diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index b9fd5b1..429705d 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 - name: Check Allowed File Names run: | diff --git a/_template.subdomain.conf.sample b/_template.subdomain.conf.sample index 9a097bf..855e94d 100644 --- a/_template.subdomain.conf.sample +++ b/_template.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template. # REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for and replace them. Review other sample files to see how things are done. # REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings. @@ -7,7 +7,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name .*; @@ -24,6 +26,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -38,6 +43,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app ; diff --git a/actual-server.subdomain.conf.sample b/actual-server.subdomain.conf.sample index ce910a4..4fc719d 100644 --- a/actual-server.subdomain.conf.sample +++ b/actual-server.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your actual-server container is named actual-server # make sure that your dns has a cname set for actual-server server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name actual-server.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app actual-server; diff --git a/adguard.subdomain.conf.sample b/adguard.subdomain.conf.sample index 9d4d459..ab618d8 100644 --- a/adguard.subdomain.conf.sample +++ b/adguard.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your adguard container is named adguard # make sure that your dns has a cname set for adguard server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name adguard.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app adguard; diff --git a/adminer.subdomain.conf.sample b/adminer.subdomain.conf.sample index 809a6a4..e60eb41 100644 --- a/adminer.subdomain.conf.sample +++ b/adminer.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your adminer container is named adminer # make sure that your dns has a cname set for adminer server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name adminer.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth @@ -36,6 +41,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app adminer; diff --git a/adminmongo.subdomain.conf.sample b/adminmongo.subdomain.conf.sample index c1869eb..c2bd8ea 100644 --- a/adminmongo.subdomain.conf.sample +++ b/adminmongo.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your adminmongo container is named adminmongo # make sure that your dns has a cname set for adminmongo server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name adminmongo.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app adminmongo; diff --git a/airsonic.subdomain.conf.sample b/airsonic.subdomain.conf.sample index 7152705..6fa79ba 100644 --- a/airsonic.subdomain.conf.sample +++ b/airsonic.subdomain.conf.sample @@ -1,11 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your airsonic container is named airsonic # make sure that your dns has a cname set for airsonic # add `server.use-forward-headers=true` to `/config/application.properties` to ensure logs contain real source IP server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name airsonic.*; @@ -22,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -36,6 +41,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app airsonic; diff --git a/apprise-api.subdomain.conf.sample b/apprise-api.subdomain.conf.sample index ea04b40..4e65486 100644 --- a/apprise-api.subdomain.conf.sample +++ b/apprise-api.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your apprise-api container is named apprise-api # make sure that your dns has a cname set for apprise-api server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name apprise-api.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app apprise-api; diff --git a/archisteamfarm.subdomain.conf.sample b/archisteamfarm.subdomain.conf.sample index caeaa64..9e0170b 100644 --- a/archisteamfarm.subdomain.conf.sample +++ b/archisteamfarm.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your archisteamfarm container is named archisteamfarm # make sure that your dns has a cname set for archisteamfarm server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name archisteamfarm.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app archisteamfarm; diff --git a/aria2-with-webui.subdomain.conf.sample b/aria2-with-webui.subdomain.conf.sample index 98181a8..6e75fcc 100644 --- a/aria2-with-webui.subdomain.conf.sample +++ b/aria2-with-webui.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your aria2 container is named aria2-with-webui # make sure that your dns has a cname set for aria2 # @@ -8,7 +8,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name aria2.*; @@ -25,6 +27,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -39,6 +44,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app aria2-with-webui; diff --git a/asciinema.subdomain.conf.sample b/asciinema.subdomain.conf.sample new file mode 100644 index 0000000..8a1e687 --- /dev/null +++ b/asciinema.subdomain.conf.sample @@ -0,0 +1,78 @@ +## Version 2025/07/18 +# make sure that your asciinema container is named asciinema +# make sure that your dns has a cname set for asciinema + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name asciinema.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app asciinema; + set $upstream_port 4000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } + + location ~ (/asciinema)?/dashboard { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app asciinema; + set $upstream_port 4002; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/atuin.subdomain.conf.sample b/atuin.subdomain.conf.sample index 73af032..03670f5 100644 --- a/atuin.subdomain.conf.sample +++ b/atuin.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your atuin container is named atuin # make sure that your dns has a cname set for atuin server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name atuin.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app atuin; diff --git a/audiobookshelf.subdomain.conf.sample b/audiobookshelf.subdomain.conf.sample index fb1ad90..b737e91 100644 --- a/audiobookshelf.subdomain.conf.sample +++ b/audiobookshelf.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your audiobookshelf container is named audiobookshelf # make sure that your dns has a cname set for audiobookshelf server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name audiobookshelf.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app audiobookshelf; diff --git a/authelia.subdomain.conf.sample b/authelia.subdomain.conf.sample index 032acbb..0c8276a 100644 --- a/authelia.subdomain.conf.sample +++ b/authelia.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your authelia container is named authelia # make sure that your dns has a cname set for authelia server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name authelia.*; diff --git a/authentik.subdomain.conf.sample b/authentik.subdomain.conf.sample index a821731..5b6c9cc 100644 --- a/authentik.subdomain.conf.sample +++ b/authentik.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your authentik container is named authentik-server # make sure that your dns has a cname set for authentik server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name authentik.*; diff --git a/babybuddy.subdomain.conf.sample b/babybuddy.subdomain.conf.sample index d0aa27d..84fd70f 100644 --- a/babybuddy.subdomain.conf.sample +++ b/babybuddy.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your babybuddy container is named babybuddy # make sure that your dns has a cname set for babybuddy server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name babybuddy.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,19 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app babybuddy; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ ^/api/ { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app babybuddy; diff --git a/bazarr.subdomain.conf.sample b/bazarr.subdomain.conf.sample index da168f6..76d7346 100644 --- a/bazarr.subdomain.conf.sample +++ b/bazarr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your bazarr container is named bazarr # make sure that your dns has a cname set for bazarr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name bazarr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bazarr; diff --git a/beets.subdomain.conf.sample b/beets.subdomain.conf.sample index 04efa76..145f735 100644 --- a/beets.subdomain.conf.sample +++ b/beets.subdomain.conf.sample @@ -1,11 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your beets container is named beets # make sure that your dns has a cname set for beets #First edit beets.yml and enable the reverse proxy settings, under "web" add "reverse_proxy: true" and restart the beets container. server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name beets.*; @@ -22,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -36,6 +41,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app beets; diff --git a/beszel.subdomain.conf.sample b/beszel.subdomain.conf.sample new file mode 100644 index 0000000..3cc6b0e --- /dev/null +++ b/beszel.subdomain.conf.sample @@ -0,0 +1,64 @@ +## Version 2025/07/18 +# make sure that your beszel container is named beszel +# make sure that your dns has a cname set for beszel + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name beszel.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app beszel; + set $upstream_port 8090; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/beszel)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app beszel; + set $upstream_port 8090; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/beszel.subfolder.conf.sample b/beszel.subfolder.conf.sample new file mode 100644 index 0000000..050d3e9 --- /dev/null +++ b/beszel.subfolder.conf.sample @@ -0,0 +1,41 @@ +## Version 2023/02/05 +# make sure that your beszel container is named beszel +# make sure that beszel is set to work with the base url /beszel/ + + +location /beszel { + return 301 $scheme://$host/beszel/; +} + +location ^~ /beszel/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app beszel; + set $upstream_port 8090; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ^~ /beszel/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app beszel; + set $upstream_port 8090; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/bitwarden.subdomain.conf.sample b/bitwarden.subdomain.conf.sample index 50e7be2..a5dd48a 100644 --- a/bitwarden.subdomain.conf.sample +++ b/bitwarden.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your bitwarden container is named bitwarden # make sure that your dns has a cname set for bitwarden # if you are using bitwarden (the official image), use the bitwarden conf @@ -8,7 +8,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name bitwarden.*; @@ -25,6 +27,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -39,6 +44,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; @@ -62,6 +70,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; diff --git a/boinc.subdomain.conf.sample b/boinc.subdomain.conf.sample index af45bfb..ccad6c5 100644 --- a/boinc.subdomain.conf.sample +++ b/boinc.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your boinc container is named boinc # make sure that your dns has a cname set for boinc server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name boinc.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app boinc; diff --git a/booksonic.subdomain.conf.sample b/booksonic.subdomain.conf.sample index 0d6008b..8d8b4c5 100644 --- a/booksonic.subdomain.conf.sample +++ b/booksonic.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your booksonic container is named booksonic # make sure that your dns has a cname set for booksonic server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name booksonic.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app booksonic; diff --git a/bookstack.subdomain.conf.sample b/bookstack.subdomain.conf.sample index 9a6b898..be6cb12 100644 --- a/bookstack.subdomain.conf.sample +++ b/bookstack.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your bookstack container is named bookstack # make sure that your dns has a cname set for bookstack # Ensure you have the APP_URL Environment Variable set correctly in your Docker Run/Compose or in BookStack Env File (/www/.env) @@ -6,7 +6,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name bookstack.*; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bookstack; diff --git a/budge.subdomain.conf.sample b/budge.subdomain.conf.sample index 24b7af2..7b40d2e 100644 --- a/budge.subdomain.conf.sample +++ b/budge.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your budge container is named budge # make sure that your dns has a cname set for budge server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name budge.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app budge; diff --git a/cadvisor.subdomain.conf.sample b/cadvisor.subdomain.conf.sample index 905cfd8..a61c13f 100644 --- a/cadvisor.subdomain.conf.sample +++ b/cadvisor.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your cadvisor container is named cadvisor # make sure that your dns has a cname set for cadvisor server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name cadvisor.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app cadvisor; diff --git a/calibre-web.subdomain.conf.sample b/calibre-web.subdomain.conf.sample index 934f353..b5109bd 100644 --- a/calibre-web.subdomain.conf.sample +++ b/calibre-web.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your calibre-web container is named calibre-web # make sure that your dns has a cname set for calibre-web server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name calibre-web.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -34,6 +39,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; # To use Authelia to log in to Calibre-Web, make sure "Reverse Proxy Login" is # enabled, "Reverse Proxy Header Name" is set to Remote-User, and each Authelia # user also has a corresponding user manually created in Calibre-Web. @@ -61,4 +69,18 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header X-Scheme $scheme; } + + # Feed for Kobo + location /kobo/ { + include /config/nginx/resolver.conf; + set $upstream_app calibre-web; + set $upstream_port 8083; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Scheme $scheme; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + } } diff --git a/calibre-web.subfolder.conf.sample b/calibre-web.subfolder.conf.sample index e28a272..011c6fc 100644 --- a/calibre-web.subfolder.conf.sample +++ b/calibre-web.subfolder.conf.sample @@ -48,3 +48,17 @@ location ^~ /calibre-web/opds/ { proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /calibre-web; } + +# Feed for Kobo +location ^~ /calibre-web/kobo/ { + include /config/nginx/resolver.conf; + set $upstream_app calibre-web; + set $upstream_port 8083; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /calibre-web; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; +} diff --git a/calibre.subdomain.conf.sample b/calibre.subdomain.conf.sample index 98cb48f..08a54df 100644 --- a/calibre.subdomain.conf.sample +++ b/calibre.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your calibre container is named calibre # make sure that your dns has a cname set for calibre # for the content server, go into calibre preferences / sharing over the net / advanced and @@ -7,7 +7,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name calibre.*; @@ -24,6 +26,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -38,6 +43,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app calibre; @@ -66,6 +74,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app calibre; diff --git a/castopod.subdomain.conf.sample b/castopod.subdomain.conf.sample index 7c2042e..f15e3ef 100644 --- a/castopod.subdomain.conf.sample +++ b/castopod.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 -# make sure that your castopod container is named castopod +## Version 2025/07/18 +# make sure that your castopod container is named castopod-app # make sure that your dns has a cname set for castopod server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name castopod.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,10 +40,13 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; - set $upstream_app castopod; - set $upstream_port 80; + set $upstream_app castopod-app; + set $upstream_port 8000; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; diff --git a/changedetection.subdomain.conf.sample b/changedetection.subdomain.conf.sample index ae0a5b6..80d865f 100644 --- a/changedetection.subdomain.conf.sample +++ b/changedetection.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your changedetection container is named changedetection # make sure that your dns has a cname set for changedetection server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name changedetection.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app changedetection; diff --git a/chevereto.subdomain.conf.sample b/chevereto.subdomain.conf.sample index cd9d8e2..e0383dc 100644 --- a/chevereto.subdomain.conf.sample +++ b/chevereto.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your chevereto container is named chevereto # make sure that your dns has a cname set for chevereto server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name chevereto.