diff --git a/.github/workflows/call-issue-pr-tracker.yml b/.github/workflows/call-issue-pr-tracker.yml index 87243e2..2c30784 100644 --- a/.github/workflows/call-issue-pr-tracker.yml +++ b/.github/workflows/call-issue-pr-tracker.yml @@ -2,9 +2,11 @@ name: Issue & PR Tracker on: issues: - types: [opened,reopened,labeled,unlabeled] + types: [opened,reopened,labeled,unlabeled,closed] pull_request_target: - types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled] + types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed] + pull_request_review: + types: [submitted,edited,dismissed] jobs: manage-project: diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index 31da960..454ef98 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3.5.0 + uses: actions/checkout@v3.5.2 - name: Check Allowed File Names run: | @@ -58,3 +58,24 @@ jobs: done exit 1 fi + + - name: Check Nginx Conf Validity + run: | + curl -fsL "https://raw.githubusercontent.com/linuxserver/docker-swag/master/root/defaults/nginx/proxy.conf.sample" -o proxy.conf + docker run -d --rm --name nginx -v "${GITHUB_WORKSPACE}:/testconfs:ro" ghcr.io/linuxserver/nginx + sleep 5 + docker exec nginx bash -c "\ + mkdir -p /config/nginx/proxy-confs && \ + cp /testconfs/*.conf.sample /config/nginx/proxy-confs/ && \ + cp /testconfs/proxy.conf /config/nginx/ && \ + rm -rf /config/nginx/proxy-confs/{_template.sub*,heimdall.subf*,boinc.subf*,organizr.subf*,wordpress.subf*} && \ + echo 'include /config/nginx/proxy-confs/*.subdomain.conf.sample;' >> /config/nginx/site-confs/default.conf && \ + sed -i -r 's|(root \\\$root;)|\1\ninclude /config/nginx/proxy-confs/*.subfolder.conf.sample;|' /config/nginx/site-confs/default.conf" + VALIDITY=$(docker exec nginx nginx -t 2>&1) || : + echo "${VALIDITY}" + echo "${VALIDITY}" >> $GITHUB_STEP_SUMMARY + if ! docker exec nginx nginx -t >/dev/null 2>&1; then + docker stop nginx + exit 1 + fi + docker stop nginx diff --git a/authelia.subdomain.conf.sample b/authelia.subdomain.conf.sample index fd06a73..39ab801 100644 --- a/authelia.subdomain.conf.sample +++ b/authelia.subdomain.conf.sample @@ -1,10 +1,6 @@ -## Version 2023/02/12 +## Version 2023/04/29 # make sure that your authelia container is named authelia # make sure that your dns has a cname set for authelia -# the default authelia-server and authelia-location confs included with swag rely on -# a built-in subfolder proxy at "/authelia" and enabling this proxy conf is not necessary. -# But if you'd like to use authelia via subdomain, you can enable this proxy and set -# the $authelia_backed variable in the authelia-server.conf. server { listen 443 ssl; @@ -36,22 +32,4 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - - location ~ (/authelia)?/metrics { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # block metrics access by default because it is unprotected - # you can comment out the next line to enable remote metrics - deny all; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app authelia; - set $upstream_port 9959; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } } diff --git a/authentik.subdomain.conf.sample b/authentik.subdomain.conf.sample index 7b22778..d5c2faf 100644 --- a/authentik.subdomain.conf.sample +++ b/authentik.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/12 +## Version 2023/04/14 # make sure that your authentik container is named authentik-server # make sure that your dns has a cname set for authentik @@ -32,22 +32,4 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - - location ~ (/authentik)?/metrics { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # block metrics access by default because it is unprotected - # you can comment out the next line to enable remote metrics - deny all; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app authentik-server; - set $upstream_port 9300; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } } diff --git a/dsmrreader.subdomain.conf.sample b/dsmrreader.subdomain.conf.sample new file mode 100644 index 0000000..4b1c3ec --- /dev/null +++ b/dsmrreader.subdomain.conf.sample @@ -0,0 +1,46 @@ +## Version 2023/02/05 +# make sure that your dsmr container is named dsmr +# make sure that your dns has a cname set for dsmr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name dsmr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app dsmr; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/duplicacy.subdomain.conf.sample b/duplicacy.subdomain.conf.sample new file mode 100644 index 0000000..b3ca97d --- /dev/null +++ b/duplicacy.subdomain.conf.sample @@ -0,0 +1,46 @@ +## Version 2023/04/13 +# make sure that your duplicacy container is named duplicacy +# make sure that your dns has a cname set for duplicacy + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name duplicacy.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app duplicacy; + set $upstream_port 3875; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/esphome.subdomain.conf.sample b/esphome.subdomain.conf.sample new file mode 100644 index 0000000..39455d8 --- /dev/null +++ b/esphome.subdomain.conf.sample @@ -0,0 +1,46 @@ +## Version 2023/02/05 +# make sure that your esphome container is named esphome +# make sure that your dns has a cname set for esphome + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name esphome.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app esphome; + set $upstream_port 6052; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/grafana.subdomain.conf.sample b/grafana.subdomain.conf.sample index 7e1a95e..b0531fc 100644 --- a/grafana.subdomain.conf.sample +++ b/grafana.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/12 +## Version 2023/04/20 # make sure that your grafana container is named grafana # make sure that your dns has a cname set for grafana @@ -55,23 +55,8 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } - - location ~ (/grafana)?/metrics { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # block metrics access by default because it is unprotected - # you can comment out the next line to enable remote metrics - deny all; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app grafana; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # Clear Authorization Header if you are using http auth and normal Grafana auth + #proxy_set_header Authorization ""; } } diff --git a/grafana.subfolder.conf.sample b/grafana.subfolder.conf.sample index b6f9a36..f460c48 100644 --- a/grafana.subfolder.conf.sample +++ b/grafana.subfolder.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/12 +## Version 2023/04/20 # make sure that your grafana container is named grafana # make sure that grafana is set to work with the base url /grafana/ # grafana requires environment variables set thus: @@ -22,10 +22,10 @@ location ^~ /grafana/ { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; - set $upstream_grafana grafana; + set $upstream_app grafana; set $upstream_port 3000; set $upstream_proto http; - proxy_pass http://$upstream_grafana:$upstream_port ; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; # Clear Authorization Header if you are using http auth and normal Grafana auth #proxy_set_header Authorization ""; @@ -37,33 +37,10 @@ location ^~ /grafana/ { location ^~ /grafana/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; - set $upstream_grafana grafana; + set $upstream_app grafana; set $upstream_port 3000; set $upstream_proto http; - proxy_pass http://$upstream_grafana:$upstream_port ; - - # Clear Authorization Header if you are using http auth and normal Grafana auth - #proxy_set_header Authorization ""; - - rewrite ^/grafana/(.*)$ /$1 break; - -} - -location ^~ /grafana/metrics { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # block metrics access by default because it is unprotected - # you can comment out the next line to enable remote metrics - deny all; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_grafana grafana; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass http://$upstream_grafana:$upstream_port ; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; # Clear Authorization Header if you are using http auth and normal Grafana auth #proxy_set_header Authorization ""; diff --git a/homarr.subdomain.conf.sample b/homarr.subdomain.conf.sample new file mode 100644 index 0000000..eb9123b --- /dev/null +++ b/homarr.subdomain.conf.sample @@ -0,0 +1,45 @@ +## Version 2023/02/05 +# make sure that your homarr container is named homarr +# make sure that your dns has a cname set for homarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name homarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app homarr; + set $upstream_port 7575; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/jfa-go.subdomain.conf.sample b/jfa-go.subdomain.conf.sample new file mode 100644 index 0000000..42183ad --- /dev/null +++ b/jfa-go.subdomain.conf.sample @@ -0,0 +1,46 @@ +## Version 2023/04/16 +# make sure that your jfa-go container is named jfa-go +# make sure that your dns has a cname set for jfa-go + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name jfa-go.