github/reverse-proxy-confs
1
0
Fork 0
mirror of https://github.com/linuxserver/reverse-proxy-confs.git synced 2025-08-19 13:00:37 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'upstream/master' into netbox

Browse source
This commit is contained in:
ksurl 2022-08-22 21:40:43 -07:00
commit 612f26a54e
22 changed files with 657 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

84
.github/workflows/check_samples.yml vendored
View file

@ -2,54 +2,58 @@ name: Check Samples
on:
push:
branches: [ master ]
branches: [master]
pull_request:
branches: [ master ]
branches: [master]
jobs:
check-allowed-file-names:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Check Allowed File Names
run: |
NOT_SAMPLES=$(find . -not -path '*/\.*' -type f ! \( -name '*.conf.sample' -o -name 'README.md' -o -name 'LICENSE' \))
NOT_SAMPLES_COUNT=$(echo "${NOT_SAMPLES}" | wc -w)
if (( NOT_SAMPLES_COUNT > 0 )); then
echo "The following files have extensions that are not allowed:"
echo "${NOT_SAMPLES}"
exit 1
fi
- name: Check Allowed File Names
run: |
NOT_SAMPLES=$(find . -not -path '*/\.*' -type f ! \( -name '*.conf.sample' -o -name 'README.md' -o -name 'LICENSE' \))
NOT_SAMPLES_COUNT=$(echo "${NOT_SAMPLES}" | wc -w)
if (( NOT_SAMPLES_COUNT > 0 )); then
for i in ${NOT_SAMPLES}; do
echo "::error file=${i},line=1,title=Disallowed filenames::This file extension is not allowed, only .sample is allowed"
done
exit 1
fi
- name: Check Executable Bit
run: |
EXECUTABLE_BIT=$(find . -not -path '*/\.*' -type f -executable)
EXECUTABLE_BIT_COUNT=$(echo "${EXECUTABLE_BIT}" | wc -w)
if (( EXECUTABLE_BIT_COUNT > 0 )); then
echo "The following files have executable permissions (not allowed):"
echo "${EXECUTABLE_BIT}"
exit 1
fi
- name: Check Executable Bit
run: |
EXECUTABLE_BIT=$(find . -not -path '*/\.*' -type f -executable)
EXECUTABLE_BIT_COUNT=$(echo "${EXECUTABLE_BIT}" | wc -w)
if (( EXECUTABLE_BIT_COUNT > 0 )); then
for i in ${EXECUTABLE_BIT}; do
echo "::error file=${i},line=1,title=Executable Bit::This file is set as exectutable, which is not allowed"
done
exit 1
fi
- name: Check Line Endings
run: |
CRLF_ENDINGS=$(find . -not -path '*/\.*' -type f -exec file "{}" ";" | grep CRLF || true)
CRLF_ENDINGS_COUNT=$(echo "${CRLF_ENDINGS}" | wc -w)
if (( CRLF_ENDINGS_COUNT > 0 )); then
echo "The following files have CRLF line endings (not allowed):"
echo "${CRLF_ENDINGS}"
exit 1
fi
- name: Check Line Endings
run: |
CRLF_ENDINGS=$(find . -not -path '*/\.*' -type f -exec file "{}" ";" | grep CRLF || true)
CRLF_ENDINGS_COUNT=$(echo "${CRLF_ENDINGS}" | wc -w)
if (( CRLF_ENDINGS_COUNT > 0 )); then
for i in ${CRLF_ENDINGS}; do
echo "::error file=${i},line=1,title=Line Endings::This file has CRLF (Windows) line endings, which is not allowed"
done
exit 1
fi
- name: Check Version Date Line Exists
run: |
# Date regex based on https://www.html5pattern.com/Dates
VERSION_LINE_MISSING=$(find . -not -path '*/\.*' -type f -name '*.conf.sample' -exec grep -H -c -P '^## Version (?:19|20|21)[0-9]{2}/(?:(?:0[1-9]|1[0-2])/(?:0[1-9]|1[0-9]|2[0-9])|(?:(?!02)(?:0[1-9]|1[0-2])/(?:30))|(?:(?:0[13578]|1[02])/31))$' {} \; | grep 0$ | cut -d':' -f1)
VERSION_LINE_MISSING_COUNT=$(echo "${VERSION_LINE_MISSING}" | wc -w)
if (( VERSION_LINE_MISSING_COUNT > 0 )); then
echo "The following files are missing the version date line or it is not formatted correctly (YYYY/MM/DD):"
echo "${VERSION_LINE_MISSING}"
exit 1
fi
- name: Check Version Date Line Exists
run: |
# Date regex based on https://www.html5pattern.com/Dates
VERSION_LINE_MISSING=$(find . -not -path '*/\.*' -type f -name '*.conf.sample' -exec grep -H -c -P '^## Version (?:19|20|21)[0-9]{2}/(?:(?:0[1-9]|1[0-2])/(?:0[1-9]|1[0-9]|2[0-9])|(?:(?!02)(?:0[1-9]|1[0-2])/(?:30))|(?:(?:0[13578]|1[02])/31))$' {} \; | grep 0$ | cut -d':' -f1)
VERSION_LINE_MISSING_COUNT=$(echo "${VERSION_LINE_MISSING}" | wc -w)
if (( VERSION_LINE_MISSING_COUNT > 0 )); then
for i in ${VERSION_LINE_MISSING}; do
echo "::error file=${i},line=1,title=Version Line::This file is missing the version date line or it is not formatted correctly (YYYY/MM/DD)"
done
exit 1
fi