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app chevereto; diff --git a/chronograf.subdomain.conf.sample b/chronograf.subdomain.conf.sample index 529ccf5..5bd86f4 100644 --- a/chronograf.subdomain.conf.sample +++ b/chronograf.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your chronograf container is named chronograf # make sure that your dns has a cname set for chronograf server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name chronograf.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app chronograf; diff --git a/cloudbeaver.subdomain.conf.sample b/cloudbeaver.subdomain.conf.sample index d964544..b67cbc0 100644 --- a/cloudbeaver.subdomain.conf.sample +++ b/cloudbeaver.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your cloudbeaver container is named cloudbeaver # make sure that your dns has a cname set for cloudbeaver server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name cloudbeaver.*; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app cloudbeaver; diff --git a/code-server.subdomain.conf.sample b/code-server.subdomain.conf.sample index 56e0ffb..b97619f 100644 --- a/code-server.subdomain.conf.sample +++ b/code-server.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your code-server container is named code-server # make sure that your dns has a cname set for code-server server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name code-server.* "~^[0-9]{1,10}\.code-server\..*$"; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/codimd.subdomain.conf.sample b/codimd.subdomain.conf.sample index 8de6ea8..d47be0b 100644 --- a/codimd.subdomain.conf.sample +++ b/codimd.subdomain.conf.sample @@ -1,11 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure you have added the following environmental variables to your run command/compose file # CMD_DOMAIN=codimd.server.com # CMD_PROTOCOL_USESSL=true server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name codimd.*; @@ -22,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -36,6 +41,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app codimd; diff --git a/collabora.subdomain.conf.sample b/collabora.subdomain.conf.sample index d21ac2c..e953e03 100644 --- a/collabora.subdomain.conf.sample +++ b/collabora.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your collabora container is named collabora # make sure that your dns has a cname set for collabora server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name collabora.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app collabora; diff --git a/commento.subdomain.conf.sample b/commento.subdomain.conf.sample index e4c5226..d49cfa1 100644 --- a/commento.subdomain.conf.sample +++ b/commento.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your commento container is named commento # make sure that your dns has a cname set for commento server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name commento.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app commento; diff --git a/couchpotato.subdomain.conf.sample b/couchpotato.subdomain.conf.sample index d895d48..a4d8711 100644 --- a/couchpotato.subdomain.conf.sample +++ b/couchpotato.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your couchpotato container is named couchpotato # make sure that your dns has a cname set for couchpotato server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name couchpotato.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app couchpotato; diff --git a/crowdsec-dashboard.subdomain.conf.sample b/crowdsec-dashboard.subdomain.conf.sample index e1739bd..979e6b3 100644 --- a/crowdsec-dashboard.subdomain.conf.sample +++ b/crowdsec-dashboard.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your crowdsec-dashboard container is named crowdsec-dashboard # make sure that your dns has a cname set for crowdsec-dashboard server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name crowdsec-dashboard.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app crowdsec-dashboard; diff --git a/crowdsec.subdomain.conf.sample b/crowdsec.subdomain.conf.sample index 640e913..e0aa7de 100644 --- a/crowdsec.subdomain.conf.sample +++ b/crowdsec.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your crowdsec container is named crowdsec # make sure that your dns has a cname set for crowdsec server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name crowdsec.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app crowdsec; diff --git a/cryptgeon.subdomain.conf.sample b/cryptgeon.subdomain.conf.sample new file mode 100644 index 0000000..8d591b0 --- /dev/null +++ b/cryptgeon.subdomain.conf.sample @@ -0,0 +1,53 @@ +## Version 2025/07/18 +# make sure that your cryptgeon container is named cryptgeon +# make sure that your dns has a cname set for cryptgeon + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name cryptgeon.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app cryptgeon; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } + } diff --git a/dashy.subdomain.conf.sample b/dashy.subdomain.conf.sample index 72b4b9d..0370e09 100644 --- a/dashy.subdomain.conf.sample +++ b/dashy.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your dashy container is named dashy # make sure that your dns has a cname set for dashy server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name dashy.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,10 +40,13 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app dashy; - set $upstream_port 80; + set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } diff --git a/ddns-updater.subdomain.conf.sample b/ddns-updater.subdomain.conf.sample new file mode 100644 index 0000000..557d320 --- /dev/null +++ b/ddns-updater.subdomain.conf.sample @@ -0,0 +1,64 @@ +## Version 2025/07/18 +# make sure that your ddns-updater container is named ddns-updater +# make sure that your dns has a cname set for ddns-updater + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name ddns-updater.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ddns-updater; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/ddns-updater)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ddns-updater; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/ddns-updater.subfolder.conf.sample b/ddns-updater.subfolder.conf.sample new file mode 100644 index 0000000..f4ad7e9 --- /dev/null +++ b/ddns-updater.subfolder.conf.sample @@ -0,0 +1,36 @@ +## Version 2024/08/04 +# make sure that your ddns-updater container is named ddns-updater +# make sure that ddns-updater is set to work with the base url /ddns-updater/ + +location ^~ /ddns-updater { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ddns-updater; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ^~ /ddns-updater/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ddns-updater; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/deluge.subdomain.conf.sample b/deluge.subdomain.conf.sample index b07a8cb..422a8aa 100644 --- a/deluge.subdomain.conf.sample +++ b/deluge.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your deluge container is named deluge # make sure that your dns has a cname set for deluge server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name deluge.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app deluge; diff --git a/dillinger.subdomain.conf.sample b/dillinger.subdomain.conf.sample index b3b9d13..1ca4e2b 100644 --- a/dillinger.subdomain.conf.sample +++ b/dillinger.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your dillinger container is named dillinger # make sure that your dns has a cname set for dillinger server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name dillinger.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app dillinger; diff --git a/discount-bandit.subdomain.conf.sample b/discount-bandit.subdomain.conf.sample new file mode 100644 index 0000000..20f5897 --- /dev/null +++ b/discount-bandit.subdomain.conf.sample @@ -0,0 +1,53 @@ +## Version 2025/07/18 +# make sure that your discount-bandit container is named discount-bandit +# make sure that your dns has a cname set for discount-bandit + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name discount-bandit.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app discount-bandit; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/dnsdist.subdomain.conf.sample b/dnsdist.subdomain.conf.sample new file mode 100644 index 0000000..9ecc4f1 --- /dev/null +++ b/dnsdist.subdomain.conf.sample @@ -0,0 +1,24 @@ +## Version 2025/07/18 +# make sure that your container is named dnsdist +# make sure that your dns has a cname set for dnsdist + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name dnsdist.*; + + location /dns-query { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app dnsdist; + set $upstream_port 443; + set $upstream_proto grpc; + grpc_pass grpcs://$upstream_app:$upstream_port; + + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + } +} diff --git a/dockge.subdomain.conf.sample b/dockge.subdomain.conf.sample new file mode 100644 index 0000000..5c49136 --- /dev/null +++ b/dockge.subdomain.conf.sample @@ -0,0 +1,54 @@ +## Version 2025/07/18 +# make sure that your dockge container is named dockge +# make sure that your dns has a cname set for dockge + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name dockge.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app dockge; + set $upstream_port 5001; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/dockge.subfolder.conf.sample b/dockge.subfolder.conf.sample new file mode 100644 index 0000000..5dbb617 --- /dev/null +++ b/dockge.subfolder.conf.sample @@ -0,0 +1,31 @@ +## Version 2023/02/05 +# make sure that your dockge container is named dockge +# make sure that dockge is set to work with the base url /dockge/ + + +location /dockge { + return 301 $scheme://$host/dockge/; +} + +location ^~ /dockge/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app dockge; + set $upstream_port 5001; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/documentserver.subdomain.conf.sample b/documentserver.subdomain.conf.sample index 1e0695c..81885ca 100644 --- a/documentserver.subdomain.conf.sample +++ b/documentserver.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your onlyoffice documentserver container is named documentserver # make sure that your dns has a cname set for documentserver server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name documentserver.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app documentserver; diff --git a/dokuwiki.subdomain.conf.sample b/dokuwiki.subdomain.conf.sample index 693071e..1764d08 100644 --- a/dokuwiki.subdomain.conf.sample +++ b/dokuwiki.subdomain.conf.sample @@ -1,11 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your dokuwiki container is named dokuwiki # make sure that your dns has a cname set for dokuwiki # complete the setup by appending install.php to URL server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name dokuwiki.*; @@ -22,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -36,6 +41,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app dokuwiki; diff --git a/domoticz.subdomain.conf.sample b/domoticz.subdomain.conf.sample index 6031125..9a64e97 100644 --- a/domoticz.subdomain.conf.sample +++ b/domoticz.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your domoticz container is named domoticz # make sure that your dns has a cname set for domoticz server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name domoticz.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app domoticz; diff --git a/dozzle.subdomain.conf.sample b/dozzle.subdomain.conf.sample index 7a81d37..a64638f 100644 --- a/dozzle.subdomain.conf.sample +++ b/dozzle.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your dozzle container is named dozzle # make sure that your dns has a cname set for dozzle server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name dozzle.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app dozzle; diff --git a/drone.subdomain.conf.sample b/drone.subdomain.conf.sample index 7edb180..b1c0819 100644 --- a/drone.subdomain.conf.sample +++ b/drone.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your drone container is named drone # make sure that your dns has a cname set for drone server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name drone.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app drone; diff --git a/dsmrreader.subdomain.conf.sample b/dsmrreader.subdomain.conf.sample index 46559ab..8744738 100644 --- a/dsmrreader.subdomain.conf.sample +++ b/dsmrreader.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your dsmr container is named dsmr # make sure that your dns has a cname set for dsmr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name dsmr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app dsmr; diff --git a/duplicacy.subdomain.conf.sample b/duplicacy.subdomain.conf.sample index bff8005..2d040b7 100644 --- a/duplicacy.subdomain.conf.sample +++ b/duplicacy.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your duplicacy container is named duplicacy # make sure that your dns has a cname set for duplicacy server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name duplicacy.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app duplicacy; diff --git a/duplicati.subdomain.conf.sample b/duplicati.subdomain.conf.sample index 2198f33..94a7ded 100644 --- a/duplicati.subdomain.conf.sample +++ b/duplicati.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your duplicati container is named duplicati # make sure that your dns has a cname set for duplicati server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name duplicati.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app duplicati; diff --git a/emby.subdomain.conf.sample b/emby.subdomain.conf.sample index 773fe05..04aab92 100644 --- a/emby.subdomain.conf.sample +++ b/emby.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your emby container is named emby # make sure that your dns has a cname set for emby # if emby is running in bridge mode and the container is named "emby", the below config should work as is @@ -9,7 +9,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name emby.*; diff --git a/embystat.subdomain.conf.sample b/embystat.subdomain.conf.sample index e256954..26e58d7 100644 --- a/embystat.subdomain.conf.sample +++ b/embystat.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your embystat container is named embystat # make sure that your dns has a cname set for embystat server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name embystat.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app embystat; diff --git a/emulatorjs.subdomain.conf.sample b/emulatorjs.subdomain.conf.sample index fc806ac..4a1da24 100644 --- a/emulatorjs.subdomain.conf.sample +++ b/emulatorjs.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your emulatorjs container is named emulatorjs # make sure that your dns has a cname set for emulatorjs # In emulatorjs docker arguments, set an env variable for SUBFOLDER=/backend/ @@ -7,7 +7,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name emulatorjs.*; @@ -24,6 +26,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -38,6 +43,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app emulatorjs; @@ -64,6 +72,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app emulatorjs; diff --git a/esphome.subdomain.conf.sample b/esphome.subdomain.conf.sample index 688eba8..66169a2 100644 --- a/esphome.subdomain.conf.sample +++ b/esphome.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your esphome container is named esphome # make sure that your dns has a cname set for esphome server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name esphome.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app esphome; diff --git a/fenrus.subdomain.conf.sample b/fenrus.subdomain.conf.sample index 6e53d74..53c4b75 100644 --- a/fenrus.subdomain.conf.sample +++ b/fenrus.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your fenrus container is named fenrus # make sure that your dns has a cname set for fenrus server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name fenrus.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app fenrus; diff --git a/filebot.subdomain.conf.sample b/filebot.subdomain.conf.sample index 2fe39fc..59963ee 100644 --- a/filebot.subdomain.conf.sample +++ b/filebot.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your filebot container is named filebot # make sure that your dns has a cname set for filebot server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name filebot.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app filebot; diff --git a/filebrowser.subdomain.conf.sample b/filebrowser.subdomain.conf.sample index 87eca86..dcbc4ff 100644 --- a/filebrowser.subdomain.conf.sample +++ b/filebrowser.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your filebrowser container is named filebrowser # make sure that your dns has a cname set for filebrowser server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name filebrowser.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app filebrowser; diff --git a/firefly.subdomain.conf.sample b/firefly.subdomain.conf.sample index 06719e5..70dc162 100644 --- a/firefly.subdomain.conf.sample +++ b/firefly.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your firefly container is named firefly # make sure that your dns has a cname set for firefly server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name firefly.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app firefly; diff --git a/firefox.subdomain.conf.sample b/firefox.subdomain.conf.sample index cce671c..a7347b4 100644 --- a/firefox.subdomain.conf.sample +++ b/firefox.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your firefox container is named firefox # make sure that your dns has a cname set for firefox server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name firefox.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app firefox; diff --git a/flaresolverr.subdomain.conf.sample b/flaresolverr.subdomain.conf.sample index 956064b..ee9c825 100644 --- a/flaresolverr.subdomain.conf.sample +++ b/flaresolverr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your flaresolverr container is named flaresolverr # make sure that your dns has a cname set for flaresolverr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name flaresolverr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app flaresolverr; diff --git a/flexget.subdomain.conf.sample b/flexget.subdomain.conf.sample index f57f3c4..45dacc0 100644 --- a/flexget.subdomain.conf.sample +++ b/flexget.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your flexget container is named flexget # make sure that your dns has a cname set for flexget server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name flexget.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app flexget; diff --git a/flood.subdomain.conf.sample b/flood.subdomain.conf.sample index 9de2d06..633bdd2 100644 --- a/flood.subdomain.conf.sample +++ b/flood.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your flood container is named flood # make sure that your dns has a cname set for flood server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name flood.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app flood; diff --git a/foldingathome.subdomain.conf.sample b/foldingathome.subdomain.conf.sample index 5827591..39eb643 100644 --- a/foldingathome.subdomain.conf.sample +++ b/foldingathome.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your foldingathome container is named foldingathome # make sure that your dns has a cname set for foldingathome server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name foldingathome.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; proxy_buffering off; include /config/nginx/resolver.conf; diff --git a/forgejo.subdomain.conf.sample b/forgejo.subdomain.conf.sample index 1eebde7..e401211 100644 --- a/forgejo.subdomain.conf.sample +++ b/forgejo.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your forgejo container is named forgejo # make sure that your dns has a cname set for forgejo # edit the following parameters in /data/forgejo/conf/app.ini or set as ENV vars in your container @@ -9,7 +9,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name forgejo.*; @@ -26,6 +28,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -40,6 +45,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app forgejo; diff --git a/foundryvtt.subdomain.conf.sample b/foundryvtt.subdomain.conf.sample index daea7f9..4df44a7 100644 --- a/foundryvtt.subdomain.conf.sample +++ b/foundryvtt.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your foundryvtt container is named foundryvtt # make sure that your dns has a cname set for foundryvtt # Ensure that your Foundry VTT's {userData}/Config/options.json file is configured as follows: @@ -13,7 +13,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name foundryvtt.*; @@ -30,6 +32,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -44,6 +49,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app foundryvtt; diff --git a/freshrss.subdomain.conf.sample b/freshrss.subdomain.conf.sample index 85ee48d..11a7090 100644 --- a/freshrss.subdomain.conf.sample +++ b/freshrss.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your freshrss container is named freshrss # make sure that your dns has a cname set for freshrss server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name freshrss.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app freshrss; diff --git a/frigate.subdomain.conf.sample b/frigate.subdomain.conf.sample index beaf31e..955622d 100644 --- a/frigate.subdomain.conf.sample +++ b/frigate.subdomain.conf.sample @@ -1,10 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your frigate container is named frigate # make sure that your dns has a cname set for frigate +# if you are on a version older than 0.14.0 set upstream_port to 5000 and upstream_proto to http server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name frigate.*; @@ -21,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,11 +41,14 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app frigate; - set $upstream_port 5000; - set $upstream_proto http; + set $upstream_port 8971; + set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } diff --git a/gaps.subdomain.conf.sample b/gaps.subdomain.conf.sample index 8436a20..3e05ffa 100644 --- a/gaps.subdomain.conf.sample +++ b/gaps.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your gaps container is named gaps # make sure that your dns has a cname set for gaps server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name gaps.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app gaps; diff --git a/gatus.subdomain.conf.sample b/gatus.subdomain.conf.sample index f6e4311..457a040 100644 --- a/gatus.subdomain.conf.sample +++ b/gatus.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your gatus container is named gatus # make sure that your dns has a cname set for gatus server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name gatus.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app gatus; diff --git a/get_iplayer.subdomain.conf.sample b/get_iplayer.subdomain.conf.sample index 3660bdf..ff6d1ef 100644 --- a/get_iplayer.subdomain.conf.sample +++ b/get_iplayer.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your get_iplayer container is named get_iplayer # make sure that your dns has a cname set for get_iplayer server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name get_iplayer.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app get_iplayer; diff --git a/ghost.subdomain.conf.sample b/ghost.subdomain.conf.sample index 3f74b20..20d718b 100644 --- a/ghost.subdomain.conf.sample +++ b/ghost.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your ghost container is named ghost # make sure that your dns has a cname set for ghost server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name ghost.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app ghost; diff --git a/gitea.subdomain.conf.sample b/gitea.subdomain.conf.sample index 4549b5e..7c1024f 100644 --- a/gitea.subdomain.conf.sample +++ b/gitea.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your gitea container is named gitea # make sure that your dns has a cname set for gitea # edit the following parameters in /data/gitea/conf/app.ini @@ -9,7 +9,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name gitea.*; @@ -26,6 +28,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -40,6 +45,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app gitea; @@ -49,7 +57,7 @@ server { } - location ~ (/gitea)?/info/lfs { + location ~ (/gitea)?/(api|info/lfs) { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app gitea; diff --git a/glances.subdomain.conf.sample b/glances.subdomain.conf.sample index e210f74..a32221f 100644 --- a/glances.subdomain.conf.sample +++ b/glances.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your glances container is named glances # make sure that your dns has a cname set for glances server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name glances.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app glances; diff --git a/gotify.subdomain.conf.sample b/gotify.subdomain.conf.sample index 7906f8a..209f65f 100644 --- a/gotify.subdomain.conf.sample +++ b/gotify.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your gotify container is named gotify # make sure that your dns has a cname set for gotify server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name gotify.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app gotify; diff --git a/grafana.subdomain.conf.sample b/grafana.subdomain.conf.sample index af8a5a2..894497d 100644 --- a/grafana.subdomain.conf.sample +++ b/grafana.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your grafana container is named grafana # make sure that your dns has a cname set for grafana server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name grafana.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app grafana; diff --git a/grampsweb.subdomain.conf.sample b/grampsweb.subdomain.conf.sample index 4be38c0..b125e1a 100644 --- a/grampsweb.subdomain.conf.sample +++ b/grampsweb.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your grampsweb container is named grampsweb # make sure that your dns has a cname set for grampsweb server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name grampsweb.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app grampsweb; diff --git a/grav.subdomain.conf.sample b/grav.subdomain.conf.sample index bd64b4a..c59b760 100644 --- a/grav.subdomain.conf.sample +++ b/grav.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your grav container is named grav # make sure that your dns has a cname set for grav server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name grav.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app grav; diff --git a/graylog.subdomain.conf.sample b/graylog.subdomain.conf.sample index 8999525..5f77013 100644 --- a/graylog.subdomain.conf.sample +++ b/graylog.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your graylog container is named graylog # make sure that your dns has a cname set for graylog # Ensure the upstream_port matches your GRAYLOG_HTTP_BIND_ADDRESS port @@ -6,7 +6,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name graylog.*; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app graylog; diff --git a/grocy.subdomain.conf.sample b/grocy.subdomain.conf.sample index 9e745a8..8bb6001 100644 --- a/grocy.subdomain.conf.sample +++ b/grocy.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your grocy container is named grocy # make sure that your dns has a cname set for grocy server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name grocy.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app grocy; diff --git a/guacamole.subdomain.conf.sample b/guacamole.subdomain.conf.sample index e810f65..d237b28 100644 --- a/guacamole.subdomain.conf.sample +++ b/guacamole.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your guacamole container is named guacamole # make sure that your dns has a cname set for guacamole server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name guacamole.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app guacamole; diff --git a/hass-configurator.subdomain.conf.sample b/hass-configurator.subdomain.conf.sample index 29bf694..a3fe8ac 100644 --- a/hass-configurator.subdomain.conf.sample +++ b/hass-configurator.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your hass container is named hass # make sure that your dns has a cname set for hass # this proxy configuration file is for the hass-configurator-docker container that is used @@ -6,7 +6,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name hass-configurator.*; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app hass-configurator; diff --git a/headphones.subdomain.conf.sample b/headphones.subdomain.conf.sample index 83aeaea..15d64ca 100644 --- a/headphones.subdomain.conf.sample +++ b/headphones.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your headphones container is named headphones # make sure that your dns has a cname set for headphones server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name headphones.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app headphones; diff --git a/healthchecks.subdomain.conf.sample b/healthchecks.subdomain.conf.sample index e124d66..c8aa6ba 100644 --- a/healthchecks.subdomain.conf.sample +++ b/healthchecks.subdomain.conf.sample @@ -1,11 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your healthchecks container is named healthchecks # make sure that your dns has a cname set for healthchecks # make sure your Healthchecks ALLOWED_HOSTS and SITE_ROOT align with the server_name used in this conf. server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name healthchecks.*; @@ -22,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -36,6 +41,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app healthchecks; diff --git a/hedgedoc.subdomain.conf.sample b/hedgedoc.subdomain.conf.sample index 4d39236..4e89680 100644 --- a/hedgedoc.subdomain.conf.sample +++ b/hedgedoc.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure you set the following environment variables in your docker arguments # CMD_DOMAIN=hedgedoc.server.com # CMD_URL_ADDPORT=false @@ -6,7 +6,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name hedgedoc.*; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app hedgedoc; diff --git a/heimdall.subdomain.conf.sample b/heimdall.subdomain.conf.sample index 5636ba5..3543e79 100644 --- a/heimdall.subdomain.conf.sample +++ b/heimdall.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your heimdall container is named heimdall # make sure that your dns has a cname set for heimdall server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name heimdall.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app heimdall; diff --git a/hoarder.subdomain.conf.sample b/hoarder.subdomain.conf.sample new file mode 100644 index 0000000..160a6a6 --- /dev/null +++ b/hoarder.subdomain.conf.sample @@ -0,0 +1,64 @@ +## Version 2025/07/18 +# make sure that your hoarder container is named hoarder +# make sure that your dns has a cname set for hoarder + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name hoarder.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app hoarder; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/hoarder)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app hoarder; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/homarr.subdomain.conf.sample b/homarr.subdomain.conf.sample index 2ef3a8a..66b1cf0 100644 --- a/homarr.subdomain.conf.sample +++ b/homarr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your homarr container is named homarr # make sure that your dns has a cname set for homarr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name homarr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app homarr; diff --git a/homeassistant.subdomain.conf.sample b/homeassistant.subdomain.conf.sample index b1483b9..b7e5a2b 100644 --- a/homeassistant.subdomain.conf.sample +++ b/homeassistant.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your homeassistant container is named homeassistant # make sure that your dns has a cname set for homeassistant @@ -13,7 +13,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name homeassistant.*; @@ -30,6 +32,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -44,6 +49,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app homeassistant; diff --git a/homebox.subdomain.conf.sample b/homebox.subdomain.conf.sample index d4137d5..3ed9df2 100644 --- a/homebox.subdomain.conf.sample +++ b/homebox.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your homebox container is named homebox # make sure that your dns has a cname set for homebox server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name homebox.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app homebox; diff --git a/homebridge.subdomain.conf.sample b/homebridge.subdomain.conf.sample index 8cceeb3..07faba9 100644 --- a/homebridge.subdomain.conf.sample +++ b/homebridge.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your homebridge container is named homebridge # make sure that your dns has a cname set for homebridge server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name homebridge.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app homebridge; # change to host IP if using host networking mode diff --git a/homepage.subdomain.conf.sample b/homepage.subdomain.conf.sample index 6e9238b..a7ee602 100644 --- a/homepage.subdomain.conf.sample +++ b/homepage.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your homepage container is named homepage # make sure that your dns has a cname set for homepage server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name homepage.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app homepage; diff --git a/homer.subdomain.conf.sample b/homer.subdomain.conf.sample index 2a72193..e8e7d66 100644 --- a/homer.subdomain.conf.sample +++ b/homer.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your homer container is named homer # make sure that your dns has a cname set for homer server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name homer.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app homer; diff --git a/huginn.subdomain.conf.sample b/huginn.subdomain.conf.sample index 8d93257..935bb97 100644 --- a/huginn.subdomain.conf.sample +++ b/huginn.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your huginn container is named huginn # make sure that your dns has a cname set for huginn server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name huginn.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app huginn; diff --git a/immich.subdomain.conf.sample b/immich.subdomain.conf.sample index f4ad590..2930940 100644 --- a/immich.subdomain.conf.sample +++ b/immich.subdomain.conf.sample @@ -1,11 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your immich container is named immich # make sure that your dns has a cname set for immich -# immich v1.88+ only +# immich v1.118+ only. For earlier versions, change $upstream_port to 3001 server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name immich.*; @@ -22,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -36,10 +41,13 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app immich; - set $upstream_port 3001; + set $upstream_port 2283; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; @@ -49,7 +57,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app immich; - set $upstream_port 3001; + set $upstream_port 2283; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; diff --git a/immich_server.subdomain.conf.sample b/immich_server.subdomain.conf.sample new file mode 100644 index 0000000..34bc4a9 --- /dev/null +++ b/immich_server.subdomain.conf.sample @@ -0,0 +1,65 @@ +## Version 2025/07/18 +# make sure that your immich container is named immich_server +# make sure that your dns has a cname set for immich +# immich v1.118+ only. For earlier versions, change $upstream_port to 3001 + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name immich.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app immich_server; + set $upstream_port 2283; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/immich)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app immich_server; + set $upstream_port 2283; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/influxdb.subdomain.conf.sample b/influxdb.subdomain.conf.sample index 8b93481..f289e76 100644 --- a/influxdb.subdomain.conf.sample +++ b/influxdb.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your influxdb container is named influxdb # make sure that your dns has a cname set for influxdb server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name influxdb.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app influxdb; diff --git a/iplayarr.subdomain.conf.sample b/iplayarr.subdomain.conf.sample new file mode 100644 index 0000000..65dd217 --- /dev/null +++ b/iplayarr.subdomain.conf.sample @@ -0,0 +1,54 @@ +## Version 2025/07/18 +# make sure that your iplayarr container is named iplayarr +# make sure that your dns has a cname set for iplayarr + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name iplayarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app iplayarr; + set $upstream_port 4404; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/it-tools.subdomain.conf.sample b/it-tools.subdomain.conf.sample index b9d4289..ffaa1bc 100644 --- a/it-tools.subdomain.conf.sample +++ b/it-tools.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your it-tools container is named it-tools # make sure that your dns has a cname set for it-tools server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name it-tools.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app it-tools; diff --git a/jackett.subdomain.conf.sample b/jackett.subdomain.conf.sample index 9903101..c761222 100644 --- a/jackett.subdomain.conf.sample +++ b/jackett.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your jackett container is named jackett # make sure that your dns has a cname set for jackett server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name jackett.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app jackett; diff --git a/jdownloader.subdomain.conf.sample b/jdownloader.subdomain.conf.sample index fa43221..72cd4e0 100644 --- a/jdownloader.subdomain.conf.sample +++ b/jdownloader.subdomain.conf.sample @@ -4,7 +4,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name jdownloader.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app jdownloader; diff --git a/jellyfin.subdomain.conf.sample b/jellyfin.subdomain.conf.sample index 479ca30..4f667c3 100644 --- a/jellyfin.subdomain.conf.sample +++ b/jellyfin.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your jellyfin container is named jellyfin # make sure that your dns has a cname set for jellyfin # if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is @@ -8,7 +8,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name jellyfin.*; @@ -22,6 +24,9 @@ server { set $upstream_app jellyfin; set $upstream_port 8096; set $upstream_proto http; + if ($http_user_agent ~ Web0S) { + add_header Access-Control-Allow-Origin "luna://com.webos.service.config" always; + } proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Range $http_range; @@ -34,7 +39,28 @@ server { set $upstream_app jellyfin; set $upstream_port 8096; set $upstream_proto http; + if ($http_user_agent ~ Web0S) { + add_header Access-Control-Allow-Origin "luna://com.webos.service.config" always; + } proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + + # Restrict access to /metrics + # https://jellyfin.org/docs/general/networking/monitoring/#prometheus-metrics + location /metrics { + allow 192.168.0.0/16; + allow 10.0.0.0/8; + allow 172.16.0.0/12; + allow 127.0.0.0/8; + + deny all; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app jellyfin; + set $upstream_port 8096; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } } diff --git a/jellyfin.subfolder.conf.sample b/jellyfin.subfolder.conf.sample index 3d55e1a..0e5e01d 100644 --- a/jellyfin.subfolder.conf.sample +++ b/jellyfin.subfolder.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/05 +## Version 2025/05/18 # make sure that your jellyfin container is named jellyfin # if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is # if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app ;" @@ -15,6 +15,9 @@ location ^~ /jellyfin/ { set $upstream_app jellyfin; set $upstream_port 8096; set $upstream_proto http; + if ($http_user_agent ~ Web0S) { + add_header Access-Control-Allow-Origin "luna://com.webos.service.config" always; + } proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Range $http_range; diff --git a/jellyseerr.subdomain.conf.sample b/jellyseerr.subdomain.conf.sample index dc3947c..ad0e9fa 100644 --- a/jellyseerr.subdomain.conf.sample +++ b/jellyseerr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your jellyseerr container is named jellyseerr # make sure that your dns has a cname set for jellyseerr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name jellyseerr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app jellyseerr; diff --git a/jfa-go.subdomain.conf.sample b/jfa-go.subdomain.conf.sample index 99105f0..f02cb06 100644 --- a/jfa-go.subdomain.conf.sample +++ b/jfa-go.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your jfa-go container is named jfa-go # make sure that your dns has a cname set for jfa-go server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name jfa-go.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app jfa-go; diff --git a/joplin.subdomain.conf.sample b/joplin.subdomain.conf.sample index 1334c4d..7269cb0 100644 --- a/joplin.subdomain.conf.sample +++ b/joplin.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/06/04 +## Version 2025/07/18 # make sure that your joplin container is named joplin # make sure that your dns has a cname set for joplin server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name joplin.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app joplin; diff --git a/kanzi.subdomain.conf.sample b/kanzi.subdomain.conf.sample index 81ed6d1..41a3a9b 100644 --- a/kanzi.subdomain.conf.sample +++ b/kanzi.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your kanzi container is named kanzi # make sure that your dns has a cname set for kanzi server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name kanzi.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app kanzi; diff --git a/kasm.subdomain.conf.sample b/kasm.subdomain.conf.sample index 1568f0a..58dc673 100644 --- a/kasm.subdomain.conf.sample +++ b/kasm.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your kasm container is named kasm # make sure that your dns has a cname set for kasm and kasm-wizard @@ -8,7 +8,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name kasm.*; @@ -25,6 +27,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -39,6 +44,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app kasm; @@ -55,7 +63,9 @@ server { server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name kasm-wizard.*; @@ -72,6 +82,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -86,6 +99,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app kasm; diff --git a/kavita.subdomain.conf.sample b/kavita.subdomain.conf.sample index 5372c68..c401eb6 100644 --- a/kavita.subdomain.conf.sample +++ b/kavita.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your kavita container is named kavita # make sure that your dns has a cname set for kavita server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name kavita.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app kavita; diff --git a/kimai.subdomain.conf.sample b/kimai.subdomain.conf.sample index 9f7cb5f..9d40050 100644 --- a/kimai.subdomain.conf.sample +++ b/kimai.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your kimai container is named kimai # make sure that your dns has a cname set for kimai server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name kimai.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app kimai; diff --git a/komga.subdomain.conf.sample b/komga.subdomain.conf.sample index c961f02..0fee672 100644 --- a/komga.subdomain.conf.sample +++ b/komga.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your komga container is named komga # make sure that your dns has a cname set for komga server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name komga.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app komga; diff --git a/kopia.subdomain.conf.sample b/kopia.subdomain.conf.sample new file mode 100644 index 0000000..e400af7 --- /dev/null +++ b/kopia.subdomain.conf.sample @@ -0,0 +1,54 @@ +## Version 2025/07/18 +# make sure that your kopia container is named kopia +# make sure that your dns has a cname set for kopia + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name kopia.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app kopia; + set $upstream_port 51515; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/lazylibrarian.subdomain.conf.sample b/lazylibrarian.subdomain.conf.sample index ca3a5c3..762da03 100644 --- a/lazylibrarian.subdomain.conf.sample +++ b/lazylibrarian.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your lazylibrarian container is named lazylibrarian # make sure that your dns has a cname set for lazylibrarian server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name lazylibrarian.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app lazylibrarian; diff --git a/leantime.subdomain.conf.sample b/leantime.subdomain.conf.sample index b7b4740..aa29afd 100644 --- a/leantime.subdomain.conf.sample +++ b/leantime.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your leantime container is named leantime # make sure that your dns has a cname set for leantime server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name leantime.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app leantime; diff --git a/libreddit.subdomain.conf.sample b/libreddit.subdomain.conf.sample index b3882d5..73b52c3 100644 --- a/libreddit.subdomain.conf.sample +++ b/libreddit.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your libreddit container is named libreddit # make sure that your dns has a cname set for libreddit server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name libreddit.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app libreddit; diff --git a/librespeed.subdomain.conf.sample b/librespeed.subdomain.conf.sample index 2b943fe..3b2732e 100644 --- a/librespeed.subdomain.conf.sample +++ b/librespeed.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your librespeed container is named librespeed # make sure that your dns has a cname set for librespeed server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name librespeed.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app librespeed; diff --git a/lidarr.subdomain.conf.sample b/lidarr.subdomain.conf.sample index b87734b..2b3f98f 100644 --- a/lidarr.subdomain.conf.sample +++ b/lidarr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your lidarr container is named lidarr # make sure that your dns has a cname set for lidarr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name lidarr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app lidarr; diff --git a/linkace.subdomain.conf.sample b/linkace.subdomain.conf.sample index fc8d1f7..7471854 100644 --- a/linkace.subdomain.conf.sample +++ b/linkace.subdomain.conf.sample @@ -1,11 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your linkace container is named linkace # make sure that your dns has a cname set for linkace # use linkace:simple package with included proxy server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name linkace.*; @@ -22,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -36,6 +41,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app linkace; diff --git a/linkstack.subdomain.conf.sample b/linkstack.subdomain.conf.sample index 3f66f7f..8f26100 100644 --- a/linkstack.subdomain.conf.sample +++ b/linkstack.subdomain.conf.sample @@ -1,9 +1,11 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your dns has a cname set for linkstack and that your linkstack container is not using a base url server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name linkstack.*; @@ -20,6 +22,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -34,6 +39,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app linkstack; diff --git a/linkwarden.subdomain.conf.sample b/linkwarden.subdomain.conf.sample new file mode 100644 index 0000000..da1f34a --- /dev/null +++ b/linkwarden.subdomain.conf.sample @@ -0,0 +1,64 @@ +## Version 2025/07/18 +# make sure that your linkwarden container is named linkwarden +# make sure that your dns has a cname set for linkwarden + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name linkwarden.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app linkwarden; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/linkwarden)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app linkwarden; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/linkwarden.subfolder.conf.sample b/linkwarden.subfolder.conf.sample new file mode 100644 index 0000000..166b80a --- /dev/null +++ b/linkwarden.subfolder.conf.sample @@ -0,0 +1,41 @@ +## Version 2023/02/05 +# make sure that your linkwarden container is named linkwarden +# make sure that linkwarden is set to work with the base url /linkwarden/ + + +location /linkwarden { + return 301 $scheme://$host/linkwarden/; +} + +location ^~ /linkwarden/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app linkwarden; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ~ (/linkwarden)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app linkwarden; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/lldap.subdomain.conf.sample b/lldap.subdomain.conf.sample index 37acd1b..384254b 100644 --- a/lldap.subdomain.conf.sample +++ b/lldap.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your lldap container is named lldap # make sure that your dns has a cname set for lldap server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name lldap.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app lldap; diff --git a/lubelogger.subdomain.conf.sample b/lubelogger.subdomain.conf.sample new file mode 100644 index 0000000..29f8c3d --- /dev/null +++ b/lubelogger.subdomain.conf.sample @@ -0,0 +1,54 @@ +## Version 2025/07/18 +# make sure that your lubelogger container is named lubelogger +# make sure that your dns has a cname set for lubelogger + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name lubelogger.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app lubelogger; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/lychee.subdomain.conf.sample b/lychee.subdomain.conf.sample index 5cebf11..34c6fdf 100644 --- a/lychee.subdomain.conf.sample +++ b/lychee.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your lychee container is named lychee # make sure that your dns has a cname set for lychee server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name lychee.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app lychee; diff --git a/mailcow.subdomain.conf.sample b/mailcow.subdomain.conf.sample new file mode 100644 index 0000000..bb9ba49 --- /dev/null +++ b/mailcow.subdomain.conf.sample @@ -0,0 +1,76 @@ +## Version 2025/07/18 +# make sure that your mailcow container is named mailcow +# make sure that you are aqquainted with the mailcow documentation (https://docs.mailcow.email/) +# make sure you have read the most important entries in the "Get Started" section, "Post Installation Tasks -> Reverse Proxy -> Overview" and "Post Installation Tasks -> Reverse Proxy -> Nginx" sections +# make sure that your dns is configured as per your domain requirements and the mailcow documentation +# make sure to set up a mechanism to copy your SSL certificate after each renewal to /data/assets/ssl/ directory for mailcow to use (see mailcow documentation in "Post Installation Tasks -> Reverse Proxy -> Overview") + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + # modify these to match your domain/mailcow configuration + server_name mailcow.* autoconfig.* autodiscover.*; + + include /config/nginx/ssl.conf; + include /config/nginx/proxy.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/resolver.conf; + set $upstream_app mailcow; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_buffer_size 128k; + proxy_buffers 64 512k; + proxy_busy_buffers_size 512k; + } + + location /Microsoft-Server-ActiveSync { + include /config/nginx/resolver.conf; + set $upstream_app mailcow; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_connect_timeout 75; + proxy_send_timeout 3650; + proxy_read_timeout 3650; + proxy_buffers 64 512k; + + client_body_buffer_size 512k; + } +} diff --git a/mailu.subdomain.conf.sample b/mailu.subdomain.conf.sample index a15e1b7..4743bbe 100644 --- a/mailu.subdomain.conf.sample +++ b/mailu.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your mailu container is named front # make sure that your dns has a cname set for mailu server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name mailu.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app front; diff --git a/maintainerr.subdomain.conf.sample b/maintainerr.subdomain.conf.sample index b596d18..c39de39 100644 --- a/maintainerr.subdomain.conf.sample +++ b/maintainerr.subdomain.conf.sample @@ -1,10 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your maintainerr container is named maintainerr # make sure that your dns has a cname set for maintainerr +# maintainerr v2.0.0+ only. for prior versions, set upstream_port to 80 server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name maintainerr.*; @@ -21,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,10 +41,13 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app maintainerr; - set $upstream_port 80; + set $upstream_port 6246; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; diff --git a/mastodon.subdomain.conf.sample b/mastodon.subdomain.conf.sample index 5414d76..9a4113f 100644 --- a/mastodon.subdomain.conf.sample +++ b/mastodon.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your mastodon container is named mastodon # make sure that your dns has a cname set for mastodon # make sure you set `WEB_DOMAIN=mastodon.example.com` env var for the mastodon container @@ -8,7 +8,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name mastodon.*; @@ -25,6 +27,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -39,6 +44,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app mastodon; diff --git a/matomo.subdomain.conf.sample b/matomo.subdomain.conf.sample index ddf83d6..a46e9b9 100644 --- a/matomo.subdomain.conf.sample +++ b/matomo.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your matomo container is named matomo # make sure that your dns has a cname set for matomo server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name matomo.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app matomo; diff --git a/mattermost.subdomain.conf.sample b/mattermost.subdomain.conf.sample index fdd9a9f..b73a4cc 100644 --- a/mattermost.subdomain.conf.sample +++ b/mattermost.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # Make sure that your DNS has a CNAME record for "mattermost" and your Mattermost container is using the same subdomain # To learn how to deploy Mattermost via Docker, visit https://docs.mattermost.com/install/install-docker.html server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name mattermost.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app mattermost; diff --git a/mealie.subdomain.conf.sample b/mealie.subdomain.conf.sample index 0192241..2a4a04e 100644 --- a/mealie.subdomain.conf.sample +++ b/mealie.subdomain.conf.sample @@ -1,9 +1,11 @@ -## Version 2024/07/16 +## Version 2025/07/18 # Ensure your DNS has a CNAME set for mealie and that mealie container is named. server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name mealie.*; @@ -20,6 +22,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -34,6 +39,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app mealie; diff --git a/medusa.subdomain.conf.sample b/medusa.subdomain.conf.sample index 6e191c9..5106a4c 100644 --- a/medusa.subdomain.conf.sample +++ b/medusa.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your medusa container is named medusa # make sure that your dns has a cname set for medusa server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name medusa.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app medusa; diff --git a/metabase.subdomain.conf.sample b/metabase.subdomain.conf.sample new file mode 100644 index 0000000..445bc70 --- /dev/null +++ b/metabase.subdomain.conf.sample @@ -0,0 +1,62 @@ +## Version 2025/07/18 +# make sure that your metabase container is named metabase +# make sure that your dns has a cname set for metabase + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name metabase.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app metabase; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } + + location ~ ^/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app metabase; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/metube.subdomain.conf.sample b/metube.subdomain.conf.sample index 4ee638b..c07e263 100644 --- a/metube.subdomain.conf.sample +++ b/metube.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your metube container is named metube # make sure that your dns has a cname set for metube server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name metube.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app metube; diff --git a/miniflux.subdomain.conf.sample b/miniflux.subdomain.conf.sample index 240061c..e83ab5b 100644 --- a/miniflux.subdomain.conf.sample +++ b/miniflux.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your miniflux container is named miniflux # make sure that your dns has a cname set for miniflux server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name miniflux.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app miniflux; diff --git a/monica.subdomain.conf.sample b/monica.subdomain.conf.sample index c90e055..6744a49 100644 --- a/monica.subdomain.conf.sample +++ b/monica.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your monica container is named monica. # make sure that your dns has a cname set for monica. # monica container should have the env var APP_ENV=production set. @@ -7,7 +7,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name monica.*; @@ -24,6 +26,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -38,6 +43,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app monica; diff --git a/monitorr.subdomain.conf.sample b/monitorr.subdomain.conf.sample index 5515ab3..d7658c3 100644 --- a/monitorr.subdomain.conf.sample +++ b/monitorr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your monitorr container is named monitorr # make sure that your dns has a cname set for monitorr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name monitorr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app monitorr; diff --git a/mstream.subdomain.conf.sample b/mstream.subdomain.conf.sample index 3dd06bd..01a42d2 100644 --- a/mstream.subdomain.conf.sample +++ b/mstream.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your mstream container is named mstream # make sure that your dns has a cname set for mstream server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name mstream.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app mstream; diff --git a/mylar.subdomain.conf.sample b/mylar.subdomain.conf.sample index ea771db..2fbf545 100644 --- a/mylar.subdomain.conf.sample +++ b/mylar.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your mylar container is named mylar # make sure that your dns has a cname set for mylar server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name mylar.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app mylar; diff --git a/n8n.subdomain.conf.sample b/n8n.subdomain.conf.sample index d5af543..093a181 100644 --- a/n8n.subdomain.conf.sample +++ b/n8n.subdomain.conf.sample @@ -1,11 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your n8n container is named n8n # make sure that your dns has a cname set for n8n # add `server.use-forward-headers=true` to `/config/application.properties` to ensure logs contain real source IP server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name n8n.*; @@ -22,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -36,6 +41,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app n8n; diff --git a/navidrome.subdomain.conf.sample b/navidrome.subdomain.conf.sample index 21fa309..9542268 100644 --- a/navidrome.subdomain.conf.sample +++ b/navidrome.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your navidrome container is named navidrome # make sure that your dns has a cname set for navidrome server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name navidrome.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app navidrome; diff --git a/netboot.subdomain.conf.sample b/netboot.subdomain.conf.sample index 2882979..f0aae38 100644 --- a/netboot.subdomain.conf.sample +++ b/netboot.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your netboot container is named netboot # make sure that your dns has a cname set for netboot server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name netboot.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app netboot; diff --git a/netbox.subdomain.conf.sample b/netbox.subdomain.conf.sample index 392a295..2065832 100644 --- a/netbox.subdomain.conf.sample +++ b/netbox.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your container is named netbox # make sure that your dns has a cname set for netbox # make sure your netbox instance is using ALLOWED_HOST=netbox.domain.com (replace with your own domain) @@ -6,7 +6,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name netbox.*; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app netbox; diff --git a/netdata.subdomain.conf.sample b/netdata.subdomain.conf.sample index 0431358..3def484 100644 --- a/netdata.subdomain.conf.sample +++ b/netdata.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your netdata container is named netdata # make sure that your dns has a cname set for netdata server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name netdata.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app netdata; diff --git a/nextcloud.subdomain.conf.sample b/nextcloud.subdomain.conf.sample index 903d725..7d99f85 100644 --- a/nextcloud.subdomain.conf.sample +++ b/nextcloud.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your nextcloud container is named nextcloud # make sure that your dns has a cname set for nextcloud # assuming this container is called "swag", edit your nextcloud container's config @@ -16,7 +16,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name nextcloud.*; diff --git a/nexusoss.subdomain.conf.sample b/nexusoss.subdomain.conf.sample index 1df0ac5..d67f065 100644 --- a/nexusoss.subdomain.conf.sample +++ b/nexusoss.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your nexusoss container is named nexusoss # make sure that your dns has a cname set for nexusoss # make sure that the port for the nexusoss container 8081 (the first location "/") @@ -6,7 +6,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name nexusoss.*; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app nexusoss; @@ -59,6 +67,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app nexusoss; diff --git a/nocodb.subdomain.conf.sample b/nocodb.subdomain.conf.sample index b8d804f..314e6fd 100644 --- a/nocodb.subdomain.conf.sample +++ b/nocodb.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your nocodb container is named nocodb # make sure that your dns has a cname set for nocodb server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name nocodb.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app nocodb; diff --git a/notifiarr.subdomain.conf.sample b/notifiarr.subdomain.conf.sample index 3560f5b..7f90da2 100644 --- a/notifiarr.subdomain.conf.sample +++ b/notifiarr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your notifiarr container is named notifiarr # make sure that your dns has a cname set for notifiarr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name notifiarr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app notifiarr; diff --git a/ntfy.subdomain.conf.sample b/ntfy.subdomain.conf.sample index 5062ee2..7454b6f 100644 --- a/ntfy.subdomain.conf.sample +++ b/ntfy.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your ntfy container is named ntfy # make sure that your dns has a cname set for ntfy server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name ntfy.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app ntfy; diff --git a/nzbget.subdomain.conf.sample b/nzbget.subdomain.conf.sample index dd4c489..02fcc4f 100644 --- a/nzbget.subdomain.conf.sample +++ b/nzbget.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your nzbget container is named nzbget # make sure that your dns has a cname set for nzbget server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name nzbget.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app nzbget; diff --git a/nzbhydra.subdomain.conf.sample b/nzbhydra.subdomain.conf.sample index 1e3fd03..753f92c 100644 --- a/nzbhydra.subdomain.conf.sample +++ b/nzbhydra.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your nzbhydra container is named nzbhydra2 # make sure that your dns has a cname set for nzbhydra server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name nzbhydra.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app nzbhydra2; diff --git a/octoprint.subdomain.conf.sample b/octoprint.subdomain.conf.sample index 1b84429..2d683c1 100644 --- a/octoprint.subdomain.conf.sample +++ b/octoprint.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your octoprint container is named octoprint # make sure that your dns has a cname set for octoprint server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name octoprint.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app octoprint; diff --git a/ombi.subdomain.conf.sample b/ombi.subdomain.conf.sample index 26f5fcf..e166364 100644 --- a/ombi.subdomain.conf.sample +++ b/ombi.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your ombi container is named ombi # make sure that your dns has a cname set for ombi server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name ombi.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app ombi; diff --git a/onetimesecret.subdomain.conf.sample b/onetimesecret.subdomain.conf.sample new file mode 100644 index 0000000..155e1a3 --- /dev/null +++ b/onetimesecret.subdomain.conf.sample @@ -0,0 +1,53 @@ +## Version 2025/07/18 +# make sure that your onetimesecret container is named onetimesecret +# make sure that your dns has a cname set for onetimesecret + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name onetimesecret.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app onetimesecret; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/oogway.subdomain.conf.sample b/oogway.subdomain.conf.sample index 2c02ad6..e7eb141 100644 --- a/oogway.subdomain.conf.sample +++ b/oogway.subdomain.conf.sample @@ -1,11 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your oogway container is named oogway # make sure that your dns has a cname set for oogway server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name oogway.*; @@ -22,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -36,6 +41,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app oogway; diff --git a/open-webui.subdomain.conf.sample b/open-webui.subdomain.conf.sample index ecc31c7..4897f24 100644 --- a/open-webui.subdomain.conf.sample +++ b/open-webui.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your open-webui container is named open-webui # make sure that your dns has a cname set for open-webui server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name open-webui.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app open-webui; diff --git a/openhab.subdomain.conf.sample b/openhab.subdomain.conf.sample index 4c263f1..bb8b11e 100644 --- a/openhab.subdomain.conf.sample +++ b/openhab.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your openhab container is named openhab # make sure that your dns has a cname set for openhab server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name openhab.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app openhab; diff --git a/openvpn-as.subdomain.conf.sample b/openvpn-as.subdomain.conf.sample index 93d9504..ef7d35a 100644 --- a/openvpn-as.subdomain.conf.sample +++ b/openvpn-as.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your openvpn-as container is named openvpn-as # make sure that your dns has a cname set for openvpn-as server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name openvpn-as.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app openvpn-as; @@ -58,6 +66,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app openvpn-as; diff --git a/openvscode-server.subdomain.conf.sample b/openvscode-server.subdomain.conf.sample index d5bfc54..e7c1726 100644 --- a/openvscode-server.subdomain.conf.sample +++ b/openvscode-server.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your openvscode-server container is named openvscode-server # make sure that your dns has a cname set for openvscode-server # This conf allows accessing internal ports at `PORT` (http) or `PORTs` (https) as subdomain @@ -7,7 +7,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name openvscode-server.*; @@ -24,6 +26,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -38,6 +43,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app openvscode-server; @@ -50,7 +58,9 @@ server { server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name "~^(?[0-9]{1,10})\.openvscode-server\..*$"; @@ -67,6 +77,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -81,6 +94,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app openvscode-server; @@ -92,7 +108,9 @@ server { server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name "~^(?[0-9]{1,10})s\.openvscode-server\..*$"; @@ -109,6 +127,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -123,6 +144,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app openvscode-server; diff --git a/organizr.subdomain.conf.sample b/organizr.subdomain.conf.sample index 9a482d3..08509dd 100644 --- a/organizr.subdomain.conf.sample +++ b/organizr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your organizr container is named organizr # make sure that your dns has a cname set for organizr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name organizr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app organizr; diff --git a/osticket.subdomain.conf.sample b/osticket.subdomain.conf.sample index 866834f..a34db31 100644 --- a/osticket.subdomain.conf.sample +++ b/osticket.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your osticket container is named osticket # make sure that your dns has a cname set for osticket server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name osticket.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app osticket; diff --git a/overseerr.subdomain.conf.sample b/overseerr.subdomain.conf.sample index e21643c..13fb834 100644 --- a/overseerr.subdomain.conf.sample +++ b/overseerr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your overseerr container is named overseerr # make sure that your dns has a cname set for overseerr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name overseerr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app overseerr; diff --git a/paperless.subdomain.conf.sample b/paperless.subdomain.conf.sample new file mode 100644 index 0000000..5d9907e --- /dev/null +++ b/paperless.subdomain.conf.sample @@ -0,0 +1,64 @@ +## Version 2025/07/18 +# make sure that your paperless container is named paperless +# make sure that your dns has a cname set for paperless + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name paperless.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app paperless; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/paperless)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app paperless; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/paperless.subfolder.conf.sample b/paperless.subfolder.conf.sample new file mode 100644 index 0000000..f51996d --- /dev/null +++ b/paperless.subfolder.conf.sample @@ -0,0 +1,40 @@ +## Version 2023/02/05 +# make sure that your paperless container is named paperless +# make sure that paperless is set to work with the base url /paperless/ + +location /paperless { + return 301 $scheme://$host/paperless/; +} + +location ^~ /paperless/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app paperless; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ~ (/paperless)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app paperless; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/papermerge.subdomain.conf.sample b/papermerge.subdomain.conf.sample index a1573e7..9f2aed3 100644 --- a/papermerge.subdomain.conf.sample +++ b/papermerge.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your papermerge container is named papermerge # make sure that your dns has a cname set for papermerge server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name papermerge.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app papermerge; diff --git a/partdb.subdomain.conf.sample b/partdb.subdomain.conf.sample index 1c329d2..975a59a 100644 --- a/partdb.subdomain.conf.sample +++ b/partdb.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your partdb container is named partdb # make sure that your dns has a cname set for partdb server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name partdb.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app partdb; diff --git a/petio.subdomain.conf.sample b/petio.subdomain.conf.sample index 3368d9c..5c732b6 100644 --- a/petio.subdomain.conf.sample +++ b/petio.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your petio container is named petio # make sure that your dns has a cname set for petio server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name petio.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app petio; diff --git a/pgadmin.subdomain.conf.sample b/pgadmin.subdomain.conf.sample index c66729f..46b4b98 100644 --- a/pgadmin.subdomain.conf.sample +++ b/pgadmin.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your pgadmin container is named pgadmin # make sure that your dns has a cname set for pgadmin server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name pgadmin.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pgadmin; diff --git a/phoneinfoga.subdomain.conf.sample b/phoneinfoga.subdomain.conf.sample index 224c0c5..31f9bc8 100644 --- a/phoneinfoga.subdomain.conf.sample +++ b/phoneinfoga.subdomain.conf.sample @@ -1,11 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your phoneinfoga container is named phoneinfoga # make sure that your dns has a cname set for phoneinfoga # add command: 'serve' to your docker compose, so the PhoneInfoga web server starts server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name phoneinfoga.*; @@ -22,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -36,6 +41,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app phoneinfoga; diff --git a/photoprism.subdomain.conf.sample b/photoprism.subdomain.conf.sample index 48a445a..657db94 100644 --- a/photoprism.subdomain.conf.sample +++ b/photoprism.subdomain.conf.sample @@ -1,9 +1,11 @@ -## Version 2024/07/16 +## Version 2025/07/18 # Ensure your DNS has a CNAME set for Photoprism and that Photoprism container is named. server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name photoprism.*; @@ -20,6 +22,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -34,6 +39,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app photoprism; diff --git a/phpmyadmin.subdomain.conf.sample b/phpmyadmin.subdomain.conf.sample index 7fa88c0..e92af1e 100644 --- a/phpmyadmin.subdomain.conf.sample +++ b/phpmyadmin.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your phpmyadmin container is named phpmyadmin # make sure that your dns has a cname set for phpmyadmin server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name phpmyadmin.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app phpmyadmin; diff --git a/pihole.subdomain.conf.sample b/pihole.subdomain.conf.sample index d2917c5..342f3c7 100644 --- a/pihole.subdomain.conf.sample +++ b/pihole.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your pihole container is named pihole # make sure that your dns has a cname set for pihole server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name pihole.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pihole; @@ -59,6 +67,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pihole; diff --git a/pingvin-share.subdomain.conf.sample b/pingvin-share.subdomain.conf.sample new file mode 100644 index 0000000..98562fa --- /dev/null +++ b/pingvin-share.subdomain.conf.sample @@ -0,0 +1,64 @@ +## Version 2025/07/18 +# make sure that your pingvin-share container is named pingvin-share +# make sure that your dns has a cname set for pingvin-share + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name pingvin-share.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app pingvin-share; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/pingvin-share)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app pingvin-share; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/pinry.subdomain.conf.sample b/pinry.subdomain.conf.sample index bdc9ebc..6e1aa95 100644 --- a/pinry.subdomain.conf.sample +++ b/pinry.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your pinry container is named pinry # make sure that your dns has a cname set for pinry server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name pinry.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pinry; diff --git a/piwigo.subdomain.conf.sample b/piwigo.subdomain.conf.sample index ceb648d..f1e8205 100644 --- a/piwigo.subdomain.conf.sample +++ b/piwigo.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your piwigo container is named piwigo # make sure that your dns has a cname set for piwigo server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name piwigo.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app piwigo; diff --git a/pixelfed.subdomain.conf.sample b/pixelfed.subdomain.conf.sample index d280b50..8676381 100644 --- a/pixelfed.subdomain.conf.sample +++ b/pixelfed.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your pixelfed container is named pixelfed # make sure that your dns has a cname set for pixelfed server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name pixelfed.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pixelfed; diff --git a/planka.subdomain.conf.sample b/planka.subdomain.conf.sample index a0c4366..0d1e4ed 100644 --- a/planka.subdomain.conf.sample +++ b/planka.subdomain.conf.sample @@ -1,11 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your planka container is named planka # make sure that your dns has a cname set for planka # make sure that the BASE_URL env variable in planka container is set to: BASE_URL="https://planka.example.com" server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name planka.*; @@ -22,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -36,6 +41,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app planka; diff --git a/plex.subdomain.conf.sample b/plex.subdomain.conf.sample index accc5a7..78a94af 100644 --- a/plex.subdomain.conf.sample +++ b/plex.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your plex container is named plex # make sure that your dns has a cname set for plex # if plex is running in bridge mode and the container is named "plex", the below config should work as is @@ -8,7 +8,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name plex.*; @@ -27,6 +29,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -41,6 +46,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app plex; @@ -61,4 +69,12 @@ server { proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; proxy_set_header X-Plex-Model $http_x_plex_model; } + + location /library/streams/ { + set $upstream_app plex; + set $upstream_port 32400; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + proxy_pass_request_headers off; + } } diff --git a/plexwebtools.subdomain.conf.sample b/plexwebtools.subdomain.conf.sample index 96a2963..92904b0 100644 --- a/plexwebtools.subdomain.conf.sample +++ b/plexwebtools.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your plex container is named plex # make sure that your dns has a cname set for plexwebtools server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name plexwebtools.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app plex; diff --git a/podgrab.subdomain.conf.sample b/podgrab.subdomain.conf.sample index 686dc82..9614984 100644 --- a/podgrab.subdomain.conf.sample +++ b/podgrab.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your podgrab container is named podgrab # make sure that your dns has a cname set for podgrab server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name podgrab.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app podgrab; diff --git a/portainer.subdomain.conf.sample b/portainer.subdomain.conf.sample index a51df6e..4119144 100644 --- a/portainer.subdomain.conf.sample +++ b/portainer.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your portainer container is named portainer # make sure that your dns has a cname set for portainer server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name portainer.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app portainer; diff --git a/privatebin.subdomain.conf.sample b/privatebin.subdomain.conf.sample index 8f8d4df..c6c578e 100644 --- a/privatebin.subdomain.conf.sample +++ b/privatebin.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your privatebin container is named privatebin # make sure that your dns has a cname set for privatebin server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name privatebin.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app privatebin; diff --git a/prometheus.subdomain.conf.sample b/prometheus.subdomain.conf.sample index fe5d77b..1b2ab86 100644 --- a/prometheus.subdomain.conf.sample +++ b/prometheus.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your prometheus container is named prometheus # make sure that your dns has a cname set for prometheus server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name prometheus.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app prometheus; diff --git a/prowlarr.subdomain.conf.sample b/prowlarr.subdomain.conf.sample index dc526cc..681d76f 100644 --- a/prowlarr.subdomain.conf.sample +++ b/prowlarr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your prowlarr container is named prowlarr # make sure that your dns has a cname set for prowlarr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name prowlarr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app prowlarr; diff --git a/pterodactyl.subdomain.conf.sample b/pterodactyl.subdomain.conf.sample index 914fa21..4d33bf5 100644 --- a/pterodactyl.subdomain.conf.sample +++ b/pterodactyl.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # this is for your actual panel, not nodes # make sure you set your pterodactyl servers "remote" and "api" addresses to the domains you specify here # ensure you have enabled "ssl encryption" and (if necessary) "behind proxy" in your pterodactyl server @@ -7,7 +7,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name pterodactyl.*; @@ -24,6 +26,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pterodactyl; diff --git a/pterodactylnode.subdomain.conf.sample b/pterodactylnode.subdomain.conf.sample index d47f26b..85bf09b 100644 --- a/pterodactylnode.subdomain.conf.sample +++ b/pterodactylnode.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # this is for nodes, not your actual panel # make sure you set your node to use 443 as its API port # make sure that your pterodactylnode container is named pterodactylnode @@ -6,7 +6,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name pterodactylnode.*; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth @@ -38,6 +43,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pterodactylnode; diff --git a/pwndrop.subdomain.conf.sample b/pwndrop.subdomain.conf.sample index c33b1a6..10704b0 100644 --- a/pwndrop.subdomain.conf.sample +++ b/pwndrop.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your pwndrop container is named pwndrop # make sure that your dns has a cname set for pwndrop server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name pwndrop.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pwndrop; diff --git a/pydio-cells.subdomain.conf.sample b/pydio-cells.subdomain.conf.sample index fba6c05..adcad50 100644 --- a/pydio-cells.subdomain.conf.sample +++ b/pydio-cells.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your pydio-cells container is named pydio-cells # make sure that your dns has a cname set for pydio-cells server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name pydio-cells.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pydio-cells; @@ -61,6 +69,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pydio-cells; diff --git a/pydio.subdomain.conf.sample b/pydio.subdomain.conf.sample index 2b8cc3e..517e0d0 100644 --- a/pydio.subdomain.conf.sample +++ b/pydio.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your pydio container is named pydio # make sure that your dns has a cname set for pydio server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name pydio.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pydio; diff --git a/pyload.subdomain.conf.sample b/pyload.subdomain.conf.sample index f1bf84f..2f653cd 100644 --- a/pyload.subdomain.conf.sample +++ b/pyload.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your pyload container is named pyload # make sure that your dns has a cname set for pyload server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name pyload.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pyload; diff --git a/qbit-manage.subdomain.conf.sample b/qbit-manage.subdomain.conf.sample new file mode 100644 index 0000000..ed59bcc --- /dev/null +++ b/qbit-manage.subdomain.conf.sample @@ -0,0 +1,55 @@ +## Version 2025/07/18 +# make sure that your qbit-manage container is named qbit-manage +# make sure that your dns has a cname set for qbit-manage +# qbit-manage v4.5.0+ only + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name qbit-manage.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app qbit-manage; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } + +} diff --git a/qbittorrent.subdomain.conf.sample b/qbittorrent.subdomain.conf.sample index eb9da24..c67a1be 100644 --- a/qbittorrent.subdomain.conf.sample +++ b/qbittorrent.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your qbittorrent container is named qbittorrent # make sure that your dns has a cname set for qbittorrent # Api and related location bypasses are now commented out by default @@ -12,7 +12,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name qbittorrent.