From cf5fb8d8f6c2f71ef0cf44588a26d558227b82b1 Mon Sep 17 00:00:00 2001 From: Alex Date: Fri, 29 Oct 2021 10:03:06 -0400 Subject: [PATCH 01/31] added lyche subfolder --- lychee.subfolder.conf.sample | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 lychee.subfolder.conf.sample diff --git a/lychee.subfolder.conf.sample b/lychee.subfolder.conf.sample new file mode 100644 index 0000000..b870753 --- /dev/null +++ b/lychee.subfolder.conf.sample @@ -0,0 +1,28 @@ +## Version 2021/10/29 +# lychee does not require a base url setting + +location /lychee { + return 301 $scheme://$host/lychee/; +} + +location /lychee/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app lychee; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /lychee(.*) $1 break; +} From dedad630c7316da51078fe90c5497a6528b682d7 Mon Sep 17 00:00:00 2001 From: ksurl Date: Mon, 27 Dec 2021 09:29:07 -0800 Subject: [PATCH 02/31] add firefox subdomain --- firefox.subdomain.conf.sample | 40 +++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 firefox.subdomain.conf.sample diff --git a/firefox.subdomain.conf.sample b/firefox.subdomain.conf.sample new file mode 100644 index 0000000..109176f --- /dev/null +++ b/firefox.subdomain.conf.sample @@ -0,0 +1,40 @@ +## Version 2021/05/18 +# make sure that your dns has a cname set for firefox and that your firefox container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name firefox.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app firefox; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From 962ea637e26f5be8194a6afae3eda0f271b08468 Mon Sep 17 00:00:00 2001 From: ksurl Date: Sat, 22 Jan 2022 10:54:44 -0800 Subject: [PATCH 03/31] add firefly subdomain --- firefly.subdomain.conf.sample | 39 +++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 firefly.subdomain.conf.sample diff --git a/firefly.subdomain.conf.sample b/firefly.subdomain.conf.sample new file mode 100644 index 0000000..feb855c --- /dev/null +++ b/firefly.subdomain.conf.sample @@ -0,0 +1,39 @@ +## Version 2021/05/18 +# make sure that your dns has a cname set for firefly and that your firefly container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name firefly.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app firefly; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} From f6df5ee8dcfb82a65140b674ace64301d446a567 Mon Sep 17 00:00:00 2001 From: olivierkeke Date: Mon, 14 Feb 2022 14:40:59 +0100 Subject: [PATCH 04/31] Add missing line for authelia authentication Lines for authelia authentication seems to be missing in the server part of the openhab conf file. This PR are the missing line. --- openhab.subdomain.conf.sample | 3 +++ 1 file changed, 3 insertions(+) diff --git a/openhab.subdomain.conf.sample b/openhab.subdomain.conf.sample index fb356a5..0841701 100644 --- a/openhab.subdomain.conf.sample +++ b/openhab.subdomain.conf.sample @@ -14,6 +14,9 @@ server { # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; + # enable for Authelia + #include /config/nginx/authelia-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; From d226687e2f7489f270455cd98cbad05aaa9dd879 Mon Sep 17 00:00:00 2001 From: Ofer Sadan Date: Thu, 24 Feb 2022 21:10:13 +0200 Subject: [PATCH 05/31] add sample config for wordpress --- wordpress.subfolder.conf.sample | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 wordpress.subfolder.conf.sample diff --git a/wordpress.subfolder.conf.sample b/wordpress.subfolder.conf.sample new file mode 100644 index 0000000..6771d55 --- /dev/null +++ b/wordpress.subfolder.conf.sample @@ -0,0 +1,24 @@ +## Version 2022/02/24 +# In order to use this location block you need to edit the default file one folder up and comment out the / location as well as the "~ \.php$" location +# tested with the official wordpress docker image + +location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app wordpress; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} \ No newline at end of file From 8c6fe1ae91ccb26c970609fbc95d1fb511df6c7c Mon Sep 17 00:00:00 2001 From: Ben Penkacik Date: Fri, 25 Feb 2022 14:36:32 -0500 Subject: [PATCH 06/31] Add audiobookshelf configs --- audiobookshelf.subdomain.conf.sample | 40 ++++++++++++++++++++++++++++ audiobookshelf.subfolder.conf.sample | 23 ++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 audiobookshelf.subdomain.conf.sample create mode 100644 audiobookshelf.subfolder.conf.sample diff --git a/audiobookshelf.subdomain.conf.sample b/audiobookshelf.subdomain.conf.sample new file mode 100644 index 0000000..30ba450 --- /dev/null +++ b/audiobookshelf.subdomain.conf.sample @@ -0,0 +1,40 @@ +## Version 2021/05/18 +# make sure that your dns has a cname set for audiobookshelf and that your audiobookshelf container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name audiobookshelf.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app audiobookshelf; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/audiobookshelf.subfolder.conf.sample b/audiobookshelf.subfolder.conf.sample new file mode 100644 index 0000000..22cda40 --- /dev/null +++ b/audiobookshelf.subfolder.conf.sample @@ -0,0 +1,23 @@ +## Version 2021/05/18 +# set the CONTEXT_PATH variable to /audiobookshelf in audiobookshelf container. + +location ^~ /audiobookshelf { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app audiobookshelf; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} From 6d48cdaadfc046280e7432c153cd938bbe31ed08 Mon Sep 17 00:00:00 2001 From: aptalca Date: Tue, 29 Mar 2022 10:34:55 -0400 Subject: [PATCH 07/31] Add support for calibre content server at a subfolder --- calibre.subdomain.conf.sample | 29 ++++++++++++++++++++++++++++- calibre.subfolder.conf.sample | 30 +++++++++++++++++++++++++++++- 2 files changed, 57 insertions(+), 2 deletions(-) diff --git a/calibre.subdomain.conf.sample b/calibre.subdomain.conf.sample index 8da0788..e17c0b9 100644 --- a/calibre.subdomain.conf.sample +++ b/calibre.subdomain.conf.sample @@ -1,5 +1,8 @@ -## Version 2021/05/18 +## Version 2022/03/29 # make sure that your dns has a cname set for calibre +# for the content server, go into calibre preferences / sharing over the net / advanced and +# set the first option for prefix url to '/content-server', save and restart the container +# the content server will be accessible at 'https://calibre.domain.com/content-server/' server { listen 443 ssl; @@ -38,4 +41,28 @@ server { proxy_buffering off; } + + location /content-server { + return 301 $scheme://$host/content-server/; + } + + location ^~ /content-server/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app calibre; + set $upstream_port 8081; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } } diff --git a/calibre.subfolder.conf.sample b/calibre.subfolder.conf.sample index 9bf74bb..20095ce 100644 --- a/calibre.subfolder.conf.sample +++ b/calibre.subfolder.conf.sample @@ -1,5 +1,8 @@ -## Version 2021/06/28 +## Version 2022/03/29 # In calibre docker arguments, set an env variable for SUBFOLDER=/calibre/ +# for the content server, go into calibre preferences / sharing over the net / advanced and +# set the first option for prefix url to '/content-server', save and restart the container +# the content server will be accessible at 'https://domain.com/content-server/' location /calibre { return 301 $scheme://$host/calibre/; @@ -25,3 +28,28 @@ location ^~ /calibre/ { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + +location /content-server { + return 301 $scheme://$host/content-server/; +} + +location ^~ /content-server/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app calibre; + set $upstream_port 8081; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} From d2d19f711dc027e46bea7b738d04e3edbad0fe0c Mon Sep 17 00:00:00 2001 From: "J. Scott Elblein" Date: Mon, 18 Apr 2022 15:22:30 -0500 Subject: [PATCH 08/31] Create pgadmin.subdomain.conf.sample For the PGAdmin container: https://hub.docker.com/r/dpage/pgadmin4 --- pgadmin.subdomain.conf.sample | 38 +++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 pgadmin.subdomain.conf.sample diff --git a/pgadmin.subdomain.conf.sample b/pgadmin.subdomain.conf.sample new file mode 100644 index 0000000..75510b9 --- /dev/null +++ b/pgadmin.subdomain.conf.sample @@ -0,0 +1,38 @@ +## Version 2022/04/18 +# make sure that your dns has a cname set for pgadmin and that your pgadmin container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name pgadmin.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app pgadmin; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # Uncomment to allow loading in an iframe (i.e. Organizr) + #proxy_hide_header X-Frame-Options; + } +} From f3bf0691cfb6b35b1e9f58faf1b5dede4a80425d Mon Sep 17 00:00:00 2001 From: Christian Tietze Date: Wed, 27 Apr 2022 17:24:40 +0200 Subject: [PATCH 09/31] Create monica.subdomain.conf.sample --- monica.subdomain.conf.sample | 39 ++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 monica.subdomain.conf.sample diff --git a/monica.subdomain.conf.sample b/monica.subdomain.conf.sample new file mode 100644 index 0000000..3628d94 --- /dev/null +++ b/monica.subdomain.conf.sample @@ -0,0 +1,39 @@ +## Version 2022/04/27 +# make sure that your dns has a cname set for monica. + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name monica.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app monica; + set $upstream_port 80 + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} From a04257d32c490a31fb979be86332880daa0373e4 Mon Sep 17 00:00:00 2001 From: Christian Tietze Date: Wed, 27 Apr 2022 17:30:09 +0200 Subject: [PATCH 10/31] Create monica.subfolder.conf.sample --- monica.subfolder.conf.sample | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 monica.subfolder.conf.sample diff --git a/monica.subfolder.conf.sample b/monica.subfolder.conf.sample new file mode 100644 index 0000000..53ebc5e --- /dev/null +++ b/monica.subfolder.conf.sample @@ -0,0 +1,27 @@ +## Version 2021/05/18 +# Set the monica Docker container's APP_URL to a fully-qualified domain that ends with /monica/ and restart the container. +# Example: https://yourhost.cc/monica/ + +location /monica { + return 301 $scheme://$host/monica/; +} + +location ^~ /monica/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app monica; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; +} From dd82a3dd08780973002a2c9d2bfb0e21376157ef Mon Sep 17 00:00:00 2001 From: aptalca Date: Tue, 10 May 2022 17:08:29 -0400 Subject: [PATCH 11/31] add subdomain conf for babybuddy --- babybuddy.subdomain.conf.sample | 40 +++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 babybuddy.subdomain.conf.sample diff --git a/babybuddy.subdomain.conf.sample b/babybuddy.subdomain.conf.sample new file mode 100644 index 0000000..337c668 --- /dev/null +++ b/babybuddy.subdomain.conf.sample @@ -0,0 +1,40 @@ +## Version 2022/05/10 +# make sure that your dns has a cname set for babybuddy + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name babybuddy.