40
audiobookshelf.subdomain.conf.sample Normal file
View file

@ -0,0 +1,40 @@
## Version 2021/05/18
# make sure that your dns has a cname set for audiobookshelf and that your audiobookshelf container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name audiobookshelf.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app audiobookshelf;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

23
audiobookshelf.subfolder.conf.sample Normal file
View file

@ -0,0 +1,23 @@
## Version 2021/05/18
# set the CONTEXT_PATH variable to /audiobookshelf in audiobookshelf container.
location ^~ /audiobookshelf {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia, also enable authelia-server.conf in the default site config
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app audiobookshelf;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}

40
babybuddy.subdomain.conf.sample Normal file
View file

@ -0,0 +1,40 @@
## Version 2022/05/10
# make sure that your dns has a cname set for babybuddy
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name babybuddy.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app babybuddy;
set $upstream_port 8000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

2
bitwarden.subfolder.conf.sample
View file

@ -40,7 +40,7 @@ location ~ (/bitwarden)?/admin {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app vaultwarden;
set $upstream_app bitwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;

29
calibre.subdomain.conf.sample
View file

@ -1,5 +1,8 @@
## Version 2021/05/18
## Version 2022/03/29
# make sure that your dns has a cname set for calibre
# for the content server, go into calibre preferences / sharing over the net / advanced and
# set the first option for prefix url to '/content-server', save and restart the container
# the content server will be accessible at 'https://calibre.domain.com/content-server/'
server {
listen 443 ssl;
@ -38,4 +41,28 @@ server {
proxy_buffering off;
}
location /content-server {
return 301 $scheme://$host/content-server/;
}
location ^~ /content-server/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app calibre;
set $upstream_port 8081;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

30
calibre.subfolder.conf.sample
View file

@ -1,5 +1,8 @@
## Version 2021/06/28
## Version 2022/03/29
# In calibre docker arguments, set an env variable for SUBFOLDER=/calibre/
# for the content server, go into calibre preferences / sharing over the net / advanced and
# set the first option for prefix url to '/content-server', save and restart the container
# the content server will be accessible at 'https://domain.com/content-server/'
location /calibre {
return 301 $scheme://$host/calibre/;
@ -25,3 +28,28 @@ location ^~ /calibre/ {
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /content-server {
return 301 $scheme://$host/content-server/;
}
location ^~ /content-server/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia, also enable authelia-server.conf in the default site config
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app calibre;
set $upstream_port 8081;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}