*; @@ -29,6 +31,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -43,6 +48,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app qbittorrent; diff --git a/quassel-web.subdomain.conf.sample b/quassel-web.subdomain.conf.sample index 13bf051..d61f587 100644 --- a/quassel-web.subdomain.conf.sample +++ b/quassel-web.subdomain.conf.sample @@ -1,11 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your quassel container is named quassel-web # make sure that your dns has a cname set for quassel # make sure Quassel-Web is running on http with -e 'HTTPS'='false' or if you're using -e 'ADVANCED'='true' by editing config.json appropriately server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name quassel.*; @@ -22,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -36,6 +41,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app quassel-web; diff --git a/radarr.subdomain.conf.sample b/radarr.subdomain.conf.sample index 03a084d..3b5add0 100644 --- a/radarr.subdomain.conf.sample +++ b/radarr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your radarr container is named radarr # make sure that your dns has a cname set for radarr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name radarr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app radarr; diff --git a/rallly.subdomain.conf.sample b/rallly.subdomain.conf.sample index 55c98f5..40b712f 100644 --- a/rallly.subdomain.conf.sample +++ b/rallly.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your rallly container is named rallly # make sure that your dns has a cname set for rallly server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name rallly.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app rallly; diff --git a/raneto.subdomain.conf.sample b/raneto.subdomain.conf.sample index 483db39..4630a20 100644 --- a/raneto.subdomain.conf.sample +++ b/raneto.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your raneto container is named raneto # make sure that your dns has a cname set for raneto server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name raneto.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app raneto; diff --git a/readarr.subdomain.conf.sample b/readarr.subdomain.conf.sample index a2bc3de..a1cb1c6 100644 --- a/readarr.subdomain.conf.sample +++ b/readarr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your readarr container is named readarr # make sure that your dns has a cname set for readarr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name readarr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app readarr; diff --git a/recipes.subdomain.conf.sample b/recipes.subdomain.conf.sample index 2c772ea..52d3555 100644 --- a/recipes.subdomain.conf.sample +++ b/recipes.subdomain.conf.sample @@ -1,14 +1,13 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your recipes container is named recipes # make sure that your dns has a cname set for recipes # make sure to mount /media/ in your swag container to point to your Recipes Media directory -# if using Authelia use this one: -# Doc: https://vabene1111.github.io/recipes/install/docker/#using-proxy-authentication - server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name recipes.*; @@ -25,6 +24,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + # serve media files location /media/ { alias /media/; @@ -44,6 +46,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app recipes; diff --git a/requestrr.subdomain.conf.sample b/requestrr.subdomain.conf.sample index 629f901..700fb04 100644 --- a/requestrr.subdomain.conf.sample +++ b/requestrr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your requestrr container is named requestrr # make sure that your dns has a cname set for requestrr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name requestrr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app requestrr; diff --git a/resilio-sync.subdomain.conf.sample b/resilio-sync.subdomain.conf.sample index fb63304..287a9f9 100644 --- a/resilio-sync.subdomain.conf.sample +++ b/resilio-sync.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your resilio-sync container is named resilio-sync # make sure that your dns has a cname set for resilio-sync server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name resilio-sync.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app resilio-sync; diff --git a/romm.subdomain.conf.sample b/romm.subdomain.conf.sample new file mode 100644 index 0000000..b9bc217 --- /dev/null +++ b/romm.subdomain.conf.sample @@ -0,0 +1,54 @@ +## Version 2025/07/18 +# make sure that your romM container is named romm +# make sure that your dns has a cname set for romm + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name romm.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app romm; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/rutorrent.subdomain.conf.sample b/rutorrent.subdomain.conf.sample index 7029526..6051a46 100644 --- a/rutorrent.subdomain.conf.sample +++ b/rutorrent.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your rutorrent container is named rutorrent # make sure that your dns has a cname set for rutorrent server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name rutorrent.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app rutorrent; @@ -58,6 +66,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + # block rpc access by default because it is unprotected # you can comment out the next line to enable remote rpc calls deny all; diff --git a/sabnzbd.subdomain.conf.sample b/sabnzbd.subdomain.conf.sample index 9bc9842..6e372d6 100644 --- a/sabnzbd.subdomain.conf.sample +++ b/sabnzbd.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your sabnzbd container is named sabnzbd # make sure that your dns has a cname set for sabnzbd # edit the sabnzbd.ini host_whitelist to avoid hostname verification issues. This format: @@ -6,7 +6,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name sabnzbd.*; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app sabnzbd; diff --git a/saltrim.subdomain.conf.sample b/saltrim.subdomain.conf.sample index ac1b127..30b6150 100644 --- a/saltrim.subdomain.conf.sample +++ b/saltrim.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your saltrim webserver container is named bar_assistant-webserver-1 or manually change to match the upstream_app below # make sure that your dns has a cname set for saltrim server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name saltrim.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bar_assistant-webserver-1; diff --git a/scrutiny.subdomain.conf.sample b/scrutiny.subdomain.conf.sample index 7376ad8..25cf36b 100644 --- a/scrutiny.subdomain.conf.sample +++ b/scrutiny.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your scrutiny container is named scrutiny # make sure that your dns has a cname set for scrutiny server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name scrutiny.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app scrutiny; diff --git a/semaphore.subdomain.conf.sample b/semaphore.subdomain.conf.sample index 137042f..87ec40d 100644 --- a/semaphore.subdomain.conf.sample +++ b/semaphore.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your semaphore container is named semaphore # make sure that your dns has a cname set for semaphore server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name semaphore.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app semaphore; diff --git a/shinobi.subdomain.conf.sample b/shinobi.subdomain.conf.sample index 6c7f3c3..e8f5195 100644 --- a/shinobi.subdomain.conf.sample +++ b/shinobi.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your shinobi container is named shinobi # make sure that your dns has a cname set for shinobi server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name shinobi.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app shinobi; diff --git a/shlink.subdomain.conf.sample b/shlink.subdomain.conf.sample index 94b991c..668edb5 100644 --- a/shlink.subdomain.conf.sample +++ b/shlink.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your shlink container is named shlink # make sure that your dns has a cname set for shlink server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name shlink.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app shlink; diff --git a/sickchill.subdomain.conf.sample b/sickchill.subdomain.conf.sample index 0bb5adc..a4fe84c 100644 --- a/sickchill.subdomain.conf.sample +++ b/sickchill.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your sickchill container is named sickchill # make sure that your dns has a cname set for sickchill server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name sickchill.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app sickchill; diff --git a/sickrage.subdomain.conf.sample b/sickrage.subdomain.conf.sample index b2caec2..4356de8 100644 --- a/sickrage.subdomain.conf.sample +++ b/sickrage.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your sickrage container is named sickrage # make sure that your dns has a cname set for sickrage server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name sickrage.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app sickrage; diff --git a/skyhook.subdomain.conf.sample b/skyhook.subdomain.conf.sample index 29ec9e9..8c89b83 100644 --- a/skyhook.subdomain.conf.sample +++ b/skyhook.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your skyhook container is named skyhook # make sure that your dns has a cname set for skyhook server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name skyhook.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app skyhook; diff --git a/smokeping.subdomain.conf.sample b/smokeping.subdomain.conf.sample index 9590df0..fa0340b 100644 --- a/smokeping.subdomain.conf.sample +++ b/smokeping.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your smokeping container is named smokeping # make sure that your dns has a cname set for smokeping server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name smokeping.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app smokeping; diff --git a/sonarr.subdomain.conf.sample b/sonarr.subdomain.conf.sample index 9276bb3..7b7f640 100644 --- a/sonarr.subdomain.conf.sample +++ b/sonarr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your sonarr container is named sonarr # make sure that your dns has a cname set for sonarr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name sonarr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app sonarr; diff --git a/sonarrtorss.subdomain.conf.sample b/sonarrtorss.subdomain.conf.sample index 30b457d..42a58d3 100644 --- a/sonarrtorss.subdomain.conf.sample +++ b/sonarrtorss.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your sonarrtorss container is named sonarrtorss # make sure that your dns has a cname set for sonarrtorss server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name sonarrtorss.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app sonarrtorss; diff --git a/speedtest-tracker.subdomain.conf.sample b/speedtest-tracker.subdomain.conf.sample index 94c07e8..822621b 100644 --- a/speedtest-tracker.subdomain.conf.sample +++ b/speedtest-tracker.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your speedtest-tracker container is named speedtest-tracker # make sure that your dns has a cname set for speedtest-tracker server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name speedtest-tracker.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app speedtest-tracker; diff --git a/spoolman.subdomain.conf.sample b/spoolman.subdomain.conf.sample new file mode 100644 index 0000000..523c498 --- /dev/null +++ b/spoolman.subdomain.conf.sample @@ -0,0 +1,54 @@ +## Version 2025/07/18 +# make sure that your spoolman container is named spoolman +# make sure that your dns has a cname set for spoolman + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name spoolman.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app spoolman; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/spoolman.subfolder.conf.sample b/spoolman.subfolder.conf.sample new file mode 100644 index 0000000..4fa88e7 --- /dev/null +++ b/spoolman.subfolder.conf.sample @@ -0,0 +1,30 @@ +## Version 2025/03/27 +# make sure that your spoolman container is named spoolman +# make sure that spoolman is set to work with the base url /spoolman/ + + +location /spoolman { + return 301 $scheme://$host/spoolman/; +} + +location ^~ /spoolman/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app spoolman; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; +} \ No newline at end of file diff --git a/statping.subdomain.conf.sample b/statping.subdomain.conf.sample index 41216c2..d822b16 100644 --- a/statping.subdomain.conf.sample +++ b/statping.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your statping container is named statup # make sure that your dns has a cname set for statping # If you are using the SSL docker-compose.yml on the statping repo, then the container name will be set to statup. @@ -6,7 +6,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name statping.*; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app statup; diff --git a/stirling-pdf.subdomain.conf.sample b/stirling-pdf.subdomain.conf.sample index 768f7d5..90385dd 100644 --- a/stirling-pdf.subdomain.conf.sample +++ b/stirling-pdf.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your stirling-pdf container is named stirling-pdf # make sure that your dns has a cname set for stirling-pdf server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name stirling-pdf.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app stirling-pdf; diff --git a/storm.subdomain.conf.sample b/storm.subdomain.conf.sample index f776c77..f6e422e 100644 --- a/storm.subdomain.conf.sample +++ b/storm.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # reverse proxy config for a modern deluge interface named storm # https://github.com/relvacode/storm # make sure that your storm container is named storm @@ -6,7 +6,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name storm.*; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app storm; diff --git a/synapse.subdomain.conf.sample b/synapse.subdomain.conf.sample index 0e66912..443fd66 100644 --- a/synapse.subdomain.conf.sample +++ b/synapse.subdomain.conf.sample @@ -1,8 +1,10 @@ -## Version 2024/07/16 +## Version 2025/07/18 server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; # For the federation port listen 8448 ssl; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app synapse; diff --git a/synclounge.subdomain.conf.sample b/synclounge.subdomain.conf.sample index b3914f9..b652279 100644 --- a/synclounge.subdomain.conf.sample +++ b/synclounge.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your synclounge container is named synclounge # make sure that your dns has a cname set for synclounge # Use this with SyncLounge v3 and up. @@ -6,7 +6,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; listen 80; listen [::]:80; @@ -26,6 +28,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -40,6 +45,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app synclounge; diff --git a/syncthing.subdomain.conf.sample b/syncthing.subdomain.conf.sample index 361b9ce..cdc3d45 100644 --- a/syncthing.subdomain.conf.sample +++ b/syncthing.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your syncthing container is named syncthing # make sure that your dns has a cname set for syncthing server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name syncthing.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app syncthing; diff --git a/taisun.subdomain.conf.sample b/taisun.subdomain.conf.sample index 3b1e9b5..1e20ef0 100644 --- a/taisun.subdomain.conf.sample +++ b/taisun.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your taisun container is named taisun # make sure that your dns has a cname set for taisun server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name taisun.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app taisun; diff --git a/tasmobackup.subdomain.conf.sample b/tasmobackup.subdomain.conf.sample index 8c8e8fc..c76147e 100644 --- a/tasmobackup.subdomain.conf.sample +++ b/tasmobackup.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your tasmobackup container is named tasmobackup # make sure that your dns has a cname set for tasmobackup server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name tasmobackup.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app tasmobackup; diff --git a/tautulli.subdomain.conf.sample b/tautulli.subdomain.conf.sample index f61081c..fa48707 100644 --- a/tautulli.subdomain.conf.sample +++ b/tautulli.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your tautulli container is named tautulli # make sure that your dns has a cname set for tautulli server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name tautulli.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app tautulli; diff --git a/tdarr.subdomain.conf.sample b/tdarr.subdomain.conf.sample index 145d5cb..03f6ca6 100644 --- a/tdarr.subdomain.conf.sample +++ b/tdarr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your tdarr container is named tdarr # make sure that your dns has a cname set for tdarr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name tdarr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app tdarr; diff --git a/thelounge.subdomain.conf.sample b/thelounge.subdomain.conf.sample index 26614dd..d5c0f13 100644 --- a/thelounge.subdomain.conf.sample +++ b/thelounge.