
include /config/nginx/proxy.conf; include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; include /config/nginx/resolver.conf;
set $upstream_app komga; set $upstream_app komga;
set $upstream_port 8080; set $upstream_port 25600;
set $upstream_proto http; set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_pass $upstream_proto://$upstream_app:$upstream_port;
} }

46
linkace.subdomain.conf.sample Normal file
View file

@ -0,0 +1,46 @@
## Version 2023/09/29
# make sure that your linkace container is named linkace
# make sure that your dns has a cname set for linkace
# use linkace:simple package with included proxy
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name linkace.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app linkace;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

2
mealie.subdomain.conf.sample
View file

@ -37,7 +37,7 @@ server {
include /config/nginx/proxy.conf; include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; include /config/nginx/resolver.conf;
set $upstream_app mealie; set $upstream_app mealie;
set $upstream_port 80; set $upstream_port 9000;
set $upstream_proto http; set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_pass $upstream_proto://$upstream_app:$upstream_port;

45
nocodb.subdomain.conf.sample Normal file
View file

@ -0,0 +1,45 @@
## Version 2023/09/28
# make sure that your nocodb container is named nocodb
# make sure that your dns has a cname set for nocodb
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name nocodb.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nocodb;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

46
phoneinfoga.subdomain.conf.sample Normal file
View file

@ -0,0 +1,46 @@
## Version 2023/11/30
# make sure that your phoneinfoga container is named phoneinfoga
# make sure that your dns has a cname set for phoneinfoga
# add command: 'serve' to your docker compose, so the PhoneInfoga web server starts
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name phoneinfoga.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app phoneinfoga;
set $upstream_port 5000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

12
prowlarr.subdomain.conf.sample
View file

@ -1,4 +1,4 @@
## Version 2023/05/31 ## Version 2023/09/13
# make sure that your prowlarr container is named prowlarr # make sure that your prowlarr container is named prowlarr
# make sure that your dns has a cname set for prowlarr # make sure that your dns has a cname set for prowlarr
@ -51,4 +51,14 @@ server {
set $upstream_proto http; set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_pass $upstream_proto://$upstream_app:$upstream_port;
} }
location ~ (/prowlarr)?(/[0-9]+)?/download {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app prowlarr;
set $upstream_port 9696;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
} }

12
prowlarr.subfolder.conf.sample
View file

@ -1,4 +1,4 @@
## Version 2023/02/05 ## Version 2023/09/13
# make sure that your prowlarr container is named prowlarr # make sure that your prowlarr container is named prowlarr
# make sure that prowlarr is set to work with the base url /prowlarr/ # make sure that prowlarr is set to work with the base url /prowlarr/
@ -34,3 +34,13 @@ location ~ /prowlarr(/[0-9]+)?/api {
proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_pass $upstream_proto://$upstream_app:$upstream_port;
} }
location ~ /prowlarr(/[0-9]+)?/download {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app prowlarr;
set $upstream_port 9696;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}

169
qbittorrent.subdomain.conf.sample
View file

@ -1,6 +1,14 @@
## Version 2023/05/31 ## Version 2023/10/10
# make sure that your qbittorrent container is named qbittorrent # make sure that your qbittorrent container is named qbittorrent
# make sure that your dns has a cname set for qbittorrent # make sure that your dns has a cname set for qbittorrent
# Api and related location bypasses are now commented out by default
# due to users easily misconfiguring qbittorrent to allow
# public access through the api endpoint by including SWAG in
# "Bypass authentication for clients in whitelisted IP subnets",
# which results in all connections through SWAG to be considered
# local and bypassing auth, which also applies to qbittorrent's
# api endpoint (webui api)
# enable at your own risk
server { server {
listen 443 ssl http2; listen 443 ssl http2;
@ -47,93 +55,108 @@ server {
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
} }
location ~ (/qbittorrent)?/api { # location ~ (/qbittorrent)?/api {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ~ (/qbittorrent)?/command { # location ~ (/qbittorrent)?/command {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ~ (/qbittorrent)?/query { # location ~ (/qbittorrent)?/css {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ~ (/qbittorrent)?/login { # location ~ (/qbittorrent)?/query {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ~ (/qbittorrent)?/sync { # location ~ (/qbittorrent)?/login {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ~ (/qbittorrent)?/scripts { # location ~ (/qbittorrent)?/sync {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
# location ~ (/qbittorrent)?/scripts {
# include /config/nginx/proxy.conf;
# include /config/nginx/resolver.conf;
# set $upstream_app qbittorrent;
# set $upstream_port 8080;
# set $upstream_proto http;
# proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# rewrite /qbittorrent(.*) $1 break;
# proxy_set_header Referer '';
# proxy_set_header Host $upstream_app:$upstream_port;
# proxy_set_header X-Forwarded-Host $host;
# }
} }

