From 635b2e914ad72ae4aee91230f67420978a3dd145 Mon Sep 17 00:00:00 2001 From: Bert Van den Abbeele Date: Sat, 26 Oct 2024 18:36:18 +0200 Subject: [PATCH 01/17] Create romm.subdomain.conf.sample create conf file --- romm.subdomain.conf.sample | 55 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 romm.subdomain.conf.sample diff --git a/romm.subdomain.conf.sample b/romm.subdomain.conf.sample new file mode 100644 index 0000000..06317e3 --- /dev/null +++ b/romm.subdomain.conf.sample @@ -0,0 +1,55 @@ +## Version 2024/10/26 +# make sure that your romM container is named romm +# make sure that your dns has a cname set for romm + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name romm.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app romm; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # Hide version + server_tokens off; + + # Security headers + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + } +} \ No newline at end of file From 18707c1177923192abbfbae9d8ab8db37bb80d54 Mon Sep 17 00:00:00 2001 From: Bert Van den Abbeele Date: Wed, 27 Nov 2024 12:21:00 +0100 Subject: [PATCH 02/17] remove optional headers --- romm.subdomain.conf.sample | 9 --------- 1 file changed, 9 deletions(-) diff --git a/romm.subdomain.conf.sample b/romm.subdomain.conf.sample index 06317e3..07c34d4 100644 --- a/romm.subdomain.conf.sample +++ b/romm.subdomain.conf.sample @@ -42,14 +42,5 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - # Hide version - server_tokens off; - - # Security headers - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header Referrer-Policy "no-referrer-when-downgrade" always; } } \ No newline at end of file From 97ea7961a463ef1cb04b09adfc0a27fbe12c737a Mon Sep 17 00:00:00 2001 From: Joel Gillman Date: Fri, 15 Nov 2024 17:42:03 -0600 Subject: [PATCH 03/17] Allow access to Baby Buddy API without auth --- babybuddy.subdomain.conf.sample | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/babybuddy.subdomain.conf.sample b/babybuddy.subdomain.conf.sample index d0aa27d..4f7ee11 100644 --- a/babybuddy.subdomain.conf.sample +++ b/babybuddy.subdomain.conf.sample @@ -43,4 +43,14 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + + location ~ ^/api/ { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app babybuddy; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } } From d43ecbce70ca3cce5a328f5b05df7e316c93335a Mon Sep 17 00:00:00 2001 From: Joel Gillman Date: Sun, 29 Dec 2024 12:00:35 -0600 Subject: [PATCH 04/17] Update date on babybuddy subdomain config --- babybuddy.subdomain.conf.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/babybuddy.subdomain.conf.sample b/babybuddy.subdomain.conf.sample index 4f7ee11..af83363 100644 --- a/babybuddy.subdomain.conf.sample +++ b/babybuddy.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2024/12/29 # make sure that your babybuddy container is named babybuddy # make sure that your dns has a cname set for babybuddy From 0d77daf9cbaf6cb7b1dc8c45031070434287d721 Mon Sep 17 00:00:00 2001 From: driz <40674481+drizuid@users.noreply.github.com> Date: Wed, 1 Jan 2025 14:55:03 -0500 Subject: [PATCH 05/17] test for large comic support --- calibre-web.subdomain.conf.sample | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/calibre-web.subdomain.conf.sample b/calibre-web.subdomain.conf.sample index ca6bbde..b75eba3 100644 --- a/calibre-web.subdomain.conf.sample +++ b/calibre-web.subdomain.conf.sample @@ -64,13 +64,15 @@ server { # Feed for Kobo location /kobo/ { - include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app calibre-web; set $upstream_port 8083; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; + proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Scheme $scheme; - proxy_buffer_size 32k; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; } } \ No newline at end of file From b852188a2b7a81f157cd8164e901174da68627f0 Mon Sep 17 00:00:00 2001 From: driz <40674481+drizuid@users.noreply.github.com> Date: Wed, 1 Jan 2025 14:56:00 -0500 Subject: [PATCH 06/17] for subfolder too... i guess they exist --- calibre-web.subfolder.conf.sample | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/calibre-web.subfolder.conf.sample b/calibre-web.subfolder.conf.sample index 751ad2a..011c6fc 100644 --- a/calibre-web.subfolder.conf.sample +++ b/calibre-web.subfolder.conf.sample @@ -51,7 +51,6 @@ location ^~ /calibre-web/opds/ { # Feed for Kobo location ^~ /calibre-web/kobo/ { - include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app calibre-web; set $upstream_port 8083; @@ -59,5 +58,7 @@ location ^~ /calibre-web/kobo/ { proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /calibre-web; - proxy_buffer_size 32k; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; } From dd15bfcb859ca39d7a56b72d221b500266ef5c1c Mon Sep 17 00:00:00 2001 From: Noneangel <1888627+Noneangel@users.noreply.github.com> Date: Thu, 9 Jan 2025 18:38:42 +0100 Subject: [PATCH 07/17] Fix Jellyfin for WebOS --- jellyfin.subdomain.conf.sample | 8 +++++++- jellyfin.subfolder.conf.sample | 5 ++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/jellyfin.subdomain.conf.sample b/jellyfin.subdomain.conf.sample index 36d1e73..ce586f0 100644 --- a/jellyfin.subdomain.conf.sample +++ b/jellyfin.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/08/22 +## Version 2025/01/09 # make sure that your jellyfin container is named jellyfin # make sure that your dns has a cname set for jellyfin # if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is @@ -22,6 +22,9 @@ server { set $upstream_app jellyfin; set $upstream_port 8096; set $upstream_proto http; + if ($http_user_agent ~ Web0S) { + add_header X-Frame-Options "" always; + } proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Range $http_range; @@ -34,6 +37,9 @@ server { set $upstream_app jellyfin; set $upstream_port 8096; set $upstream_proto http; + if ($http_user_agent ~ Web0S) { + add_header X-Frame-Options "" always; + } proxy_pass $upstream_proto://$upstream_app:$upstream_port; } diff --git a/jellyfin.subfolder.conf.sample b/jellyfin.subfolder.conf.sample index 3d55e1a..5bdce9d 100644 --- a/jellyfin.subfolder.conf.sample +++ b/jellyfin.subfolder.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/05 +## Version 2025/01/09 # make sure that your jellyfin container is named jellyfin # if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is # if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app ;" @@ -15,6 +15,9 @@ location ^~ /jellyfin/ { set $upstream_app jellyfin; set $upstream_port 8096; set $upstream_proto http; + if ($http_user_agent ~ Web0S) { + add_header X-Frame-Options "" always; + } proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Range $http_range; From 2e1f5b70a1338a5d2406c45f7568cbba7c1a3199 Mon Sep 17 00:00:00 2001 From: "J. Scott Elblein" Date: Fri, 10 Jan 2025 23:33:56 -0600 Subject: [PATCH 08/17] Create onetimesecret.subdomain.conf.sample https://github.com/onetimesecret/onetimesecret --- onetimesecret.subdomain.conf.sample | 45 +++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 onetimesecret.subdomain.conf.sample diff --git a/onetimesecret.subdomain.conf.sample b/onetimesecret.subdomain.conf.sample new file mode 100644 index 0000000..4559d1c --- /dev/null +++ b/onetimesecret.subdomain.conf.sample @@ -0,0 +1,45 @@ +## Version 2025/01/07 +# make sure that your onetimesecret container is named onetimesecret +# make sure that your dns has a cname set for onetimesecret + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name onetimesecret.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app onetimesecret; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} From 8199d01bfd42503deba4b13a54561db57bd42267 Mon Sep 17 00:00:00 2001 From: "J. Scott Elblein" Date: Fri, 10 Jan 2025 23:47:00 -0600 Subject: [PATCH 09/17] Create cryptgeon.subdomain.conf.sample --- cryptgeon.subdomain.conf.sample | 45 +++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 cryptgeon.subdomain.conf.sample diff --git a/cryptgeon.subdomain.conf.sample b/cryptgeon.subdomain.conf.sample new file mode 100644 index 0000000..48573c3 --- /dev/null +++ b/cryptgeon.subdomain.conf.sample @@ -0,0 +1,45 @@ +## Version 2025/01/10 +# make sure that your cryptgeon container is named cryptgeon +# make sure that your dns has a cname set for cryptgeon + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name cryptgeon.