diff --git a/adguard.subdomain.conf.sample b/adguard.subdomain.conf.sample index 0f2d7df..2acf72d 100644 --- a/adguard.subdomain.conf.sample +++ b/adguard.subdomain.conf.sample @@ -44,6 +44,6 @@ server { set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - + } } diff --git a/adminer.subfolder.conf.sample b/adminer.subfolder.conf.sample index 3f2bbde..5f59408 100644 --- a/adminer.subfolder.conf.sample +++ b/adminer.subfolder.conf.sample @@ -3,6 +3,7 @@ location /adminer { return 301 $scheme://$host/adminer/; } + location ^~ /adminer/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/bazarr.subdomain.conf.sample b/bazarr.subdomain.conf.sample index 8a439be..12e9cf7 100644 --- a/bazarr.subdomain.conf.sample +++ b/bazarr.subdomain.conf.sample @@ -35,8 +35,6 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; } location ~ (/bazarr)?/api { @@ -47,7 +45,5 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; } } diff --git a/bazarr.subfolder.conf.sample b/bazarr.subfolder.conf.sample index ce306d2..c583292 100644 --- a/bazarr.subfolder.conf.sample +++ b/bazarr.subfolder.conf.sample @@ -3,6 +3,7 @@ location /bazarr { return 301 $scheme://$host/bazarr/; } + location ^~ /bazarr/ { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -22,8 +23,6 @@ location ^~ /bazarr/ { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; } location ^~ /bazarr/api { @@ -34,6 +33,4 @@ location ^~ /bazarr/api { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; } diff --git a/beets.subfolder.conf.sample b/beets.subfolder.conf.sample index 6c430fb..56794ca 100644 --- a/beets.subfolder.conf.sample +++ b/beets.subfolder.conf.sample @@ -19,8 +19,6 @@ location /beets { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /beets; } diff --git a/bitwarden.subdomain.conf.sample b/bitwarden.subdomain.conf.sample index a67092a..55afe86 100644 --- a/bitwarden.subdomain.conf.sample +++ b/bitwarden.subdomain.conf.sample @@ -1,5 +1,6 @@ # make sure that your dns has a cname set for bitwarden and that your bitwarden container is not using a base url # make sure your bitwarden container is named "bitwarden" +# set the environment variable WEBSOCKET_ENABLED=true on your bitwarden container server { listen 443 ssl; @@ -38,7 +39,18 @@ server { } - location /notifications/hub { + location /admin { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app bitwarden; @@ -46,8 +58,16 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; + } + + location /notifications/hub { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app bitwarden; + set $upstream_port 3012; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } location /notifications/hub/negotiate { @@ -59,5 +79,4 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - } diff --git a/bookstack.subdomain.conf.sample b/bookstack.subdomain.conf.sample index b63186a..4b11b7e 100644 --- a/bookstack.subdomain.conf.sample +++ b/bookstack.subdomain.conf.sample @@ -37,5 +37,5 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } + } } diff --git a/calibre-web.subfolder.conf.sample b/calibre-web.subfolder.conf.sample index b31f2b8..15f54f2 100644 --- a/calibre-web.subfolder.conf.sample +++ b/calibre-web.subfolder.conf.sample @@ -3,6 +3,7 @@ location /calibre-web { return 301 $scheme://$host/calibre-web/; } + location ^~ /calibre-web/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/calibre.subdomain.conf.sample b/calibre.subdomain.conf.sample index 368b4d7..d1c5fc7 100644 --- a/calibre.subdomain.conf.sample +++ b/calibre.subdomain.conf.sample @@ -35,7 +35,5 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_buffering off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; } } diff --git a/calibre.subfolder.conf.sample b/calibre.subfolder.conf.sample index 2338ae2..cf4f7ae 100644 --- a/calibre.subfolder.conf.sample +++ b/calibre.subfolder.conf.sample @@ -3,6 +3,7 @@ location /calibre { return 301 $scheme://$host/calibre/; } + location ^~ /calibre/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/code-server.subdomain.conf.sample b/code-server.subdomain.conf.sample index 412df4c..91c308d 100644 --- a/code-server.subdomain.conf.sample +++ b/code-server.subdomain.conf.sample @@ -35,7 +35,5 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection upgrade; } } diff --git a/collabora.subdomain.conf.sample b/collabora.subdomain.conf.sample index caebc04..4282b31 100644 --- a/collabora.subdomain.conf.sample +++ b/collabora.subdomain.conf.sample @@ -49,8 +49,6 @@ server { set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; proxy_read_timeout 36000s; } @@ -74,8 +72,6 @@ server { set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; proxy_read_timeout 36000s; } diff --git a/deluge.subfolder.conf.sample b/deluge.subfolder.conf.sample index 80eee35..0b5a4e7 100644 --- a/deluge.subfolder.conf.sample +++ b/deluge.subfolder.conf.sample @@ -3,6 +3,7 @@ location /deluge { return 301 $scheme://$host/deluge/; } + location ^~ /deluge/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/documentserver.subdomain.conf.sample b/documentserver.subdomain.conf.sample index 1624040..7f66954 100644 --- a/documentserver.subdomain.conf.sample +++ b/documentserver.subdomain.conf.sample @@ -35,9 +35,6 @@ server { set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection upgrade; } } diff --git a/dozzle.subfolder.conf.sample b/dozzle.subfolder.conf.sample index 919eaaa..8112e1e 100644 --- a/dozzle.subfolder.conf.sample +++ b/dozzle.subfolder.conf.sample @@ -3,6 +3,7 @@ location /dozzle { return 301 $scheme://$host/dozzle/; } + location ^~ /dozzle/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/duplicati.subfolder.conf.sample b/duplicati.subfolder.conf.sample index 0f6dae1..acc40ca 100644 --- a/duplicati.subfolder.conf.sample +++ b/duplicati.subfolder.conf.sample @@ -3,6 +3,7 @@ location /duplicati { return 301 $scheme://$host/duplicati/; } + location ^~ /duplicati/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/emby.subdomain.conf.sample b/emby.subdomain.conf.sample index b32543c..a11bb4a 100644 --- a/emby.subdomain.conf.sample +++ b/emby.subdomain.conf.sample @@ -25,8 +25,5 @@ server { proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - } + } } diff --git a/emby.subfolder.conf.sample b/emby.subfolder.conf.sample index f114167..f30a86b 100644 --- a/emby.subfolder.conf.sample +++ b/emby.subfolder.conf.sample @@ -8,6 +8,7 @@ location /emby { return 301 $scheme://$host/emby/; } + location ^~ /emby/ { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; @@ -28,6 +29,4 @@ location ^~ /embywebsocket { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; } diff --git a/flood.subfolder.conf.sample b/flood.subfolder.conf.sample index 50170ca..e9e7946 100644 --- a/flood.subfolder.conf.sample +++ b/flood.subfolder.conf.sample @@ -3,6 +3,7 @@ location /flood { return 301 $scheme://$host/flood/; } + location ^~ /flood/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/glances.subfolder.conf.sample b/glances.subfolder.conf.sample index 676656e..860a1e9 100644 --- a/glances.subfolder.conf.sample +++ b/glances.subfolder.conf.sample @@ -3,6 +3,7 @@ location /glances { return 301 $scheme://$host/glances/; } + location ^~ /glances/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/gotify.subdomain.conf.sample b/gotify.subdomain.conf.sample index ddfb5c2..1dcefc7 100644 --- a/gotify.subdomain.conf.sample +++ b/gotify.subdomain.conf.sample @@ -34,7 +34,6 @@ server { set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + } -} \ No newline at end of file +} diff --git a/grocy.subdomain.conf.sample b/grocy.subdomain.conf.sample index 7aa965b..409eb8c 100644 --- a/grocy.subdomain.conf.sample +++ b/grocy.subdomain.conf.sample @@ -36,5 +36,4 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - } diff --git a/guacamole.subfolder.conf.sample b/guacamole.subfolder.conf.sample index ceb34ff..30a07ee 100644 --- a/guacamole.subfolder.conf.sample +++ b/guacamole.subfolder.conf.sample @@ -3,6 +3,7 @@ location /guacamole { return 301 $scheme://$host/guacamole/; } + location ^~ /guacamole/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/homeassistant.subdomain.conf.sample b/homeassistant.subdomain.conf.sample index 1913e44..3a60af2 100644 --- a/homeassistant.subdomain.conf.sample +++ b/homeassistant.subdomain.conf.sample @@ -44,10 +44,5 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Host $host; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; } } diff --git a/jellyfin.subdomain.conf.sample b/jellyfin.subdomain.conf.sample index 88c25e1..afef92a 100644 --- a/jellyfin.subdomain.conf.sample +++ b/jellyfin.subdomain.conf.sample @@ -35,7 +35,5 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - } + } } diff --git a/jellyfin.subfolder.conf.sample b/jellyfin.subfolder.conf.sample index abebb57..eb4f2dd 100644 --- a/jellyfin.subfolder.conf.sample +++ b/jellyfin.subfolder.conf.sample @@ -8,6 +8,7 @@ location /jellyfin { return 301 $scheme://$host/jellyfin/; } + location ^~ /jellyfin/ { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; @@ -18,6 +19,4 @@ location ^~ /jellyfin/ { proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; } diff --git a/jenkins.subfolder.conf.sample b/jenkins.subfolder.conf.sample index 8b3f8c3..6607db5 100644 --- a/jenkins.subfolder.conf.sample +++ b/jenkins.subfolder.conf.sample @@ -4,6 +4,7 @@ location /jenkins { return 301 $scheme://$host/jenkins/; } + location ^~ /jenkins/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/kanzi.subfolder.conf.sample b/kanzi.subfolder.conf.sample index 680db1f..3861f18 100644 --- a/kanzi.subfolder.conf.sample +++ b/kanzi.subfolder.conf.sample @@ -3,6 +3,7 @@ location /kanzi { return 301 $scheme://$host/kanzi/; } + location ^~ /kanzi/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/mailu.subfolder.conf.sample b/mailu.subfolder.conf.sample index 2c84712..4562d40 100644 --- a/mailu.subfolder.conf.sample +++ b/mailu.subfolder.conf.sample @@ -6,6 +6,7 @@ location /admin{ return 301 $scheme://$host/admin/; } + location ^~ /admin/ { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -17,7 +18,7 @@ location ^~ /admin/ { # enable for Authelia, also enable authelia-server.conf in the default site config #include /config/nginx/authelia-location.conf; - + include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app front; @@ -30,6 +31,7 @@ location ^~ /admin/ { location /webmail{ return 301 $scheme://$host/webmail/; } + location ^~ /webmail/ { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -41,7 +43,7 @@ location ^~ /webmail/ { # enable for Authelia, also enable authelia-server.conf in the default site config #include /config/nginx/authelia-location.conf; - + include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app front; diff --git a/medusa.subdomain.conf.sample b/medusa.subdomain.conf.sample index 32d4a93..6a57d4a 100644 --- a/medusa.subdomain.conf.sample +++ b/medusa.subdomain.conf.sample @@ -29,8 +29,6 @@ server { #include /config/nginx/authelia-location.conf; include /config/nginx/proxy.conf; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; resolver 127.0.0.11 valid=30s; set $upstream_app medusa; set $upstream_port 8081; diff --git a/medusa.subfolder.conf.sample b/medusa.subfolder.conf.sample index 049f857..8cca3b8 100644 --- a/medusa.subfolder.conf.sample +++ b/medusa.subfolder.conf.sample @@ -13,8 +13,6 @@ location ^~ /medusa { #include /config/nginx/authelia-location.conf; include /config/nginx/proxy.conf; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; resolver 127.0.0.11 valid=30s; set $upstream_app medusa; set $upstream_port 8081; diff --git a/monitorr.subfolder.conf.sample b/monitorr.subfolder.conf.sample index d291e32..a76442a 100644 --- a/monitorr.subfolder.conf.sample +++ b/monitorr.subfolder.conf.sample @@ -3,6 +3,7 @@ location /monitorr { return 301 $scheme://$host/monitorr/; } + location ^~ /monitorr/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/mytinytodo.subfolder.conf.sample b/mytinytodo.subfolder.conf.sample index fbfbb8b..f62d13e 100644 --- a/mytinytodo.subfolder.conf.sample +++ b/mytinytodo.subfolder.conf.sample @@ -4,6 +4,7 @@ location /todo { return 301 $scheme://$host/todo/; } + location ^~ /todo/ { # enable the next two lines for http auth diff --git a/netboot.subdomain.conf.sample b/netboot.subdomain.conf.sample index 2b086c0..d9027f3 100644 --- a/netboot.subdomain.conf.sample +++ b/netboot.subdomain.conf.sample @@ -34,5 +34,6 @@ server { set $upstream_port 3000; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } } diff --git a/netdata.subfolder.conf.sample b/netdata.subfolder.conf.sample index 4eeb35c..51f1afa 100644 --- a/netdata.subfolder.conf.sample +++ b/netdata.subfolder.conf.sample @@ -3,6 +3,7 @@ location /netdata { return 301 $scheme://$host/netdata/; } + location ^~ /netdata/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/nextcloud.subfolder.conf.sample b/nextcloud.subfolder.conf.sample index 2ee4393..cf92430 100644 --- a/nextcloud.subfolder.conf.sample +++ b/nextcloud.subfolder.conf.sample @@ -36,7 +36,6 @@ location ^~ /nextcloud/ { proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; - proxy_set_header Connection $http_connection; - proxy_redirect off; + proxy_redirect off; proxy_ssl_session_reuse off; } diff --git a/nzbhydra.subdomain.conf.sample b/nzbhydra.subdomain.conf.sample index 3b54538..b6deb30 100644 --- a/nzbhydra.subdomain.conf.sample +++ b/nzbhydra.subdomain.conf.sample @@ -86,5 +86,4 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - } diff --git a/ombi.subdomain.conf.sample b/ombi.subdomain.conf.sample index 3939d61..71ea34c 100644 --- a/ombi.subdomain.conf.sample +++ b/ombi.subdomain.conf.sample @@ -58,6 +58,7 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + if ($http_referer ~* /ombi) { rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect; } diff --git a/ombi.subfolder.conf.sample b/ombi.subfolder.conf.sample index a433387..86a73e9 100644 --- a/ombi.subfolder.conf.sample +++ b/ombi.subfolder.conf.sample @@ -35,6 +35,7 @@ location ^~ /ombi/api { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + if ($http_referer ~* /ombi) { rewrite ^/api/(.*) /ombi/api/$1? redirect; } @@ -49,6 +50,7 @@ location ^~ /ombi/swagger { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + if ($http_referer ~* /ombi) { rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect; } diff --git a/phpmyadmin.subfolder.conf.sample b/phpmyadmin.subfolder.conf.sample index 233eae3..03bf518 100644 --- a/phpmyadmin.subfolder.conf.sample +++ b/phpmyadmin.subfolder.conf.sample @@ -3,6 +3,7 @@ location /phpmyadmin { return 301 $scheme://$host/phpmyadmin/; } + location ^~ /phpmyadmin/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/pihole.subfolder.conf.sample b/pihole.subfolder.conf.sample index 45d6b1d..ddcf4e4 100644 --- a/pihole.subfolder.conf.sample +++ b/pihole.subfolder.conf.sample @@ -3,6 +3,7 @@ location /pihole { return 301 $scheme://$host/pihole/; } + location ^~ /pihole/ { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -29,6 +30,7 @@ location ^~ /pihole/ { location /pihole/admin { return 301 $scheme://$host/pihole/admin/; } + location ^~ /pihole/admin/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/plex.subdomain.conf.sample b/plex.subdomain.conf.sample index 7fe06bc..5e63878 100644 --- a/plex.subdomain.conf.sample +++ b/plex.subdomain.conf.sample @@ -40,9 +40,6 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; proxy_set_header X-Plex-Device $http_x_plex_device; proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; diff --git a/plex.subfolder.conf.sample b/plex.subfolder.conf.sample index 22d37a9..e3ac953 100644 --- a/plex.subfolder.conf.sample +++ b/plex.subfolder.conf.sample @@ -9,6 +9,7 @@ location /plex { return 301 $scheme://$host/plex/; } + location ^~ /plex/ { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -43,6 +44,7 @@ location ^~ /plex/ { proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; proxy_set_header X-Plex-Model $http_x_plex_model; } + if ($http_referer ~* /plex) { rewrite ^/web/(.