169
qbittorrent.subfolder.conf.sample
View file

@ -1,6 +1,14 @@
## Version 2023/02/05 ## Version 2023/10/10
# make sure that your qbittorrent container is named qbittorrent # make sure that your qbittorrent container is named qbittorrent
# qbittorrent does not require a base url setting # qbittorrent does not require a base url setting
# Api and related location bypasses are now commented out by default
# due to users easily misconfiguring qbittorrent to allow
# public access through the api endpoint by including SWAG in
# "Bypass authentication for clients in whitelisted IP subnets",
# which results in all connections through SWAG to be considered
# local and bypassing auth, which also applies to qbittorrent's
# api endpoint (webui api)
# enable at your own risk
location /qbittorrent { location /qbittorrent {
return 301 $scheme://$host/qbittorrent/; return 301 $scheme://$host/qbittorrent/;
@ -34,92 +42,107 @@ location ^~ /qbittorrent/ {
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
} }
location ^~ /qbittorrent/api { # location ^~ /qbittorrent/api {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ^~ /qbittorrent/command { # location ^~ /qbittorrent/command {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ^~ /qbittorrent/query { # location ^~ /qbittorrent/css {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ^~ /qbittorrent/login { # location ^~ /qbittorrent/query {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ^~ /qbittorrent/sync { # location ^~ /qbittorrent/login {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ^~ /qbittorrent/scripts { # location ^~ /qbittorrent/sync {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
# location ^~ /qbittorrent/scripts {
# include /config/nginx/proxy.conf;
# include /config/nginx/resolver.conf;
# set $upstream_app qbittorrent;
# set $upstream_port 8080;
# set $upstream_proto http;
# proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# rewrite /qbittorrent(.*) $1 break;
# proxy_set_header Referer '';
# proxy_set_header Host $upstream_app:$upstream_port;
# proxy_set_header X-Forwarded-Host $host;
# }

51
storm.subdomain.conf.sample Normal file
View file

@ -0,0 +1,51 @@
## Version 2023/02/05
# reverse proxy config for a modern deluge interface named storm
# https://github.com/relvacode/storm
# make sure that your storm container is named storm
# make sure that your dns has a cname set for storm
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name storm.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app storm;
set $upstream_port 8221;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

1
unifi-network-application.subdomain.conf.sample
View file

@ -3,6 +3,7 @@
# make sure that your dns has a cname set for unifi # make sure that your dns has a cname set for unifi
# NOTE: If you use the proxy_cookie_path setting in proxy.conf you need to remove HTTPOnly; # NOTE: If you use the proxy_cookie_path setting in proxy.conf you need to remove HTTPOnly;
# ex: proxy_cookie_path / "/; Secure"; # ex: proxy_cookie_path / "/; Secure";
# change $upstream_port to 443 if connecting to a Unifi Cloud Key
server { server {
listen 443 ssl http2; listen 443 ssl http2;

17
vaultwarden.subdomain.conf.sample
View file

@ -1,7 +1,10 @@
## Version 2023/05/31 ## Version 2023/11/12
# make sure that your vaultwarden container is named vaultwarden # make sure that your vaultwarden container is named vaultwarden
# make sure that your dns has a cname set for vaultwarden # make sure that your dns has a cname set for vaultwarden
# set the environment variable WEBSOCKET_ENABLED=true on your vaultwarden container # if you are using bitwarden (the official image), use the bitwarden conf
# if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf
#
# vaultwarden defaults to port 80 and can be changed using the environment variable ROCKET_PORT on the vaultwarden container
server { server {
listen 443 ssl http2; listen 443 ssl http2;
@ -79,16 +82,6 @@ server {
} }
location ~ (/vaultwarden)?/notifications/hub { location ~ (/vaultwarden)?/notifications/hub {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 3012;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/vaultwarden)?/notifications/hub/negotiate {
include /config/nginx/proxy.conf; include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; include /config/nginx/resolver.conf;
set $upstream_app vaultwarden; set $upstream_app vaultwarden;

20
vaultwarden.subfolder.conf.sample
View file

@ -1,8 +1,12 @@
## Version 2023/03/27 ## Version 2023/11/12
# make sure that your vaultwarden container is named vaultwarden # make sure that your vaultwarden container is named vaultwarden
# make sure that vaultwarden is set to work with the base url /vaultwarden/ # make sure that vaultwarden is set to work with the base url /vaultwarden/
## Environmental Variable DOMAIN=https://<DOMAIN>/vaultwarden must be set in vaultwarden container including subfolder. # if you are using bitwarden (the official image), use the bitwarden conf
## This is using ports 80 and 3012 # if you are using vaultwarden (an unofficial implementation), use the vaultwarden conf
#
# vaultwarden defaults to port 80 and can be changed using the environment variable ROCKET_PORT on the vaultwarden container
#
# Environmental Variable DOMAIN=https://<DOMAIN>/vaultwarden must be set in vaultwarden container including subfolder.
location /vaultwarden { location /vaultwarden {
return 301 $scheme://$host/vaultwarden/; return 301 $scheme://$host/vaultwarden/;
@ -65,16 +69,6 @@ location ~ (/vaultwarden)?/api {
} }
location ~ (/vaultwarden)?/notifications/hub { location ~ (/vaultwarden)?/notifications/hub {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_port 3012;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/vaultwarden)?/notifications/hub/negotiate {
include /config/nginx/proxy.conf; include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; include /config/nginx/resolver.conf;
set $upstream_app vaultwarden; set $upstream_app vaultwarden;

51
your-spotify-api.subdomain.conf.sample Normal file
View file

@ -0,0 +1,51 @@
## Version 2023/10/17
# https://github.com/Yooooomi/your_spotify
# this is not a standalone config, it requires configured your-spotify web container for full functionality.
# it uses server URLs for api callbacks, thus a server is required
# make sure that your YourSpotify api container is named your-spotify-server
# make sure that your dns has a cname set for your-spotify-server
# do not forget to finish configuration following instructions in apps repository. API_ENDPOINT=https://your-spotify-server.[your domain].
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name your-spotify-server.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app your-spotify-server;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

53
your-spotify.subdomain.conf.sample Normal file
View file

@ -0,0 +1,53 @@
## Version 2023/10/17
# https://github.com/Yooooomi/your_spotify
# this is not a standalone config, it requires configured your-spotify api container for full functionality.
# it uses server URLs for api callbacks, thus a server is required
# make sure that your YourSpotify web container is named your-spotify-web
# make sure that your dns has a cname set for your-spotify
# do not forget to finish configuration following instructions in apps repository. CLIENT_ENDPOINT=https://your-spotify.[your domain]
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name your-spotify.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app your-spotify-web;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}