diff --git a/dashy.subdomain.conf.sample b/dashy.subdomain.conf.sample index 72b4b9d..2848270 100644 --- a/dashy.subdomain.conf.sample +++ b/dashy.subdomain.conf.sample @@ -38,7 +38,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app dashy; - set $upstream_port 80; + set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } diff --git a/ddns-updater.subdomain.conf.sample b/ddns-updater.subdomain.conf.sample new file mode 100644 index 0000000..e02a809 --- /dev/null +++ b/ddns-updater.subdomain.conf.sample @@ -0,0 +1,56 @@ +## Version 2024/08/04 +# make sure that your ddns-updater container is named ddns-updater +# make sure that your dns has a cname set for ddns-updater + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name ddns-updater.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ddns-updater; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/ddns-updater)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ddns-updater; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/ddns-updater.subfolder.conf.sample b/ddns-updater.subfolder.conf.sample new file mode 100644 index 0000000..f4ad7e9 --- /dev/null +++ b/ddns-updater.subfolder.conf.sample @@ -0,0 +1,36 @@ +## Version 2024/08/04 +# make sure that your ddns-updater container is named ddns-updater +# make sure that ddns-updater is set to work with the base url /ddns-updater/ + +location ^~ /ddns-updater { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ddns-updater; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ^~ /ddns-updater/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ddns-updater; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/dockge.subdomain.conf.sample b/dockge.subdomain.conf.sample new file mode 100644 index 0000000..c3562b9 --- /dev/null +++ b/dockge.subdomain.conf.sample @@ -0,0 +1,46 @@ +## Version 2024/07/16 +# make sure that your dockge container is named dockge +# make sure that your dns has a cname set for dockge + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name dockge.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app dockge; + set $upstream_port 5001; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/dockge.subfolder.conf.sample b/dockge.subfolder.conf.sample new file mode 100644 index 0000000..5dbb617 --- /dev/null +++ b/dockge.subfolder.conf.sample @@ -0,0 +1,31 @@ +## Version 2023/02/05 +# make sure that your dockge container is named dockge +# make sure that dockge is set to work with the base url /dockge/ + + +location /dockge { + return 301 $scheme://$host/dockge/; +} + +location ^~ /dockge/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app dockge; + set $upstream_port 5001; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/jellyfin.subdomain.conf.sample b/jellyfin.subdomain.conf.sample index 479ca30..36d1e73 100644 --- a/jellyfin.subdomain.conf.sample +++ b/jellyfin.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2024/08/22 # make sure that your jellyfin container is named jellyfin # make sure that your dns has a cname set for jellyfin # if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is @@ -37,4 +37,22 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + + # Restrict access to /metrics + # https://jellyfin.org/docs/general/networking/monitoring/#prometheus-metrics + location /metrics { + allow 192.168.0.0/16; + allow 10.0.0.0/8; + allow 172.16.0.0/12; + allow 127.0.0.0/8; + + deny all; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app jellyfin; + set $upstream_port 8096; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } } diff --git a/lubelogger.subdomain.conf.sample b/lubelogger.subdomain.conf.sample new file mode 100644 index 0000000..ec0c66b --- /dev/null +++ b/lubelogger.subdomain.conf.sample @@ -0,0 +1,46 @@ +## Version 2024/08/18 +# make sure that your lubelogger container is named lubelogger +# make sure that your dns has a cname set for lubelogger + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name lubelogger.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app lubelogger; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/paperless.subdomain.conf.sample b/paperless.subdomain.conf.sample new file mode 100644 index 0000000..7692091 --- /dev/null +++ b/paperless.subdomain.conf.sample @@ -0,0 +1,46 @@ +## Version 2024/07/16 +# make sure that your paperless container is named paperless +# make sure that your dns has a cname set for paperless + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name paperless.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app paperless; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/paperless.subfolder.conf.sample b/paperless.subfolder.conf.sample new file mode 100644 index 0000000..73f6baf --- /dev/null +++ b/paperless.subfolder.conf.sample @@ -0,0 +1,30 @@ +## Version 2023/02/05 +# make sure that your paperless container is named paperless +# make sure that paperless is set to work with the base url /paperless/ + +location /paperless { + return 301 $scheme://$host/paperless/; +} + +location ^~ /paperless/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app paperless; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/whisparr.subdomain.conf.sample b/whisparr.subdomain.conf.sample new file mode 100644 index 0000000..a900e3b --- /dev/null +++ b/whisparr.subdomain.conf.sample @@ -0,0 +1,56 @@ +## Version 2024/08/04 +# make sure that your whisparr container is named whisparr +# make sure that your dns has a cname set for whisparr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name whisparr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app whisparr; + set $upstream_port 6969; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/whisparr)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app whisparr; + set $upstream_port 6969; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/whisparr.subfolder.conf.sample b/whisparr.subfolder.conf.sample new file mode 100644 index 0000000..13d3693 --- /dev/null +++ b/whisparr.subfolder.conf.sample @@ -0,0 +1,36 @@ +## Version 2024/08/04 +# make sure that your whisparr container is named whisparr +# make sure that whisparr is set to work with the base url /whisparr/ + +location ^~ /whisparr { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app whisparr; + set $upstream_port 6969; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ^~ /whisparr/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app whisparr; + set $upstream_port 6969; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +}