From c147db7e8c79fea21e69b48b0351a886496f3c46 Mon Sep 17 00:00:00 2001 From: morpheus65535 Date: Mon, 17 Jan 2022 23:30:10 -0500 Subject: [PATCH 01/29] Added Duplicacy configuration files --- duplicacy.subdomain.conf.sample | 40 +++++++++++ duplicacy.subfolder.conf.sample | 120 ++++++++++++++++++++++++++++++++ 2 files changed, 160 insertions(+) create mode 100644 duplicacy.subdomain.conf.sample create mode 100644 duplicacy.subfolder.conf.sample diff --git a/duplicacy.subdomain.conf.sample b/duplicacy.subdomain.conf.sample new file mode 100644 index 0000000..96696ae --- /dev/null +++ b/duplicacy.subdomain.conf.sample @@ -0,0 +1,40 @@ +## Version 2022/01/17 +# make sure that your dns has a cname set for duplicacy + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name duplicacy.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app duplicacy; + set $upstream_port 3875; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/duplicacy.subfolder.conf.sample b/duplicacy.subfolder.conf.sample new file mode 100644 index 0000000..4f95b1d --- /dev/null +++ b/duplicacy.subfolder.conf.sample @@ -0,0 +1,120 @@ +## Version 2022/01/17 +# duplicacy does not require a base url setting. + +location /duplicacy { + return 301 $scheme://$host/duplicacy/; +} + +location /activate_license { + return 307 $scheme://$host/duplicacy/activate_license; +} + +location /delete_repository { + return 307 $scheme://$host/duplicacy/delete_repository; +} + +location /get_backup_status { + return 301 $scheme://$host/duplicacy/get_backup_status; +} + +location /get_listing_status { + return 307 $scheme://$host/duplicacy/get_listing_status; +} + +location /get_patterns { + return 307 $scheme://$host/duplicacy/get_patterns; +} + +location /get_restore_status { + return 307 $scheme://$host/duplicacy/get_restore_status; +} + +location /get_schedule_status { + return 301 $scheme://$host/duplicacy/get_schedule_status; +} + +location /list_files { + return 307 $scheme://$host/duplicacy/list_files; +} + +location /list_repositories { + return 307 $scheme://$host/duplicacy/list_repositories; +} + +location /list_restore_directory { + return 307 $scheme://$host/duplicacy/list_restore_directory; +} + +location /list_revisions { + return 307 $scheme://$host/duplicacy/list_revisions; +} + +location /list_local_directory { + return 307 $scheme://$host/duplicacy/list_local_directory; +} + +location /save_patterns { + return 307 $scheme://$host/duplicacy/save_patterns; +} + +location /save_repository { + return 307 $scheme://$host/duplicacy/save_repository; +} + +location /save_settings { + return 307 $scheme://$host/duplicacy/save_settings; +} + +location /set_backup_options { + return 307 $scheme://$host/duplicacy/set_backup_options; +} + +location /set_backup_report_url { + return 307 $scheme://$host/duplicacy/set_backup_report_url; +} + +location /set_cli_stable_version { + return 307 $scheme://$host/duplicacy/set_cli_stable_version; +} + +location /start_restore { + return 307 $scheme://$host/duplicacy/start_restore; +} + +location /start_stop_backup { + return 307 $scheme://$host/duplicacy/start_stop_backup; +} + +location /start_stop_schedule { + return 307 $scheme://$host/duplicacy/start_stop_schedule; +} + +location /stop_restore { + return 307 $scheme://$host/duplicacy/stop_restore; +} + +location /update_listing_session { + return 307 $scheme://$host/duplicacy/update_listing_session; +} + +location ^~ /duplicacy/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app duplicacy; + set $upstream_port 3875; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /duplicacy(.*) $1 break; +} From 42a170066068b19bad72dca384715a3989d4663f Mon Sep 17 00:00:00 2001 From: roib20 <66280613+roib20@users.noreply.github.com> Date: Mon, 20 Feb 2023 00:20:54 +0200 Subject: [PATCH 02/29] Add jfa-go conf Signed-off-by: roib20 <66280613+roib20@users.noreply.github.com> --- jfa-go.subdomain.conf.sample | 44 ++++++++++++++++++++++++++++++++++++ jfa-go.subfolder.conf.sample | 29 ++++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 jfa-go.subdomain.conf.sample create mode 100644 jfa-go.subfolder.conf.sample diff --git a/jfa-go.subdomain.conf.sample b/jfa-go.subdomain.conf.sample new file mode 100644 index 0000000..18718af --- /dev/null +++ b/jfa-go.subdomain.conf.sample @@ -0,0 +1,44 @@ +## Version 2023/02/05 +# make sure that your jfa-go container is named jfa-go +# make sure that your dns has a cname set for jfa-go + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name jfa-go.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app jfa-go; + set $upstream_port 8056; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; +} diff --git a/jfa-go.subfolder.conf.sample b/jfa-go.subfolder.conf.sample new file mode 100644 index 0000000..e0488dc --- /dev/null +++ b/jfa-go.subfolder.conf.sample @@ -0,0 +1,29 @@ +## Version 2023/02/05 +# make sure that your jfa-go container is named jfa-go +# make sure to go into jfa-go Settings, under "General" set the Reverse Proxy subfolder to "/jfa-go/" and restart the jfa-go container + +location /jfa-go { + return 301 $scheme://$host/jfa-go/; +} + +location ^~ /jfa-go/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app jfa-go; + set $upstream_port 8056; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; +} From 006fc0636d8a4df235d2cfc579d6f662fcff1b2e Mon Sep 17 00:00:00 2001 From: roib20 <66280613+roib20@users.noreply.github.com> Date: Mon, 20 Feb 2023 13:17:47 +0200 Subject: [PATCH 03/29] Update jfa-go confs to conform to jfa-go wiki Signed-off-by: roib20 <66280613+roib20@users.noreply.github.com> --- jfa-go.subfolder.conf.sample | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/jfa-go.subfolder.conf.sample b/jfa-go.subfolder.conf.sample index e0488dc..0709ebc 100644 --- a/jfa-go.subfolder.conf.sample +++ b/jfa-go.subfolder.conf.sample @@ -1,6 +1,6 @@ ## Version 2023/02/05 # make sure that your jfa-go container is named jfa-go -# make sure to go into jfa-go Settings, under "General" set the Reverse Proxy subfolder to "/jfa-go/" and restart the jfa-go container +# make sure to set the URL base (“Reverse Proxy subfolder”) in jfa-go > Settings > General (ui > url_base in jfa-go config.ini) to "/jfa-go/" location /jfa-go { return 301 $scheme://$host/jfa-go/; @@ -26,4 +26,8 @@ location ^~ /jfa-go/ { set $upstream_port 8056; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # Remove the CSP header set for Jellyfin + proxy_hide_header Content-Security-Policy; + add_header Content-Security-Policy ""; } From 98699884dce6e5226c25fc87154200c4b154151f Mon Sep 17 00:00:00 2001 From: morpheus65535 Date: Mon, 20 Feb 2023 23:48:29 -0500 Subject: [PATCH 04/29] Update header from template --- duplicacy.subfolder.conf.sample | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/duplicacy.subfolder.conf.sample b/duplicacy.subfolder.conf.sample index 4f95b1d..515cf8a 100644 --- a/duplicacy.subfolder.conf.sample +++ b/duplicacy.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/01/17 -# duplicacy does not require a base url setting. +## Version 2023/02/20 +# make sure that your duplicacy container is named duplicacy +# duplicacy doesn't support custom base url and can only be served from root location /duplicacy { return 301 $scheme://$host/duplicacy/; From eba01bcdf142867ccd233a1bc62a70b819f7826f Mon Sep 17 00:00:00 2001 From: morpheus65535 Date: Wed, 22 Feb 2023 20:57:35 -0500 Subject: [PATCH 05/29] Update duplicacy.subfolder.conf.sample --- duplicacy.subfolder.conf.sample | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/duplicacy.subfolder.conf.sample b/duplicacy.subfolder.conf.sample index 515cf8a..425493c 100644 --- a/duplicacy.subfolder.conf.sample +++ b/duplicacy.subfolder.conf.sample @@ -103,13 +103,15 @@ location ^~ /duplicacy/ { #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; - # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf - #auth_request /auth; - #error_page 401 =200 /ldaplogin; + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; - # enable for Authelia, also enable authelia-server.conf in the default site config + # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app duplicacy; From 2382bdd08065c4ec58109b94324e6fa3edfdf0e4 Mon Sep 17 00:00:00 2001 From: FS <2019363+blackerking@users.noreply.github.com> Date: Thu, 16 Mar 2023 08:14:33 +0100 Subject: [PATCH 06/29] Create oogway.subdomain.conf.sample Adding oogway webserver config --- oogway.subdomain.conf.sample | 48 ++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 oogway.subdomain.conf.sample diff --git a/oogway.subdomain.conf.sample b/oogway.subdomain.conf.sample new file mode 100644 index 0000000..8d476fa --- /dev/null +++ b/oogway.subdomain.conf.sample @@ -0,0 +1,48 @@ +## Version 2023/03/16 +# make sure that your oogway container is named oogway +# Oogway is not usable for subfolder structures +# https://github.com/emvi/oogway + + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name oogway.