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app babybuddy; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From 58bc66c499188e83b0fc0b7fb758eeffe18bff45 Mon Sep 17 00:00:00 2001 From: Andrew Doering Date: Wed, 18 May 2022 22:35:06 +0200 Subject: [PATCH 12/31] Add section for API and companion app. --- grocy.subdomain.conf.sample | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/grocy.subdomain.conf.sample b/grocy.subdomain.conf.sample index 3197462..906b594 100644 --- a/grocy.subdomain.conf.sample +++ b/grocy.subdomain.conf.sample @@ -37,4 +37,17 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + + location /api { + # Needed as a separate endpoint if using Authelia and a + # companion application, they cannot work due to the endpoint. + # If you do not use a companion app, comment out this API Entry. + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app grocy; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } } From 0d3698b9d11421e4fdd5a20c7c073a665e3495ff Mon Sep 17 00:00:00 2001 From: Andrew Doering Date: Wed, 18 May 2022 23:20:35 +0200 Subject: [PATCH 13/31] Update grocy.subdomain.conf.sample Removed disclaimer --- grocy.subdomain.conf.sample | 4 ---- 1 file changed, 4 deletions(-) diff --git a/grocy.subdomain.conf.sample b/grocy.subdomain.conf.sample index 906b594..239f10c 100644 --- a/grocy.subdomain.conf.sample +++ b/grocy.subdomain.conf.sample @@ -39,10 +39,6 @@ server { } location /api { - # Needed as a separate endpoint if using Authelia and a - # companion application, they cannot work due to the endpoint. - # If you do not use a companion app, comment out this API Entry. - include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app grocy; From e05e774ce1d60c2eb5d34f31fdaef2b90a0140bd Mon Sep 17 00:00:00 2001 From: collateral127 <6831087+collateral127@users.noreply.github.com> Date: Tue, 24 May 2022 09:28:54 +1000 Subject: [PATCH 14/31] Update gotify.subfolder.conf.sample added rewrite to fix issues hitting page: https://gotify.net/docs/nginx --- gotify.subfolder.conf.sample | 1 + 1 file changed, 1 insertion(+) diff --git a/gotify.subfolder.conf.sample b/gotify.subfolder.conf.sample index f67accb..453a0c0 100644 --- a/gotify.subfolder.conf.sample +++ b/gotify.subfolder.conf.sample @@ -23,4 +23,5 @@ location /gotify/ { set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; + rewrite ^/gotify(/.*) $1 break; } From 43e454b48117d4d76ebc24f2fc0721b6861b5d2c Mon Sep 17 00:00:00 2001 From: "J. Scott Elblein" Date: Tue, 24 May 2022 10:55:36 -0500 Subject: [PATCH 15/31] Create crowdsec-dashboard.subdomain.conf.sample --- crowdsec-dashboard.subdomain.conf.sample | 44 ++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 crowdsec-dashboard.subdomain.conf.sample diff --git a/crowdsec-dashboard.subdomain.conf.sample b/crowdsec-dashboard.subdomain.conf.sample new file mode 100644 index 0000000..a90d8ca --- /dev/null +++ b/crowdsec-dashboard.subdomain.conf.sample @@ -0,0 +1,44 @@ +## Version 2022/05/24 +# make sure that your dns has a cname set for crowdsec-dashboard and that your crowdsec-dashboard container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name crowdsec-dashboard.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app crowdsec-dashboard; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # Uncomment these if you want to lower security, and + # allow running in an iFrame (i.e. Organizr) + #proxy_hide_header Content-Security-Policy; + #proxy_hide_header X-Frame-Options; + } +} From 305d5e2b33a12b54b0f04235ad12dca37fc5d07e Mon Sep 17 00:00:00 2001 From: nomandera <1133344+nomandera@users.noreply.github.com> Date: Sun, 26 Jun 2022 16:44:25 +0000 Subject: [PATCH 16/31] changedetection subdomain sample config Reverse proxy for https://github.com/dgtlmoon/changedetection.io --- changedetection.subdomain.conf | 40 ++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 changedetection.subdomain.conf diff --git a/changedetection.subdomain.conf b/changedetection.subdomain.conf new file mode 100644 index 0000000..0f8fc82 --- /dev/null +++ b/changedetection.subdomain.conf @@ -0,0 +1,40 @@ +## Version 2022/06/25 +# make sure that your dns has a cname set for changedetection and that your changedetection container is named changedetection + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name changedetection.