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app jfa-go; + set $upstream_port 8056; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/jfa-go.subfolder.conf.sample b/jfa-go.subfolder.conf.sample new file mode 100644 index 0000000..0709ebc --- /dev/null +++ b/jfa-go.subfolder.conf.sample @@ -0,0 +1,33 @@ +## Version 2023/02/05 +# make sure that your jfa-go container is named jfa-go +# make sure to set the URL base (“Reverse Proxy subfolder”) in jfa-go > Settings > General (ui > url_base in jfa-go config.ini) to "/jfa-go/" + +location /jfa-go { + return 301 $scheme://$host/jfa-go/; +} + +location ^~ /jfa-go/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app jfa-go; + set $upstream_port 8056; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # Remove the CSP header set for Jellyfin + proxy_hide_header Content-Security-Policy; + add_header Content-Security-Policy ""; +} diff --git a/kasm.subdomain.conf.sample b/kasm.subdomain.conf.sample new file mode 100644 index 0000000..bb5b501 --- /dev/null +++ b/kasm.subdomain.conf.sample @@ -0,0 +1,96 @@ +## Version 2023/04/18 +# make sure that your kasm container is named kasm +# make sure that your dns has a cname set for kasm and kasm-wizard + +# This configuration assumes 8443 with the environment variable -e KASM_PORT=8443 set adjust to your needs +# Post installation you will need to access Kasm > Admin > Zones > default zone (edit) and modify +# Proxy Port to 0 as documented https://www.kasmweb.com/docs/latest/how_to/reverse_proxy.html#update-zones +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name kasm.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app kasm; + set $upstream_port 8443; + set $upstream_proto https; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + +} + +# Wizard UI - Please enable some form of auth if publishing to the internet +# Or simply remove this and access it locally +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name kasm-wizard.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app kasm; + set $upstream_port 3000; + set $upstream_proto https; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + +} diff --git a/kavita.subfolder.conf.sample b/kavita.subfolder.conf.sample new file mode 100644 index 0000000..3d365d4 --- /dev/null +++ b/kavita.subfolder.conf.sample @@ -0,0 +1,40 @@ +## Version 2023/04/13 +# make sure that your kavita container is named kavita +# make sure that kavita is set to work with the base url /kavita/ + +location /kavita { + return 301 $scheme://$host/kavita/; +} + +location ^~ /kavita/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app kavita; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ^~ /kavita/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app kavita; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/notifiarr.subdomain.conf.sample b/notifiarr.subdomain.conf.sample new file mode 100644 index 0000000..3e849c0 --- /dev/null +++ b/notifiarr.subdomain.conf.sample @@ -0,0 +1,45 @@ +## Version 2023/02/05 +# make sure that your notifiarr container is named notifiarr +# make sure that your dns has a cname set for notifiarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name notifiarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app notifiarr; + set $upstream_port 5454; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} \ No newline at end of file diff --git a/oogway.subdomain.conf.sample b/oogway.subdomain.conf.sample new file mode 100644 index 0000000..06734f6 --- /dev/null +++ b/oogway.subdomain.conf.sample @@ -0,0 +1,47 @@ +## Version 2023/04/13 +# make sure that your oogway container is named oogway +# make sure that your dns has a cname set for oogway + + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name oogway.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app oogway; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/prometheus.subdomain.conf.sample b/prometheus.subdomain.conf.sample index b937208..52dc178 100644 --- a/prometheus.subdomain.conf.sample +++ b/prometheus.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/12 +## Version 2023/04/14 # make sure that your prometheus container is named prometheus # make sure that your dns has a cname set for prometheus @@ -67,22 +67,4 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - - location ~ (/prometheus)?/metrics { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # block metrics access by default because it is unprotected - # you can comment out the next line to enable remote metrics - deny all; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app prometheus; - set $upstream_port 9090; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } } diff --git a/wizarr.subdomain.conf.sample b/wizarr.subdomain.conf.sample new file mode 100644 index 0000000..f22eeaf --- /dev/null +++ b/wizarr.subdomain.conf.sample @@ -0,0 +1,45 @@ +## Version 2023/02/05 +# make sure that your wizarr container is named wizarr +# make sure that your dns has a cname set for wizarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name wizarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app wizarr; + set $upstream_port 5690; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} \ No newline at end of file