diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index af4c79b..3a6c363 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -2,54 +2,58 @@ name: Check Samples on: push: - branches: [ master ] + branches: [master] pull_request: - branches: [ master ] + branches: [master] jobs: check-allowed-file-names: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - - name: Check Allowed File Names - run: | - NOT_SAMPLES=$(find . -not -path '*/\.*' -type f ! \( -name '*.conf.sample' -o -name 'README.md' -o -name 'LICENSE' \)) - NOT_SAMPLES_COUNT=$(echo "${NOT_SAMPLES}" | wc -w) - if (( NOT_SAMPLES_COUNT > 0 )); then - echo "The following files have extensions that are not allowed:" - echo "${NOT_SAMPLES}" - exit 1 - fi + - name: Check Allowed File Names + run: | + NOT_SAMPLES=$(find . -not -path '*/\.*' -type f ! \( -name '*.conf.sample' -o -name 'README.md' -o -name 'LICENSE' \)) + NOT_SAMPLES_COUNT=$(echo "${NOT_SAMPLES}" | wc -w) + if (( NOT_SAMPLES_COUNT > 0 )); then + for i in ${NOT_SAMPLES}; do + echo "::error file=${i},line=1,title=Disallowed filenames::This file extension is not allowed, only .sample is allowed" + done + exit 1 + fi - - name: Check Executable Bit - run: | - EXECUTABLE_BIT=$(find . -not -path '*/\.*' -type f -executable) - EXECUTABLE_BIT_COUNT=$(echo "${EXECUTABLE_BIT}" | wc -w) - if (( EXECUTABLE_BIT_COUNT > 0 )); then - echo "The following files have executable permissions (not allowed):" - echo "${EXECUTABLE_BIT}" - exit 1 - fi + - name: Check Executable Bit + run: | + EXECUTABLE_BIT=$(find . -not -path '*/\.*' -type f -executable) + EXECUTABLE_BIT_COUNT=$(echo "${EXECUTABLE_BIT}" | wc -w) + if (( EXECUTABLE_BIT_COUNT > 0 )); then + for i in ${EXECUTABLE_BIT}; do + echo "::error file=${i},line=1,title=Executable Bit::This file is set as exectutable, which is not allowed" + done + exit 1 + fi - - name: Check Line Endings - run: | - CRLF_ENDINGS=$(find . -not -path '*/\.*' -type f -exec file "{}" ";" | grep CRLF || true) - CRLF_ENDINGS_COUNT=$(echo "${CRLF_ENDINGS}" | wc -w) - if (( CRLF_ENDINGS_COUNT > 0 )); then - echo "The following files have CRLF line endings (not allowed):" - echo "${CRLF_ENDINGS}" - exit 1 - fi + - name: Check Line Endings + run: | + CRLF_ENDINGS=$(find . -not -path '*/\.*' -type f -exec file "{}" ";" | grep CRLF || true) + CRLF_ENDINGS_COUNT=$(echo "${CRLF_ENDINGS}" | wc -w) + if (( CRLF_ENDINGS_COUNT > 0 )); then + for i in ${CRLF_ENDINGS}; do + echo "::error file=${i},line=1,title=Line Endings::This file has CRLF (Windows) line endings, which is not allowed" + done + exit 1 + fi - - name: Check Version Date Line Exists - run: | - # Date regex based on https://www.html5pattern.com/Dates - VERSION_LINE_MISSING=$(find . -not -path '*/\.*' -type f -name '*.conf.sample' -exec grep -H -c -P '^## Version (?:19|20|21)[0-9]{2}/(?:(?:0[1-9]|1[0-2])/(?:0[1-9]|1[0-9]|2[0-9])|(?:(?!02)(?:0[1-9]|1[0-2])/(?:30))|(?:(?:0[13578]|1[02])/31))$' {} \; | grep 0$ | cut -d':' -f1) - VERSION_LINE_MISSING_COUNT=$(echo "${VERSION_LINE_MISSING}" | wc -w) - if (( VERSION_LINE_MISSING_COUNT > 0 )); then - echo "The following files are missing the version date line or it is not formatted correctly (YYYY/MM/DD):" - echo "${VERSION_LINE_MISSING}" - exit 1 - fi + - name: Check Version Date Line Exists + run: | + # Date regex based on https://www.html5pattern.com/Dates + VERSION_LINE_MISSING=$(find . -not -path '*/\.*' -type f -name '*.conf.sample' -exec grep -H -c -P '^## Version (?:19|20|21)[0-9]{2}/(?:(?:0[1-9]|1[0-2])/(?:0[1-9]|1[0-9]|2[0-9])|(?:(?!02)(?:0[1-9]|1[0-2])/(?:30))|(?:(?:0[13578]|1[02])/31))$' {} \; | grep 0$ | cut -d':' -f1) + VERSION_LINE_MISSING_COUNT=$(echo "${VERSION_LINE_MISSING}" | wc -w) + if (( VERSION_LINE_MISSING_COUNT > 0 )); then + for i in ${VERSION_LINE_MISSING}; do + echo "::error file=${i},line=1,title=Version Line::This file is missing the version date line or it is not formatted correctly (YYYY/MM/DD)" + done + exit 1 + fi diff --git a/audiobookshelf.subdomain.conf.sample b/audiobookshelf.subdomain.conf.sample new file mode 100644 index 0000000..30ba450 --- /dev/null +++ b/audiobookshelf.subdomain.conf.sample @@ -0,0 +1,40 @@ +## Version 2021/05/18 +# make sure that your dns has a cname set for audiobookshelf and that your audiobookshelf container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name audiobookshelf.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app audiobookshelf; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/audiobookshelf.subfolder.conf.sample b/audiobookshelf.subfolder.conf.sample new file mode 100644 index 0000000..22cda40 --- /dev/null +++ b/audiobookshelf.subfolder.conf.sample @@ -0,0 +1,23 @@ +## Version 2021/05/18 +# set the CONTEXT_PATH variable to /audiobookshelf in audiobookshelf container. + +location ^~ /audiobookshelf { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app audiobookshelf; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/babybuddy.subdomain.conf.sample b/babybuddy.subdomain.conf.sample new file mode 100644 index 0000000..337c668 --- /dev/null +++ b/babybuddy.subdomain.conf.sample @@ -0,0 +1,40 @@ +## Version 2022/05/10 +# make sure that your dns has a cname set for babybuddy + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name babybuddy.