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app oogway; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From f6b7122a75f6fd16b50e2acba17b3a93436ff447 Mon Sep 17 00:00:00 2001 From: Robbie Davis Date: Mon, 27 Mar 2023 11:15:17 -0400 Subject: [PATCH 07/29] Adding kavita.subfolder.conf --- kavita.subfolder.conf.sample | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 kavita.subfolder.conf.sample diff --git a/kavita.subfolder.conf.sample b/kavita.subfolder.conf.sample new file mode 100644 index 0000000..e56a4c7 --- /dev/null +++ b/kavita.subfolder.conf.sample @@ -0,0 +1,35 @@ +## Version 2023/03/27 +# Make sure you have set base url via Kavita's web gui as /kavita/ and restarted the Kavita. + +location /kavita { + return 301 $scheme://$host/kavita/; +} + +location ^~ /kavita/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app kavita; + set $upstream_port 5000 ; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + + location ^~ /kavita/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app kavita; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } From 3086558e3cf13f6fdbfb98c08ebb1eaa5ea11a91 Mon Sep 17 00:00:00 2001 From: Robbie Davis Date: Mon, 27 Mar 2023 11:18:08 -0400 Subject: [PATCH 08/29] Updating formatting as per contributing standards --- kavita.subfolder.conf.sample | 40 ++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/kavita.subfolder.conf.sample b/kavita.subfolder.conf.sample index e56a4c7..6ba3850 100644 --- a/kavita.subfolder.conf.sample +++ b/kavita.subfolder.conf.sample @@ -2,34 +2,34 @@ # Make sure you have set base url via Kavita's web gui as /kavita/ and restarted the Kavita. location /kavita { - return 301 $scheme://$host/kavita/; + return 301 $scheme://$host/kavita/; } location ^~ /kavita/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app kavita; - set $upstream_port 5000 ; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app kavita; + set $upstream_port 5000 ; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location ^~ /kavita/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app kavita; - set $upstream_port 5000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app kavita; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; } From 95bc6aba185d81217110b785fab6250e258ea75d Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 13 Apr 2023 12:49:42 -0500 Subject: [PATCH 09/29] Update kavita.subfolder.conf.sample --- kavita.subfolder.conf.sample | 53 ++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 24 deletions(-) diff --git a/kavita.subfolder.conf.sample b/kavita.subfolder.conf.sample index 6ba3850..3d365d4 100644 --- a/kavita.subfolder.conf.sample +++ b/kavita.subfolder.conf.sample @@ -1,35 +1,40 @@ -## Version 2023/03/27 -# Make sure you have set base url via Kavita's web gui as /kavita/ and restarted the Kavita. +## Version 2023/04/13 +# make sure that your kavita container is named kavita +# make sure that kavita is set to work with the base url /kavita/ location /kavita { - return 301 $scheme://$host/kavita/; + return 301 $scheme://$host/kavita/; } location ^~ /kavita/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app kavita; - set $upstream_port 5000 ; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app kavita; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - location ^~ /kavita/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app kavita; - set $upstream_port 5000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } +location ^~ /kavita/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app kavita; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} From d99fbdaf4b37c63f1738f1e8901ea3c8f03e9706 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 13 Apr 2023 12:57:53 -0500 Subject: [PATCH 10/29] Update oogway.subdomain.conf.sample --- oogway.subdomain.conf.sample | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/oogway.subdomain.conf.sample b/oogway.subdomain.conf.sample index 8d476fa..06734f6 100644 --- a/oogway.subdomain.conf.sample +++ b/oogway.subdomain.conf.sample @@ -1,7 +1,6 @@ -## Version 2023/03/16 +## Version 2023/04/13 # make sure that your oogway container is named oogway -# Oogway is not usable for subfolder structures -# https://github.com/emvi/oogway +# make sure that your dns has a cname set for oogway server { From 7a8541826cba46e4304bf7fb7e6420fd8093b76c Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 13 Apr 2023 13:09:28 -0500 Subject: [PATCH 11/29] Update duplicacy.subdomain.conf.sample --- duplicacy.subdomain.conf.sample | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/duplicacy.subdomain.conf.sample b/duplicacy.subdomain.conf.sample index 96696ae..b3ca97d 100644 --- a/duplicacy.subdomain.conf.sample +++ b/duplicacy.