github/reverse-proxy-confs
1
0
Fork 0
mirror of https://github.com/linuxserver/reverse-proxy-confs.git synced 2025-07-06 13:01:35 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #613 from linuxserver/qbit-bypass

Browse source 
comment out api bypass in qbit, add disclaimer
This commit is contained in:
driz 2023-10-10 16:39:07 -04:00 committed by GitHub
commit 4fffbd003c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 186 additions and 170 deletions
Download patch file Download diff file Expand all files Collapse all files

178
qbittorrent.subdomain.conf.sample
View file

@ -1,6 +1,14 @@
## Version 2023/09/05 ## Version 2023/10/10
# make sure that your qbittorrent container is named qbittorrent # make sure that your qbittorrent container is named qbittorrent
# make sure that your dns has a cname set for qbittorrent # make sure that your dns has a cname set for qbittorrent
# Api and related location bypasses are now commented out by default
# due to users easily misconfiguring qbittorrent to allow
# public access through the api endpoint by including SWAG in
# "Bypass authentication for clients in whitelisted IP subnets",
# which results in all connections through SWAG to be considered
# local and bypassing auth, which also applies to qbittorrent's
# api endpoint (webui api)
# enable at your own risk
server { server {
listen 443 ssl http2; listen 443 ssl http2;
@ -47,108 +55,108 @@ server {
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
} }
location ~ (/qbittorrent)?/api { # location ~ (/qbittorrent)?/api {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ~ (/qbittorrent)?/command { # location ~ (/qbittorrent)?/command {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ~ (/qbittorrent)?/css { # location ~ (/qbittorrent)?/css {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ~ (/qbittorrent)?/query { # location ~ (/qbittorrent)?/query {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ~ (/qbittorrent)?/login { # location ~ (/qbittorrent)?/login {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ~ (/qbittorrent)?/sync { # location ~ (/qbittorrent)?/sync {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ~ (/qbittorrent)?/scripts { # location ~ (/qbittorrent)?/scripts {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
} }

178
qbittorrent.subfolder.conf.sample
View file

@ -1,6 +1,14 @@
## Version 2023/09/05 ## Version 2023/10/10
# make sure that your qbittorrent container is named qbittorrent # make sure that your qbittorrent container is named qbittorrent
# qbittorrent does not require a base url setting # qbittorrent does not require a base url setting
# Api and related location bypasses are now commented out by default
# due to users easily misconfiguring qbittorrent to allow
# public access through the api endpoint by including SWAG in
# "Bypass authentication for clients in whitelisted IP subnets",
# which results in all connections through SWAG to be considered
# local and bypassing auth, which also applies to qbittorrent's
# api endpoint (webui api)
# enable at your own risk
location /qbittorrent { location /qbittorrent {
return 301 $scheme://$host/qbittorrent/; return 301 $scheme://$host/qbittorrent/;
@ -34,107 +42,107 @@ location ^~ /qbittorrent/ {
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
} }
location ^~ /qbittorrent/api { # location ^~ /qbittorrent/api {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ^~ /qbittorrent/command { # location ^~ /qbittorrent/command {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ^~ /qbittorrent/css { # location ^~ /qbittorrent/css {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ^~ /qbittorrent/query { # location ^~ /qbittorrent/query {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ^~ /qbittorrent/login { # location ^~ /qbittorrent/login {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ^~ /qbittorrent/sync { # location ^~ /qbittorrent/sync {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }
location ^~ /qbittorrent/scripts { # location ^~ /qbittorrent/scripts {
include /config/nginx/proxy.conf; # include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf; # include /config/nginx/resolver.conf;
set $upstream_app qbittorrent; # set $upstream_app qbittorrent;
set $upstream_port 8080; # set $upstream_port 8080;
set $upstream_proto http; # set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break; # rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer ''; # proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port; # proxy_set_header Host $upstream_app:$upstream_port;
proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Host $host;
} # }