*) /plex/web/$1? redirect; } diff --git a/plexwebtools.subfolder.conf.sample b/plexwebtools.subfolder.conf.sample index cb9974d..fc2c9c6 100644 --- a/plexwebtools.subfolder.conf.sample +++ b/plexwebtools.subfolder.conf.sample @@ -3,6 +3,7 @@ location /plexwebtools { return 301 $scheme://$host/plexwebtools/; } + location ^~ /plexwebtools/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/portainer.subdomain.conf.sample b/portainer.subdomain.conf.sample index 676d004..614eaf9 100644 --- a/portainer.subdomain.conf.sample +++ b/portainer.subdomain.conf.sample @@ -35,8 +35,7 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Connection ""; - proxy_hide_header X-Frame-Options; # Possibly nott needed after Portainer 1.20.0 + proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 } location /api/websocket/ { @@ -58,8 +57,6 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_hide_header X-Frame-Options; # Possibly nott needed after Portainer 1.20.0 + proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 } } diff --git a/portainer.subfolder.conf.sample b/portainer.subfolder.conf.sample index fdc762c..fafed86 100644 --- a/portainer.subfolder.conf.sample +++ b/portainer.subfolder.conf.sample @@ -3,6 +3,7 @@ location /portainer { return 301 $scheme://$host/portainer/; } + location ^~ /portainer/ { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -35,7 +36,5 @@ location ^~ /portainer/api/websocket/ { proxy_pass $upstream_proto://$upstream_app:$upstream_port; rewrite /portainer(.*) $1 break; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_hide_header X-Frame-Options; # Possibly nott needed after Portainer 1.20.0 + proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 } diff --git a/pydio-cells.subdomain.conf.sample b/pydio-cells.subdomain.conf.sample index 923f28a..f96d048 100644 --- a/pydio-cells.subdomain.conf.sample +++ b/pydio-cells.subdomain.conf.sample @@ -34,6 +34,7 @@ server { set $upstream_port 8080; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } location /ws { @@ -54,10 +55,7 @@ server { set $upstream_port 8080; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - proxy_buffering off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } + proxy_buffering off; + } } diff --git a/qbittorrent.subfolder.conf.sample b/qbittorrent.subfolder.conf.sample index f0886fd..647145c 100644 --- a/qbittorrent.subfolder.conf.sample +++ b/qbittorrent.subfolder.conf.sample @@ -3,6 +3,7 @@ location /qbittorrent { return 301 $scheme://$host/qbittorrent/; } + location ^~ /qbittorrent/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/radarr.subdomain.conf.sample b/radarr.subdomain.conf.sample index 98ca06f..62b0de6 100644 --- a/radarr.subdomain.conf.sample +++ b/radarr.subdomain.conf.sample @@ -35,8 +35,6 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; } location ~ (/radarr)?/api { @@ -47,7 +45,5 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; } } diff --git a/radarr.subfolder.conf.sample b/radarr.subfolder.conf.sample index 1de4c03..f826e31 100644 --- a/radarr.subfolder.conf.sample +++ b/radarr.subfolder.conf.sample @@ -19,8 +19,6 @@ location ^~ /radarr { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; } location ^~ /radarr/api { @@ -31,6 +29,4 @@ location ^~ /radarr/api { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; } diff --git a/rutorrent.subfolder.conf.sample b/rutorrent.subfolder.conf.sample index 0ec949d..98a7931 100644 --- a/rutorrent.subfolder.conf.sample +++ b/rutorrent.subfolder.conf.sample @@ -3,6 +3,7 @@ location /rutorrent { return 301 $scheme://$host/rutorrent/; } + location ^~ /rutorrent/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/scope.subfolder.conf.sample b/scope.subfolder.conf.sample index 7bc6b9f..2c1ace8 100644 --- a/scope.subfolder.conf.sample +++ b/scope.subfolder.conf.sample @@ -3,6 +3,7 @@ location /scope { return 301 $scheme://$host/scope/; } + location ^~ /scope/ { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -23,6 +24,4 @@ location ^~ /scope/ { proxy_pass $upstream_proto://$upstream_app:$upstream_port; rewrite /scope(.