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app changedetection; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From 2ee021f2a651505e0607db1fc03503f25ce7f725 Mon Sep 17 00:00:00 2001 From: nomandera <1133344+nomandera@users.noreply.github.com> Date: Sun, 26 Jun 2022 16:47:35 +0000 Subject: [PATCH 17/31] get_iplayer subdomain sample config --- get_iplayer.subdomain.conf | 40 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 get_iplayer.subdomain.conf diff --git a/get_iplayer.subdomain.conf b/get_iplayer.subdomain.conf new file mode 100644 index 0000000..61adc89 --- /dev/null +++ b/get_iplayer.subdomain.conf @@ -0,0 +1,40 @@ +## Version 2022/06/25 +# make sure that your dns has a cname set for get_iplayer and that your get_iplayer container is named get_iplayer + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name get_iplayer.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app get_iplayer; + set $upstream_port 1935; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From d9843722c170ec13297adebf2581cc4c80b552d0 Mon Sep 17 00:00:00 2001 From: nomandera <1133344+nomandera@users.noreply.github.com> Date: Sun, 26 Jun 2022 16:49:47 +0000 Subject: [PATCH 18/31] jellyseerr subdomain sample config --- jellyseerr.subdomain.conf | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 jellyseerr.subdomain.conf diff --git a/jellyseerr.subdomain.conf b/jellyseerr.subdomain.conf new file mode 100644 index 0000000..f7bdc0f --- /dev/null +++ b/jellyseerr.subdomain.conf @@ -0,0 +1,39 @@ +## Version 2022/06/25 +# make sure that your dns has a cname set for jellyseerr and that your jellyseerr container is named jellyseerr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name jellyseerr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app jellyseerr; + set $upstream_port 5055; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} From 3e1a4cc6cff7694be8df9c7ee436b917cb2abf9f Mon Sep 17 00:00:00 2001 From: nomandera <1133344+nomandera@users.noreply.github.com> Date: Sun, 26 Jun 2022 16:51:22 +0000 Subject: [PATCH 19/31] restore missing template new lne --- jellyseerr.subdomain.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/jellyseerr.subdomain.conf b/jellyseerr.subdomain.conf index f7bdc0f..431be31 100644 --- a/jellyseerr.subdomain.conf +++ b/jellyseerr.subdomain.conf @@ -35,5 +35,6 @@ server { set $upstream_port 5055; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } } From a57d32b7050f3dc78dcee3f62a5fc9bba902e941 Mon Sep 17 00:00:00 2001 From: nomandera <1133344+nomandera@users.noreply.github.com> Date: Sun, 26 Jun 2022 16:55:03 +0000 Subject: [PATCH 20/31] pinry subdomain sample config --- pinry.subdomain.conf | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 pinry.subdomain.conf diff --git a/pinry.subdomain.conf b/pinry.subdomain.conf new file mode 100644 index 0000000..8574c07 --- /dev/null +++ b/pinry.subdomain.conf @@ -0,0 +1,40 @@ +## Version 2022/06/25 +# make sure that your dns has a cname set for pinry and that your pinry container is named pinry + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name pinry.