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/01/17 +## Version 2023/04/13 +# make sure that your duplicacy container is named duplicacy # make sure that your dns has a cname set for duplicacy server { @@ -11,24 +12,29 @@ server { client_max_body_size 0; - # enable for ldap auth, fill in ldap details in ldap.conf - #include /config/nginx/ldap.conf; + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; - # enable for Authelia + # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; - # enable the next two lines for ldap auth - #auth_request /auth; - #error_page 401 =200 /ldaplogin; + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; - # enable for Authelia + # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app duplicacy; From fea4255d0fafde66d3aff1b2a5dce490b66270dd Mon Sep 17 00:00:00 2001 From: aptalca <541623+aptalca@users.noreply.github.com> Date: Fri, 14 Apr 2023 15:29:25 -0400 Subject: [PATCH 12/29] handle issue-pr close and review submitted actions --- .github/workflows/call-issue-pr-tracker.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/call-issue-pr-tracker.yml b/.github/workflows/call-issue-pr-tracker.yml index 87243e2..2c30784 100644 --- a/.github/workflows/call-issue-pr-tracker.yml +++ b/.github/workflows/call-issue-pr-tracker.yml @@ -2,9 +2,11 @@ name: Issue & PR Tracker on: issues: - types: [opened,reopened,labeled,unlabeled] + types: [opened,reopened,labeled,unlabeled,closed] pull_request_target: - types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled] + types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed] + pull_request_review: + types: [submitted,edited,dismissed] jobs: manage-project: From 393e4341b2d7f749727736ac457b28fc80ba0877 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Fri, 14 Apr 2023 20:37:51 +0000 Subject: [PATCH 13/29] Remove metrics endpoints --- authelia.subdomain.conf.sample | 20 +------------------- authentik.subdomain.conf.sample | 20 +------------------- grafana.subdomain.conf.sample | 20 +------------------- grafana.subfolder.conf.sample | 25 +------------------------ prometheus.subdomain.conf.sample | 20 +------------------- 5 files changed, 5 insertions(+), 100 deletions(-) diff --git a/authelia.subdomain.conf.sample b/authelia.subdomain.conf.sample index fd06a73..0020b3b 100644 --- a/authelia.subdomain.conf.sample +++ b/authelia.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/12 +## Version 2023/04/14 # make sure that your authelia container is named authelia # make sure that your dns has a cname set for authelia # the default authelia-server and authelia-location confs included with swag rely on @@ -36,22 +36,4 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - - location ~ (/authelia)?/metrics { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # block metrics access by default because it is unprotected - # you can comment out the next line to enable remote metrics - deny all; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app authelia; - set $upstream_port 9959; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } } diff --git a/authentik.subdomain.conf.sample b/authentik.subdomain.conf.sample index 7b22778..d5c2faf 100644 --- a/authentik.subdomain.conf.sample +++ b/authentik.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/12 +## Version 2023/04/14 # make sure that your authentik container is named authentik-server # make sure that your dns has a cname set for authentik @@ -32,22 +32,4 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - - location ~ (/authentik)?/metrics { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # block metrics access by default because it is unprotected - # you can comment out the next line to enable remote metrics - deny all; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app authentik-server; - set $upstream_port 9300; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } } diff --git a/grafana.subdomain.conf.sample b/grafana.subdomain.conf.sample index 7e1a95e..a800440 100644 --- a/grafana.subdomain.conf.sample +++ b/grafana.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/12 +## Version 2023/04/14 # make sure that your grafana container is named grafana # make sure that your dns has a cname set for grafana @@ -56,22 +56,4 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - - location ~ (/grafana)?/metrics { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # block metrics access by default because it is unprotected - # you can comment out the next line to enable remote metrics - deny all; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app grafana; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } } diff --git a/grafana.subfolder.conf.sample b/grafana.subfolder.conf.sample index b6f9a36..8fe4bdf 100644 --- a/grafana.subfolder.conf.sample +++ b/grafana.subfolder.