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app babybuddy; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/bitwarden.subfolder.conf.sample b/bitwarden.subfolder.conf.sample index 7205be5..5ce9c21 100644 --- a/bitwarden.subfolder.conf.sample +++ b/bitwarden.subfolder.conf.sample @@ -40,7 +40,7 @@ location ~ (/bitwarden)?/admin { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; - set $upstream_app vaultwarden; + set $upstream_app bitwarden; set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; diff --git a/calibre.subdomain.conf.sample b/calibre.subdomain.conf.sample index 8da0788..e17c0b9 100644 --- a/calibre.subdomain.conf.sample +++ b/calibre.subdomain.conf.sample @@ -1,5 +1,8 @@ -## Version 2021/05/18 +## Version 2022/03/29 # make sure that your dns has a cname set for calibre +# for the content server, go into calibre preferences / sharing over the net / advanced and +# set the first option for prefix url to '/content-server', save and restart the container +# the content server will be accessible at 'https://calibre.domain.com/content-server/' server { listen 443 ssl; @@ -38,4 +41,28 @@ server { proxy_buffering off; } + + location /content-server { + return 301 $scheme://$host/content-server/; + } + + location ^~ /content-server/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app calibre; + set $upstream_port 8081; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } } diff --git a/calibre.subfolder.conf.sample b/calibre.subfolder.conf.sample index 9bf74bb..20095ce 100644 --- a/calibre.subfolder.conf.sample +++ b/calibre.subfolder.conf.sample @@ -1,5 +1,8 @@ -## Version 2021/06/28 +## Version 2022/03/29 # In calibre docker arguments, set an env variable for SUBFOLDER=/calibre/ +# for the content server, go into calibre preferences / sharing over the net / advanced and +# set the first option for prefix url to '/content-server', save and restart the container +# the content server will be accessible at 'https://domain.com/content-server/' location /calibre { return 301 $scheme://$host/calibre/; @@ -25,3 +28,28 @@ location ^~ /calibre/ { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + +location /content-server { + return 301 $scheme://$host/content-server/; +} + +location ^~ /content-server/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app calibre; + set $upstream_port 8081; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/changedetection.subdomain.conf.sample b/changedetection.subdomain.conf.sample new file mode 100644 index 0000000..0f8fc82 --- /dev/null +++ b/changedetection.subdomain.conf.sample @@ -0,0 +1,40 @@ +## Version 2022/06/25 +# make sure that your dns has a cname set for changedetection and that your changedetection container is named changedetection + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name changedetection.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app changedetection; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/crowdsec-dashboard.subdomain.conf.sample b/crowdsec-dashboard.subdomain.conf.sample new file mode 100644 index 0000000..a90d8ca --- /dev/null +++ b/crowdsec-dashboard.subdomain.conf.sample @@ -0,0 +1,44 @@ +## Version 2022/05/24 +# make sure that your dns has a cname set for crowdsec-dashboard and that your crowdsec-dashboard container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name crowdsec-dashboard.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app crowdsec-dashboard; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # Uncomment these if you want to lower security, and + # allow running in an iFrame (i.e. Organizr) + #proxy_hide_header Content-Security-Policy; + #proxy_hide_header X-Frame-Options; + } +} diff --git a/firefly.subdomain.conf.sample b/firefly.subdomain.conf.sample new file mode 100644 index 0000000..feb855c --- /dev/null +++ b/firefly.subdomain.conf.sample @@ -0,0 +1,39 @@ +## Version 2021/05/18 +# make sure that your dns has a cname set for firefly and that your firefly container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name firefly.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app firefly; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/firefox.subdomain.conf.sample b/firefox.subdomain.conf.sample new file mode 100644 index 0000000..109176f --- /dev/null +++ b/firefox.subdomain.conf.sample @@ -0,0 +1,40 @@ +## Version 2021/05/18 +# make sure that your dns has a cname set for firefox and that your firefox container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name firefox.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app firefox; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/get_iplayer.subdomain.conf.sample b/get_iplayer.subdomain.conf.sample new file mode 100644 index 0000000..61adc89 --- /dev/null +++ b/get_iplayer.subdomain.conf.sample @@ -0,0 +1,40 @@ +## Version 2022/06/25 +# make sure that your dns has a cname set for get_iplayer and that your get_iplayer container is named get_iplayer + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name get_iplayer.