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app pinry; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From e80a833430451b6c5ea2f4f59ee267fc281b0624 Mon Sep 17 00:00:00 2001 From: nomandera <1133344+nomandera@users.noreply.github.com> Date: Sun, 26 Jun 2022 16:57:06 +0000 Subject: [PATCH 21/31] make ext .sample --- ...ection.subdomain.conf => changedetection.subdomain.conf.sample | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename changedetection.subdomain.conf => changedetection.subdomain.conf.sample (100%) diff --git a/changedetection.subdomain.conf b/changedetection.subdomain.conf.sample similarity index 100% rename from changedetection.subdomain.conf rename to changedetection.subdomain.conf.sample From c62dadbf16e21600d7a862f32f871c0ea4b14a26 Mon Sep 17 00:00:00 2001 From: nomandera <1133344+nomandera@users.noreply.github.com> Date: Sun, 26 Jun 2022 16:58:05 +0000 Subject: [PATCH 22/31] make ext .sample --- jellyseerr.subdomain.conf => jellyseerr.subdomain.conf.sample | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename jellyseerr.subdomain.conf => jellyseerr.subdomain.conf.sample (100%) diff --git a/jellyseerr.subdomain.conf b/jellyseerr.subdomain.conf.sample similarity index 100% rename from jellyseerr.subdomain.conf rename to jellyseerr.subdomain.conf.sample From 149e985448f7d68a803e12ef094c390065cd8f8b Mon Sep 17 00:00:00 2001 From: nomandera <1133344+nomandera@users.noreply.github.com> Date: Sun, 26 Jun 2022 16:58:39 +0000 Subject: [PATCH 23/31] make ext .sample --- pinry.subdomain.conf => pinry.subdomain.conf.sample | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename pinry.subdomain.conf => pinry.subdomain.conf.sample (100%) diff --git a/pinry.subdomain.conf b/pinry.subdomain.conf.sample similarity index 100% rename from pinry.subdomain.conf rename to pinry.subdomain.conf.sample From 013ba8a634a2d95b8a84895ecdc86913a6fbc304 Mon Sep 17 00:00:00 2001 From: nomandera <1133344+nomandera@users.noreply.github.com> Date: Sun, 26 Jun 2022 16:59:10 +0000 Subject: [PATCH 24/31] make ext .sample --- get_iplayer.subdomain.conf => get_iplayer.subdomain.conf.sample | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename get_iplayer.subdomain.conf => get_iplayer.subdomain.conf.sample (100%) diff --git a/get_iplayer.subdomain.conf b/get_iplayer.subdomain.conf.sample similarity index 100% rename from get_iplayer.subdomain.conf rename to get_iplayer.subdomain.conf.sample From 04d1016d0b810d3b87b94ffd8a35d6decdf55bed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paulius=20Vali=C5=ABnas?= <66480813+paulius-valiunas@users.noreply.github.com> Date: Thu, 7 Jul 2022 14:12:34 +0300 Subject: [PATCH 25/31] fix bitwarden's admin page this looks like a copy/paste error? --- bitwarden.subfolder.conf.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bitwarden.subfolder.conf.sample b/bitwarden.subfolder.conf.sample index 7205be5..5ce9c21 100644 --- a/bitwarden.subfolder.conf.sample +++ b/bitwarden.subfolder.conf.sample @@ -40,7 +40,7 @@ location ~ (/bitwarden)?/admin { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; - set $upstream_app vaultwarden; + set $upstream_app bitwarden; set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; From badf4dab6e890e2f2b2f7ab884ec81e264dea623 Mon Sep 17 00:00:00 2001 From: Roxedus Date: Thu, 21 Jul 2022 20:59:13 +0200 Subject: [PATCH 26/31] Bump checkout --- .github/workflows/check_samples.yml | 80 ++++++++++++++--------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index af4c79b..3ff7c56 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -2,54 +2,54 @@ name: Check Samples on: push: - branches: [ master ] + branches: [master] pull_request: - branches: [ master ] + branches: [master] jobs: check-allowed-file-names: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - - name: Check Allowed File Names - run: | - NOT_SAMPLES=$(find . -not -path '*/\.