40
changedetection.subdomain.conf.sample Normal file
View file

@ -0,0 +1,40 @@
## Version 2022/06/25
# make sure that your dns has a cname set for changedetection and that your changedetection container is named changedetection
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name changedetection.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app changedetection;
set $upstream_port 5000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

44
crowdsec-dashboard.subdomain.conf.sample Normal file
View file

@ -0,0 +1,44 @@
## Version 2022/05/24
# make sure that your dns has a cname set for crowdsec-dashboard and that your crowdsec-dashboard container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name crowdsec-dashboard.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app crowdsec-dashboard;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# Uncomment these if you want to lower security, and
# allow running in an iFrame (i.e. Organizr)
#proxy_hide_header Content-Security-Policy;
#proxy_hide_header X-Frame-Options;
}
}

39
firefly.subdomain.conf.sample Normal file
View file

@ -0,0 +1,39 @@
## Version 2021/05/18
# make sure that your dns has a cname set for firefly and that your firefly container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name firefly.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app firefly;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

40
firefox.subdomain.conf.sample Normal file
View file

@ -0,0 +1,40 @@
## Version 2021/05/18
# make sure that your dns has a cname set for firefox and that your firefox container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name firefox.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app firefox;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

40
get_iplayer.subdomain.conf.sample Normal file
View file

@ -0,0 +1,40 @@
## Version 2022/06/25
# make sure that your dns has a cname set for get_iplayer and that your get_iplayer container is named get_iplayer
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name get_iplayer.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app get_iplayer;
set $upstream_port 1935;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

1
gotify.subfolder.conf.sample
View file

@ -23,4 +23,5 @@ location /gotify/ {
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite ^/gotify(/.*) $1 break;
}

9
grocy.subdomain.conf.sample
View file

@ -37,4 +37,13 @@ server {
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app grocy;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

40
jellyseerr.subdomain.conf.sample Normal file
View file

@ -0,0 +1,40 @@
## Version 2022/06/25
# make sure that your dns has a cname set for jellyseerr and that your jellyseerr container is named jellyseerr
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name jellyseerr.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app jellyseerr;
set $upstream_port 5055;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

28
lychee.subfolder.conf.sample Normal file
View file

@ -0,0 +1,28 @@
## Version 2021/10/29
# lychee does not require a base url setting
location /lychee {
return 301 $scheme://$host/lychee/;
}
location /lychee/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia, also enable authelia-server.conf in the default site config
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app lychee;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /lychee(.*) $1 break;
}

39
monica.subdomain.conf.sample Normal file
View file

@ -0,0 +1,39 @@
## Version 2022/04/27
# make sure that your dns has a cname set for monica.
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name monica.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app monica;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

27
monica.subfolder.conf.sample Normal file
View file

@ -0,0 +1,27 @@
## Version 2021/05/18
# Set the monica Docker container's APP_URL to a fully-qualified domain that ends with /monica/ and restart the container.
# Example: https://yourhost.cc/monica/
location /monica {
return 301 $scheme://$host/monica/;
}
location ^~ /monica/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia, also enable authelia-server.conf in the default site config
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app monica;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}

3
openhab.subdomain.conf.sample
View file

@ -14,6 +14,9 @@ server {
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";

38
pgadmin.subdomain.conf.sample Normal file
View file

@ -0,0 +1,38 @@
## Version 2022/04/18
# make sure that your dns has a cname set for pgadmin and that your pgadmin container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name pgadmin.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app pgadmin;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# Uncomment to allow loading in an iframe (i.e. Organizr)
#proxy_hide_header X-Frame-Options;
}
}

40
pinry.subdomain.conf.sample Normal file
View file

@ -0,0 +1,40 @@
## Version 2022/06/25
# make sure that your dns has a cname set for pinry and that your pinry container is named pinry
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name pinry.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app pinry;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

24
wordpress.subfolder.conf.sample Normal file
View file

@ -0,0 +1,24 @@
## Version 2022/02/24
# In order to use this location block you need to edit the default file one folder up and comment out the / location as well as the "~ \.php$" location
# tested with the official wordpress docker image
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia, also enable authelia-server.conf in the default site config
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app wordpress;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}