*) $1 break; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; } diff --git a/sickchill.subdomain.conf.sample b/sickchill.subdomain.conf.sample index 67802c8..f282673 100644 --- a/sickchill.subdomain.conf.sample +++ b/sickchill.subdomain.conf.sample @@ -36,8 +36,6 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } diff --git a/sickchill.subfolder.conf.sample b/sickchill.subfolder.conf.sample index 44e9c9d..6b96055 100644 --- a/sickchill.subfolder.conf.sample +++ b/sickchill.subfolder.conf.sample @@ -20,8 +20,6 @@ location ^~ /sickchill { proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } diff --git a/synclounge.subdomain.conf.sample b/synclounge.subdomain.conf.sample index 1ef22a6..29b9f1c 100644 --- a/synclounge.subdomain.conf.sample +++ b/synclounge.subdomain.conf.sample @@ -40,8 +40,6 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; } ### @@ -57,9 +55,6 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } # Due to a bug in SyncLounge, some websockets calls don't respect the base url (server root) setting @@ -71,8 +66,5 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port/slserver/socket.io/; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } } diff --git a/synclounge.subfolder.conf.sample b/synclounge.subfolder.conf.sample index 095f00e..7621591 100644 --- a/synclounge.subfolder.conf.sample +++ b/synclounge.subfolder.conf.sample @@ -15,7 +15,6 @@ # } #} - # Uncomment to force SyncLounge to always load over http. Only use this if you've allowed http per the above instructions. #if ($scheme = https) { # return 301 http://$host$request_uri; @@ -54,10 +53,8 @@ location /slweb { proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } + if ($http_referer ~* /slweb) { # Some requests like /config don't respect the base url (web root) setting rewrite ^/config /slweb/config redirect; @@ -79,10 +76,8 @@ location /slserver { proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } + if ($http_referer ~* /slserver) { # Some requests like socket.io don't respect the base url (server root) setting rewrite ^/socket.io/(.*) /slserver/socket.io/$1? redirect; diff --git a/taisun.subdomain.conf.sample b/taisun.subdomain.conf.sample index 5eb7dc4..88ce5d0 100644 --- a/taisun.subdomain.conf.sample +++ b/taisun.subdomain.conf.sample @@ -36,8 +36,5 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_buffering off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; } - } diff --git a/thelounge.subfolder.conf.sample b/thelounge.subfolder.conf.sample index 6520630..1078aa0 100644 --- a/thelounge.subfolder.conf.sample +++ b/thelounge.subfolder.conf.sample @@ -3,6 +3,7 @@ location /thelounge { return 301 $scheme://$host/thelounge/; } + location ^~ /thelounge/ { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/unifi-controller.subdomain.conf.sample b/unifi-controller.subdomain.conf.sample index 5993fd7..e015a58 100644 --- a/unifi-controller.subdomain.conf.sample +++ b/unifi-controller.subdomain.conf.sample @@ -1,4 +1,6 @@ # make sure that your dns has a cname set for unifi and that your unifi-controller container is not using a base url +# NOTE: If you use the proxy_cookie_path setting in proxy.conf you need to remove HTTPOnly; +# ex: proxy_cookie_path / "/; Secure"; server { listen 443 ssl; @@ -35,31 +37,6 @@ server { set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } - - location /wss { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable the next two lines for ldap auth - #auth_request /auth; - #error_page 401 =200 /ldaplogin; - - # enable for Authelia - #include /config/nginx/authelia-location.conf; - - include /config/nginx/proxy.conf; - resolver 127.0.0.11 valid=30s; - set $upstream_app unifi-controller; - set $upstream_port 8443; - set $upstream_proto https; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_buffering off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_ssl_verify off; } - } diff --git a/youtube-dl.subfolder.conf.sample b/youtube-dl.subfolder.conf.sample index 184496a..304b2f6 100644 --- a/youtube-dl.subfolder.conf.sample +++ b/youtube-dl.subfolder.conf.sample @@ -12,17 +12,16 @@ location ^~ /youtube-dl/ { # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf #auth_request /auth; #error_page 401 =200 /login; - + include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app youtube-dl-server; set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; + proxy_redirect off; - - rewrite /youtube-dl(.*) $1 break; - proxy_set_header Referer ''; proxy_set_header Host $upstream_app:8080; + rewrite /youtube-dl(.*) $1 break; }