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app get_iplayer; + set $upstream_port 1935; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/gotify.subfolder.conf.sample b/gotify.subfolder.conf.sample index f67accb..453a0c0 100644 --- a/gotify.subfolder.conf.sample +++ b/gotify.subfolder.conf.sample @@ -23,4 +23,5 @@ location /gotify/ { set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; + rewrite ^/gotify(/.*) $1 break; } diff --git a/grocy.subdomain.conf.sample b/grocy.subdomain.conf.sample index 3197462..239f10c 100644 --- a/grocy.subdomain.conf.sample +++ b/grocy.subdomain.conf.sample @@ -37,4 +37,13 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + + location /api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app grocy; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } } diff --git a/jellyseerr.subdomain.conf.sample b/jellyseerr.subdomain.conf.sample new file mode 100644 index 0000000..431be31 --- /dev/null +++ b/jellyseerr.subdomain.conf.sample @@ -0,0 +1,40 @@ +## Version 2022/06/25 +# make sure that your dns has a cname set for jellyseerr and that your jellyseerr container is named jellyseerr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name jellyseerr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app jellyseerr; + set $upstream_port 5055; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/lychee.subfolder.conf.sample b/lychee.subfolder.conf.sample new file mode 100644 index 0000000..b870753 --- /dev/null +++ b/lychee.subfolder.conf.sample @@ -0,0 +1,28 @@ +## Version 2021/10/29 +# lychee does not require a base url setting + +location /lychee { + return 301 $scheme://$host/lychee/; +} + +location /lychee/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app lychee; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /lychee(.*) $1 break; +} diff --git a/monica.subdomain.conf.sample b/monica.subdomain.conf.sample new file mode 100644 index 0000000..46d6044 --- /dev/null +++ b/monica.subdomain.conf.sample @@ -0,0 +1,39 @@ +## Version 2022/04/27 +# make sure that your dns has a cname set for monica. + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name monica.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app monica; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/monica.subfolder.conf.sample b/monica.subfolder.conf.sample new file mode 100644 index 0000000..53ebc5e --- /dev/null +++ b/monica.subfolder.conf.sample @@ -0,0 +1,27 @@ +## Version 2021/05/18 +# Set the monica Docker container's APP_URL to a fully-qualified domain that ends with /monica/ and restart the container. +# Example: https://yourhost.cc/monica/ + +location /monica { + return 301 $scheme://$host/monica/; +} + +location ^~ /monica/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app monica; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; +} diff --git a/openhab.subdomain.conf.sample b/openhab.subdomain.conf.sample index fb356a5..0841701 100644 --- a/openhab.subdomain.conf.sample +++ b/openhab.subdomain.conf.sample @@ -14,6 +14,9 @@ server { # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; + # enable for Authelia + #include /config/nginx/authelia-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; diff --git a/pgadmin.subdomain.conf.sample b/pgadmin.subdomain.conf.sample new file mode 100644 index 0000000..75510b9 --- /dev/null +++ b/pgadmin.subdomain.conf.sample @@ -0,0 +1,38 @@ +## Version 2022/04/18 +# make sure that your dns has a cname set for pgadmin and that your pgadmin container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name pgadmin.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app pgadmin; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # Uncomment to allow loading in an iframe (i.e. Organizr) + #proxy_hide_header X-Frame-Options; + } +} diff --git a/pinry.subdomain.conf.sample b/pinry.subdomain.conf.sample new file mode 100644 index 0000000..8574c07 --- /dev/null +++ b/pinry.subdomain.conf.sample @@ -0,0 +1,40 @@ +## Version 2022/06/25 +# make sure that your dns has a cname set for pinry and that your pinry container is named pinry + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name pinry.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app pinry; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/wordpress.subfolder.conf.sample b/wordpress.subfolder.conf.sample new file mode 100644 index 0000000..6771d55 --- /dev/null +++ b/wordpress.subfolder.conf.sample @@ -0,0 +1,24 @@ +## Version 2022/02/24 +# In order to use this location block you need to edit the default file one folder up and comment out the / location as well as the "~ \.php$" location +# tested with the official wordpress docker image + +location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app wordpress; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} \ No newline at end of file