*' -type f ! \( -name '*.conf.sample' -o -name 'README.md' -o -name 'LICENSE' \)) - NOT_SAMPLES_COUNT=$(echo "${NOT_SAMPLES}" | wc -w) - if (( NOT_SAMPLES_COUNT > 0 )); then - echo "The following files have extensions that are not allowed:" - echo "${NOT_SAMPLES}" - exit 1 - fi + - name: Check Allowed File Names + run: | + NOT_SAMPLES=$(find . -not -path '*/\.*' -type f ! \( -name '*.conf.sample' -o -name 'README.md' -o -name 'LICENSE' \)) + NOT_SAMPLES_COUNT=$(echo "${NOT_SAMPLES}" | wc -w) + if (( NOT_SAMPLES_COUNT > 0 )); then + echo "The following files have extensions that are not allowed:" + echo "${NOT_SAMPLES}" + exit 1 + fi - - name: Check Executable Bit - run: | - EXECUTABLE_BIT=$(find . -not -path '*/\.*' -type f -executable) - EXECUTABLE_BIT_COUNT=$(echo "${EXECUTABLE_BIT}" | wc -w) - if (( EXECUTABLE_BIT_COUNT > 0 )); then - echo "The following files have executable permissions (not allowed):" - echo "${EXECUTABLE_BIT}" - exit 1 - fi + - name: Check Executable Bit + run: | + EXECUTABLE_BIT=$(find . -not -path '*/\.*' -type f -executable) + EXECUTABLE_BIT_COUNT=$(echo "${EXECUTABLE_BIT}" | wc -w) + if (( EXECUTABLE_BIT_COUNT > 0 )); then + echo "The following files have executable permissions (not allowed):" + echo "${EXECUTABLE_BIT}" + exit 1 + fi - - name: Check Line Endings - run: | - CRLF_ENDINGS=$(find . -not -path '*/\.*' -type f -exec file "{}" ";" | grep CRLF || true) - CRLF_ENDINGS_COUNT=$(echo "${CRLF_ENDINGS}" | wc -w) - if (( CRLF_ENDINGS_COUNT > 0 )); then - echo "The following files have CRLF line endings (not allowed):" - echo "${CRLF_ENDINGS}" - exit 1 - fi + - name: Check Line Endings + run: | + CRLF_ENDINGS=$(find . -not -path '*/\.*' -type f -exec file "{}" ";" | grep CRLF || true) + CRLF_ENDINGS_COUNT=$(echo "${CRLF_ENDINGS}" | wc -w) + if (( CRLF_ENDINGS_COUNT > 0 )); then + echo "The following files have CRLF line endings (not allowed):" + echo "${CRLF_ENDINGS}" + exit 1 + fi - - name: Check Version Date Line Exists - run: | - # Date regex based on https://www.html5pattern.com/Dates - VERSION_LINE_MISSING=$(find . -not -path '*/\.*' -type f -name '*.conf.sample' -exec grep -H -c -P '^## Version (?:19|20|21)[0-9]{2}/(?:(?:0[1-9]|1[0-2])/(?:0[1-9]|1[0-9]|2[0-9])|(?:(?!02)(?:0[1-9]|1[0-2])/(?:30))|(?:(?:0[13578]|1[02])/31))$' {} \; | grep 0$ | cut -d':' -f1) - VERSION_LINE_MISSING_COUNT=$(echo "${VERSION_LINE_MISSING}" | wc -w) - if (( VERSION_LINE_MISSING_COUNT > 0 )); then - echo "The following files are missing the version date line or it is not formatted correctly (YYYY/MM/DD):" - echo "${VERSION_LINE_MISSING}" - exit 1 - fi + - name: Check Version Date Line Exists + run: | + # Date regex based on https://www.html5pattern.com/Dates + VERSION_LINE_MISSING=$(find . -not -path '*/\.*' -type f -name '*.conf.sample' -exec grep -H -c -P '^## Version (?:19|20|21)[0-9]{2}/(?:(?:0[1-9]|1[0-2])/(?:0[1-9]|1[0-9]|2[0-9])|(?:(?!02)(?:0[1-9]|1[0-2])/(?:30))|(?:(?:0[13578]|1[02])/31))$' {} \; | grep 0$ | cut -d':' -f1) + VERSION_LINE_MISSING_COUNT=$(echo "${VERSION_LINE_MISSING}" | wc -w) + if (( VERSION_LINE_MISSING_COUNT > 0 )); then + echo "The following files are missing the version date line or it is not formatted correctly (YYYY/MM/DD):" + echo "${VERSION_LINE_MISSING}" + exit 1 + fi From 4df1c8c537e1ebac539746d35d60a094bcd03624 Mon Sep 17 00:00:00 2001 From: Roxedus Date: Thu, 21 Jul 2022 21:24:21 +0200 Subject: [PATCH 27/31] Annotate files --- .github/workflows/check_samples.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index 3ff7c56..4c508dd 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -18,8 +18,9 @@ jobs: NOT_SAMPLES=$(find . -not -path '*/\.