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your thelounge container is named thelounge # make sure that your dns has a cname set for thelounge server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name thelounge.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app thelounge; diff --git a/themepark.subdomain.conf.sample b/themepark.subdomain.conf.sample index 1f7451b..7c2f232 100644 --- a/themepark.subdomain.conf.sample +++ b/themepark.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your theme-park. container is named theme-park. # make sure that your dns has a cname set for themepark. server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name themepark.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + # If you don't want to cache the CSS files you can uncomment the lines below. # add_header Last-Modified $date_gmt; # add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; diff --git a/tinyauth.subdomain.conf.sample b/tinyauth.subdomain.conf.sample new file mode 100644 index 0000000..24eb3ee --- /dev/null +++ b/tinyauth.subdomain.conf.sample @@ -0,0 +1,27 @@ +## Version 2025/07/18 +# make sure that your tinyauth container is named tinyauth +# make sure that your dns has a cname set for tinyauth + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name tinyauth.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app tinyauth; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/transmission.subdomain.conf.sample b/transmission.subdomain.conf.sample index 0a2250c..272d0dc 100644 --- a/transmission.subdomain.conf.sample +++ b/transmission.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # Make sure that DNS has a cname set for transmission # # Some Transmission Chrome extensions cannot handle HTTP/2 proxies as they @@ -12,7 +12,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name transmission.*; @@ -29,6 +31,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -43,6 +48,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app transmission; diff --git a/ubooquity.subdomain.conf.sample b/ubooquity.subdomain.conf.sample index a013ed2..4438cae 100644 --- a/ubooquity.subdomain.conf.sample +++ b/ubooquity.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your ubooquity container is named ubooquity # make sure that your dns has a cname set for ubooquity server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name ubooquity.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app ubooquity; diff --git a/unifi-controller.subdomain.conf.sample b/unifi-controller.subdomain.conf.sample index 8db8241..35f332a 100644 --- a/unifi-controller.subdomain.conf.sample +++ b/unifi-controller.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your unifi-controller container is named unifi-controller # make sure that your dns has a cname set for unifi # NOTE: If you use the proxy_cookie_path setting in proxy.conf you need to remove HTTPOnly; @@ -6,7 +6,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name unifi.*; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app unifi-controller; diff --git a/unifi-network-application.subdomain.conf.sample b/unifi-network-application.subdomain.conf.sample index 36004f0..aa80325 100644 --- a/unifi-network-application.subdomain.conf.sample +++ b/unifi-network-application.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your unifi-network-application container is named unifi-network-application # make sure that your dns has a cname set for unifi # NOTE: If you use the proxy_cookie_path setting in proxy.conf you need to remove HTTPOnly; @@ -7,7 +7,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name unifi.*; @@ -24,6 +26,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -38,6 +43,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app unifi-network-application; diff --git a/uptime-kuma.subdomain.conf.sample b/uptime-kuma.subdomain.conf.sample index 2ae8c2e..a0a17d5 100644 --- a/uptime-kuma.subdomain.conf.sample +++ b/uptime-kuma.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your uptime-kuma container is named uptime-kuma # make sure that your dns has a cname set for uptime-kuma server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name uptime-kuma.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app uptime-kuma; diff --git a/vaultwarden.subdomain.conf.sample b/vaultwarden.subdomain.conf.sample index c92af40..761607b 100644 --- a/vaultwarden.subdomain.conf.sample +++ b/vaultwarden.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your vaultwarden container is named vaultwarden # make sure that your dns has a cname set for vaultwarden # if you are using bitwarden (the official image), use the bitwarden conf @@ -8,7 +8,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name vaultwarden.*; @@ -25,6 +27,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -39,6 +44,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; @@ -62,6 +70,16 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + # if you enable admin page via ADMIN_TOKEN env variable + # consider restricting access to LAN only via uncommenting the following lines + #allow 10.0.0.0/8; + #allow 172.16.0.0/12; + #allow 192.168.0.0/16; + #deny all; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; diff --git a/vaultwarden.subfolder.conf.sample b/vaultwarden.subfolder.conf.sample index 2bba167..f97dc89 100644 --- a/vaultwarden.subfolder.conf.sample +++ b/vaultwarden.subfolder.conf.sample @@ -49,6 +49,13 @@ location ~ ^(/vaultwarden)?/admin { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # if you enable admin page via ADMIN_TOKEN env variable + # consider restricting access to LAN only via uncommenting the following lines + #allow 10.0.0.0/8; + #allow 172.16.0.0/12; + #allow 192.168.0.0/16; + #deny all; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; diff --git a/viewtube.subdomain.conf.sample b/viewtube.subdomain.conf.sample index dd26a77..8e1a291 100644 --- a/viewtube.subdomain.conf.sample +++ b/viewtube.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your viewtube container is named viewtube # make sure that your dns has a cname set for viewtube server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name viewtube.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app viewtube; diff --git a/wallabag.subdomain.conf.sample b/wallabag.subdomain.conf.sample index 04752b0..73de4a6 100644 --- a/wallabag.subdomain.conf.sample +++ b/wallabag.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your wallabag container is named wallabag # make sure that your dns has a cname set for wallabag # also, make sure your env var in your docker run or compose match the full domain, incl. https:// @@ -6,7 +6,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name wallabag.*; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app wallabag; diff --git a/warpgate.subdomain.conf.sample b/warpgate.subdomain.conf.sample index de0cda4..872898a 100644 --- a/warpgate.subdomain.conf.sample +++ b/warpgate.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your warpgate container is named warpgate # make sure that your dns has a cname set for warpgate server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name warpgate.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app warpgate; diff --git a/watcharr.subdomain.conf.sample b/watcharr.subdomain.conf.sample new file mode 100644 index 0000000..8f9beb8 --- /dev/null +++ b/watcharr.subdomain.conf.sample @@ -0,0 +1,64 @@ +## Version 2025/07/18 +# make sure that your watcharr container is named watcharr +# make sure that your dns has a cname set for watcharr + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name watcharr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app watcharr; + set $upstream_port 3080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/watcharr)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app watcharr; + set $upstream_port 3080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/watchstate.subdomain.conf.sample b/watchstate.subdomain.conf.sample index 030e86c..5f16843 100644 --- a/watchstate.subdomain.conf.sample +++ b/watchstate.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your radarr container is named watchstate # make sure that your dns has a cname set for watchstate # the api endpoint is not behind auth, so please make sure to enable @@ -6,7 +6,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name watchstate.*; @@ -23,6 +25,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +42,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app watchstate; diff --git a/webtop.subdomain.conf.sample b/webtop.subdomain.conf.sample index 54e9ca2..362e29a 100644 --- a/webtop.subdomain.conf.sample +++ b/webtop.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that you have a cname set for the webtop # set up authentication here, for better security server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name webtop.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app webtop; diff --git a/whisparr.subdomain.conf.sample b/whisparr.subdomain.conf.sample new file mode 100644 index 0000000..bc443f5 --- /dev/null +++ b/whisparr.subdomain.conf.sample @@ -0,0 +1,64 @@ +## Version 2025/07/18 +# make sure that your whisparr container is named whisparr +# make sure that your dns has a cname set for whisparr + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name whisparr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app whisparr; + set $upstream_port 6969; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/whisparr)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app whisparr; + set $upstream_port 6969; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/whisparr.subfolder.conf.sample b/whisparr.subfolder.conf.sample new file mode 100644 index 0000000..13d3693 --- /dev/null +++ b/whisparr.subfolder.conf.sample @@ -0,0 +1,36 @@ +## Version 2024/08/04 +# make sure that your whisparr container is named whisparr +# make sure that whisparr is set to work with the base url /whisparr/ + +location ^~ /whisparr { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app whisparr; + set $upstream_port 6969; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ^~ /whisparr/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app whisparr; + set $upstream_port 6969; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/wikijs.subdomain.conf.sample b/wikijs.subdomain.conf.sample index da68a1e..1071ace 100644 --- a/wikijs.subdomain.conf.sample +++ b/wikijs.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your wikijs container is named wikijs # make sure that your dns has a cname set for wikijs server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name wikijs.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app wikijs; diff --git a/wizarr.subdomain.conf.sample b/wizarr.subdomain.conf.sample index ca71932..84e00df 100644 --- a/wizarr.subdomain.conf.sample +++ b/wizarr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your wizarr container is named wizarr # make sure that your dns has a cname set for wizarr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name wizarr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app wizarr; diff --git a/wordpress.subdomain.conf.sample b/wordpress.subdomain.conf.sample index 2d61aa9..79489cd 100644 --- a/wordpress.subdomain.conf.sample +++ b/wordpress.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your wordpress container is named wordpress # make sure that your dns has a cname set for wordpress server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name wordpress.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app wordpress; diff --git a/wrapperr.subdomain.conf.sample b/wrapperr.subdomain.conf.sample index 938ecc5..ff49588 100644 --- a/wrapperr.subdomain.conf.sample +++ b/wrapperr.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your wrapperr container is named wrapperr # make sure that your dns has a cname set for wrapperr server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name wrapperr.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app wrapperr; diff --git a/yacht.subdomain.conf.sample b/yacht.subdomain.conf.sample index a3132ec..7d46933 100644 --- a/yacht.subdomain.conf.sample +++ b/yacht.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your yacht container is named yacht # make sure that your dns has a cname set for yacht server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name yacht.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app yacht; diff --git a/your-spotify-api.subdomain.conf.sample b/your-spotify-api.subdomain.conf.sample index df287e3..ae613e0 100644 --- a/your-spotify-api.subdomain.conf.sample +++ b/your-spotify-api.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # https://github.com/Yooooomi/your_spotify # this is not a standalone config, it requires configured your-spotify web container for full functionality. # it uses server URLs for api callbacks, thus a server is required @@ -8,7 +8,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name your-spotify-server.*; @@ -25,6 +27,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -39,6 +44,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app your-spotify-server; diff --git a/your-spotify.subdomain.conf.sample b/your-spotify.subdomain.conf.sample index 7d153c3..bc0bd15 100644 --- a/your-spotify.subdomain.conf.sample +++ b/your-spotify.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2024/07/16 +## Version 2025/07/18 # https://github.com/Yooooomi/your_spotify # this is not a standalone config, it requires configured your-spotify api container for full functionality. # it uses server URLs for api callbacks, thus a server is required @@ -8,7 +8,9 @@ server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name your-spotify.*; @@ -25,6 +27,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -39,6 +44,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app your-spotify-web; diff --git a/yourls.subdomain.conf.sample b/yourls.subdomain.conf.sample index 74767be..ee8edd7 100644 --- a/yourls.subdomain.conf.sample +++ b/yourls.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your yourls container is named yourls # make sure that your dns has a cname set for yourls if necessary server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name yourls.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app yourls; diff --git a/youtube-dl-server.subdomain.conf.sample b/youtube-dl-server.subdomain.conf.sample index 9659c27..f4a9ce7 100644 --- a/youtube-dl-server.subdomain.conf.sample +++ b/youtube-dl-server.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your youtube-dl-server container is named youtube-dl-server # make sure that your dns has a cname set for youtube-dl-server server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name youtube-dl-server.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app youtube-dl-server; diff --git a/yt-dlp-web.subdomain.conf.sample b/yt-dlp-web.subdomain.conf.sample index 7915fa0..88f8dc4 100644 --- a/yt-dlp-web.subdomain.conf.sample +++ b/yt-dlp-web.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your yt-dlp-web container is named yt-dlp-web # make sure that your dns has a cname set for yt-dlp-web server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name yt-dlp-web.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app yt-dlp-web; diff --git a/zigbee2mqtt.subdomain.conf.sample b/zigbee2mqtt.subdomain.conf.sample index f487b9b..88e065d 100644 --- a/zigbee2mqtt.subdomain.conf.sample +++ b/zigbee2mqtt.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your zigbee2mqtt container is named zigbee2mqtt # make sure that your dns has a cname set for zigbee2mqtt server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name zigbee2mqtt.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app zigbee2mqtt; diff --git a/znc.subdomain.conf.sample b/znc.subdomain.conf.sample index c6ada29..bb944f1 100644 --- a/znc.subdomain.conf.sample +++ b/znc.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your znc container is named znc # make sure that your dns has a cname set for znc server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name znc.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app znc; diff --git a/zwave-js-ui.subdomain.conf.sample b/zwave-js-ui.subdomain.conf.sample new file mode 100644 index 0000000..1c56a28 --- /dev/null +++ b/zwave-js-ui.subdomain.conf.sample @@ -0,0 +1,54 @@ +## Version 2025/07/18 +# make sure that your zwave-js-ui container is named zwave-js-ui +# make sure that your dns has a cname set for zwave-js-ui + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name zwave-js-ui.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app zwave-js-ui; + set $upstream_port 8091; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/zwavejs2mqtt.subdomain.conf.sample b/zwavejs2mqtt.subdomain.conf.sample index 1252f6b..f845e39 100644 --- a/zwavejs2mqtt.subdomain.conf.sample +++ b/zwavejs2mqtt.subdomain.conf.sample @@ -1,10 +1,12 @@ -## Version 2024/07/16 +## Version 2025/07/18 # make sure that your zwavejs2mqtt container is named zwavejs2mqtt # make sure that your dns has a cname set for zwavejs2mqtt server { listen 443 ssl; +# listen 443 quic; listen [::]:443 ssl; +# listen [::]:443 quic; server_name zwavejs2mqtt.*; @@ -21,6 +23,9 @@ server { # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,6 +40,9 @@ server { # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app zwavejs2mqtt;