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app cryptgeon; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } + } From 6f715575e03b570188f6b8f5518f30e57845bfe2 Mon Sep 17 00:00:00 2001 From: Noneangel <1888627+Noneangel@users.noreply.github.com> Date: Sat, 11 Jan 2025 22:37:07 +0100 Subject: [PATCH 10/17] Use Access-Control-Allow-Origin --- jellyfin.subdomain.conf.sample | 10 +++------- jellyfin.subfolder.conf.sample | 6 ++---- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/jellyfin.subdomain.conf.sample b/jellyfin.subdomain.conf.sample index ce586f0..53a42d1 100644 --- a/jellyfin.subdomain.conf.sample +++ b/jellyfin.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2025/01/09 +## Version 2025/01/11 # make sure that your jellyfin container is named jellyfin # make sure that your dns has a cname set for jellyfin # if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is @@ -22,9 +22,7 @@ server { set $upstream_app jellyfin; set $upstream_port 8096; set $upstream_proto http; - if ($http_user_agent ~ Web0S) { - add_header X-Frame-Options "" always; - } + add_header Access-Control-Allow-Origin "luna://com.webos.service.config" always; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Range $http_range; @@ -37,9 +35,7 @@ server { set $upstream_app jellyfin; set $upstream_port 8096; set $upstream_proto http; - if ($http_user_agent ~ Web0S) { - add_header X-Frame-Options "" always; - } + add_header Access-Control-Allow-Origin "luna://com.webos.service.config" always; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } diff --git a/jellyfin.subfolder.conf.sample b/jellyfin.subfolder.conf.sample index 5bdce9d..72c5ab3 100644 --- a/jellyfin.subfolder.conf.sample +++ b/jellyfin.subfolder.conf.sample @@ -1,4 +1,4 @@ -## Version 2025/01/09 +## Version 2025/01/11 # make sure that your jellyfin container is named jellyfin # if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is # if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app ;" @@ -15,9 +15,7 @@ location ^~ /jellyfin/ { set $upstream_app jellyfin; set $upstream_port 8096; set $upstream_proto http; - if ($http_user_agent ~ Web0S) { - add_header X-Frame-Options "" always; - } + add_header Access-Control-Allow-Origin "luna://com.webos.service.config" always; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Range $http_range; From c36380190a49073ebaca09a0fa957dfe33975e23 Mon Sep 17 00:00:00 2001 From: jlssmt Date: Tue, 7 Jan 2025 21:56:17 +0100 Subject: [PATCH 11/17] added hoarder --- hoarder.subdomain.conf.sample | 56 +++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 hoarder.subdomain.conf.sample diff --git a/hoarder.subdomain.conf.sample b/hoarder.subdomain.conf.sample new file mode 100644 index 0000000..fa056ca --- /dev/null +++ b/hoarder.subdomain.conf.sample @@ -0,0 +1,56 @@ +## Version 2024/07/16 +# make sure that your hoarder container is named hoarder +# make sure that your dns has a cname set for hoarder + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name hoarder.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app hoarder; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/hoarder)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app hoarder; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From 11f83cff478c94063e18ed57a9e69916f0f1d57c Mon Sep 17 00:00:00 2001 From: driz <40674481+drizuid@users.noreply.github.com> Date: Thu, 16 Jan 2025 09:37:39 -0500 Subject: [PATCH 12/17] update ports IAW upstream documentation, add note for older versions --- frigate.subdomain.conf.sample | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/frigate.subdomain.conf.sample b/frigate.subdomain.conf.sample index beaf31e..b3d2efe 100644 --- a/frigate.subdomain.conf.sample +++ b/frigate.subdomain.conf.sample @@ -1,6 +1,7 @@ ## Version 2024/07/16 # make sure that your frigate container is named frigate # make sure that your dns has a cname set for frigate +# if you are on a version older than 0.14.0 set upstream_port to 5000 and upstream_proto to http server { listen 443 ssl; @@ -38,8 +39,8 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app frigate; - set $upstream_port 5000; - set $upstream_proto http; + set $upstream_port 8971; + set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } From ce46d79aefc7594ff971c42fab9a6574fb3c2020 Mon Sep 17 00:00:00 2001 From: driz <40674481+drizuid@users.noreply.github.com> Date: Thu, 16 Jan 2025 10:00:09 -0500 Subject: [PATCH 13/17] change date --- frigate.subdomain.conf.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frigate.subdomain.conf.sample b/frigate.subdomain.conf.sample index b3d2efe..a3d64b4 100644 --- a/frigate.subdomain.conf.sample +++ b/frigate.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/01/16 # make sure that your frigate container is named frigate # make sure that your dns has a cname set for frigate # if you are on a version older than 0.14.0 set upstream_port to 5000 and upstream_proto to http From c13da342af56832ba3ec3a57a8a78b71d659e8f2 Mon Sep 17 00:00:00 2001 From: Mr <37304121+IRHM@users.noreply.github.com> Date: Fri, 24 Jan 2025 15:41:30 +0000 Subject: [PATCH 14/17] Create watcharr.subdomain.conf.sample --- watcharr.subdomain.conf.sample | 56 ++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 watcharr.subdomain.conf.sample diff --git a/watcharr.subdomain.conf.sample b/watcharr.subdomain.conf.sample new file mode 100644 index 0000000..634241c --- /dev/null +++ b/watcharr.subdomain.conf.sample @@ -0,0 +1,56 @@ +## Version 2025/01/24 +# make sure that your watcharr container is named watcharr +# make sure that your dns has a cname set for watcharr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name watcharr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app watcharr; + set $upstream_port 3080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/watcharr)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app watcharr; + set $upstream_port 3080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From 76ef83271f5e388f854e393ecb7f9df3a69fbfcc Mon Sep 17 00:00:00 2001 From: quietsy Date: Thu, 30 Jan 2025 07:52:09 +0200 Subject: [PATCH 15/17] Add immich-server --- immich-server.subdomain.conf.sample | 57 +++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 immich-server.subdomain.conf.sample diff --git a/immich-server.subdomain.conf.sample b/immich-server.subdomain.conf.sample new file mode 100644 index 0000000..d33a301 --- /dev/null +++ b/immich-server.subdomain.conf.sample @@ -0,0 +1,57 @@ +## Version 2025/01/30 +# make sure that your immich container is named immich-server +# make sure that your dns has a cname set for immich-server +# immich v1.118+ only. For earlier versions, change $upstream_port to 3001 + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name immich.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app immich-server; + set $upstream_port 2283; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/immich)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app immich-server; + set $upstream_port 2283; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From 495617092efbea2af815b52b9e4573931acc3dbc Mon Sep 17 00:00:00 2001 From: quietsy Date: Thu, 30 Jan 2025 08:05:05 +0200 Subject: [PATCH 16/17] Rename to immich_server --- immich-server.subdomain.conf.sample | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/immich-server.subdomain.conf.sample b/immich-server.subdomain.conf.sample index d33a301..f22d233 100644 --- a/immich-server.subdomain.conf.sample +++ b/immich-server.subdomain.conf.sample @@ -1,6 +1,6 @@ ## Version 2025/01/30 -# make sure that your immich container is named immich-server -# make sure that your dns has a cname set for immich-server +# make sure that your immich container is named immich_server +# make sure that your dns has a cname set for immich # immich v1.118+ only. For earlier versions, change $upstream_port to 3001 server { @@ -38,7 +38,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; - set $upstream_app immich-server; + set $upstream_app immich_server; set $upstream_port 2283; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; @@ -48,7 +48,7 @@ server { location ~ (/immich)?/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; - set $upstream_app immich-server; + set $upstream_app immich_server; set $upstream_port 2283; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; From e4743c63b540ada28ff2c6c487eb1f2220db0b8b Mon Sep 17 00:00:00 2001 From: quietsy Date: Thu, 30 Jan 2025 08:13:36 +0200 Subject: [PATCH 17/17] Rename file for auto_proxy --- ...r.subdomain.conf.sample => immich_server.subdomain.conf.sample | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename immich-server.subdomain.conf.sample => immich_server.subdomain.conf.sample (100%) diff --git a/immich-server.subdomain.conf.sample b/immich_server.subdomain.conf.sample similarity index 100% rename from immich-server.subdomain.conf.sample rename to immich_server.subdomain.conf.sample