*' -type f ! \( -name '*.conf.sample' -o -name 'README.md' -o -name 'LICENSE' \)) NOT_SAMPLES_COUNT=$(echo "${NOT_SAMPLES}" | wc -w) if (( NOT_SAMPLES_COUNT > 0 )); then - echo "The following files have extensions that are not allowed:" - echo "${NOT_SAMPLES}" + for i in ${NOT_SAMPLES}; do + echo "::error file=${i},line=1,title=Disallowed filenames::This file extension is not allowed, only .sample is allowed" + done exit 1 fi From 75218de62a51cc7b4b5a2d6187b2d44abf483076 Mon Sep 17 00:00:00 2001 From: Roxedus Date: Thu, 21 Jul 2022 22:25:59 +0200 Subject: [PATCH 28/31] Annotate exec bit --- .github/workflows/check_samples.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index 4c508dd..1d5a3e7 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -29,8 +29,9 @@ jobs: EXECUTABLE_BIT=$(find . -not -path '*/\.*' -type f -executable) EXECUTABLE_BIT_COUNT=$(echo "${EXECUTABLE_BIT}" | wc -w) if (( EXECUTABLE_BIT_COUNT > 0 )); then - echo "The following files have executable permissions (not allowed):" - echo "${EXECUTABLE_BIT}" + for i in ${EXECUTABLE_BIT}; do + echo "::error file=${i},line=1,title=Executable Bit::This file is set as exectutable, which is not allowed" + done exit 1 fi From 39a4e158f88aa9e4b652554e7210c4832cbe4666 Mon Sep 17 00:00:00 2001 From: Roxedus Date: Thu, 21 Jul 2022 22:35:20 +0200 Subject: [PATCH 29/31] Annotate CRLF --- .github/workflows/check_samples.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index 1d5a3e7..4c7e928 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -40,8 +40,9 @@ jobs: CRLF_ENDINGS=$(find . -not -path '*/\.*' -type f -exec file "{}" ";" | grep CRLF || true) CRLF_ENDINGS_COUNT=$(echo "${CRLF_ENDINGS}" | wc -w) if (( CRLF_ENDINGS_COUNT > 0 )); then - echo "The following files have CRLF line endings (not allowed):" - echo "${CRLF_ENDINGS}" + for i in ${CRLF_ENDINGS}; do + echo "::error file=${i},line=1,title=Line Endings::This file has CRLF (Windows) line endings, which is not allowed" + done exit 1 fi From 810ab47df1d9ded063226a045497e5336a922f08 Mon Sep 17 00:00:00 2001 From: Roxedus Date: Thu, 21 Jul 2022 22:35:53 +0200 Subject: [PATCH 30/31] Annotate Version Line --- .github/workflows/check_samples.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index 4c7e928..3a6c363 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -52,7 +52,8 @@ jobs: VERSION_LINE_MISSING=$(find . -not -path '*/\.*' -type f -name '*.conf.sample' -exec grep -H -c -P '^## Version (?:19|20|21)[0-9]{2}/(?:(?:0[1-9]|1[0-2])/(?:0[1-9]|1[0-9]|2[0-9])|(?:(?!02)(?:0[1-9]|1[0-2])/(?:30))|(?:(?:0[13578]|1[02])/31))$' {} \; | grep 0$ | cut -d':' -f1) VERSION_LINE_MISSING_COUNT=$(echo "${VERSION_LINE_MISSING}" | wc -w) if (( VERSION_LINE_MISSING_COUNT > 0 )); then - echo "The following files are missing the version date line or it is not formatted correctly (YYYY/MM/DD):" - echo "${VERSION_LINE_MISSING}" + for i in ${VERSION_LINE_MISSING}; do + echo "::error file=${i},line=1,title=Version Line::This file is missing the version date line or it is not formatted correctly (YYYY/MM/DD)" + done exit 1 fi From 6270e560b7ab1fae2989621b68ac3d5bf1d4826e Mon Sep 17 00:00:00 2001 From: Doug Hitchcock Date: Fri, 12 Aug 2022 16:02:23 -0500 Subject: [PATCH 31/31] add missing semicolon --- monica.subdomain.conf.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monica.subdomain.conf.sample b/monica.subdomain.conf.sample index 3628d94..46d6044 100644 --- a/monica.subdomain.conf.sample +++ b/monica.subdomain.conf.sample @@ -32,7 +32,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app monica; - set $upstream_port 80 + set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; }