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/12 +## Version 2023/04/14 # make sure that your grafana container is named grafana # make sure that grafana is set to work with the base url /grafana/ # grafana requires environment variables set thus: @@ -48,26 +48,3 @@ location ^~ /grafana/api { rewrite ^/grafana/(.*)$ /$1 break; } - -location ^~ /grafana/metrics { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # block metrics access by default because it is unprotected - # you can comment out the next line to enable remote metrics - deny all; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_grafana grafana; - set $upstream_port 3000; - set $upstream_proto http; - proxy_pass http://$upstream_grafana:$upstream_port ; - - # Clear Authorization Header if you are using http auth and normal Grafana auth - #proxy_set_header Authorization ""; - - rewrite ^/grafana/(.*)$ /$1 break; - -} diff --git a/prometheus.subdomain.conf.sample b/prometheus.subdomain.conf.sample index b937208..52dc178 100644 --- a/prometheus.subdomain.conf.sample +++ b/prometheus.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/12 +## Version 2023/04/14 # make sure that your prometheus container is named prometheus # make sure that your dns has a cname set for prometheus @@ -67,22 +67,4 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - - location ~ (/prometheus)?/metrics { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # block metrics access by default because it is unprotected - # you can comment out the next line to enable remote metrics - deny all; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app prometheus; - set $upstream_port 9090; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } } From f3d31274989f67f6e778d635ae78d7125dc7ed67 Mon Sep 17 00:00:00 2001 From: Sander Date: Sat, 15 Apr 2023 13:03:29 +0200 Subject: [PATCH 14/29] Add `dsmrreader.subdomain.conf.sample` --- dsmrreader.subdomain.conf.sample | 46 ++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 dsmrreader.subdomain.conf.sample diff --git a/dsmrreader.subdomain.conf.sample b/dsmrreader.subdomain.conf.sample new file mode 100644 index 0000000..4b1c3ec --- /dev/null +++ b/dsmrreader.subdomain.conf.sample @@ -0,0 +1,46 @@ +## Version 2023/02/05 +# make sure that your dsmr container is named dsmr +# make sure that your dns has a cname set for dsmr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name dsmr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app dsmr; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From 19d518ed5d8897256beda488914d840c742921b1 Mon Sep 17 00:00:00 2001 From: Sander Date: Sat, 15 Apr 2023 13:06:57 +0200 Subject: [PATCH 15/29] Add `esphome.subdomain.conf.sample` --- esphome.subdomain.conf.sample | 46 +++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 esphome.subdomain.conf.sample diff --git a/esphome.subdomain.conf.sample b/esphome.subdomain.conf.sample new file mode 100644 index 0000000..39455d8 --- /dev/null +++ b/esphome.subdomain.conf.sample @@ -0,0 +1,46 @@ +## Version 2023/02/05 +# make sure that your esphome container is named esphome +# make sure that your dns has a cname set for esphome + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name esphome.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app esphome; + set $upstream_port 6052; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From d9f3370783f6b95b6a27969daa386d68d7206909 Mon Sep 17 00:00:00 2001 From: roib20 <66280613+roib20@users.noreply.github.com> Date: Sun, 16 Apr 2023 16:52:33 +0300 Subject: [PATCH 16/29] Fix jfa-go conf Add missing `}` at line 45 --- jfa-go.subdomain.conf.sample | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/jfa-go.subdomain.conf.sample b/jfa-go.subdomain.conf.sample index 18718af..42183ad 100644 --- a/jfa-go.subdomain.conf.sample +++ b/jfa-go.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/05 +## Version 2023/04/16 # make sure that your jfa-go container is named jfa-go # make sure that your dns has a cname set for jfa-go @@ -41,4 +41,6 @@ server { set $upstream_port 8056; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } } From d876739884f22aae4291f8ea8db4eebd9a1b36e1 Mon Sep 17 00:00:00 2001 From: aptalca <541623+aptalca@users.noreply.github.com> Date: Sun, 16 Apr 2023 15:07:17 -0400 Subject: [PATCH 17/29] check for nginx conf validity --- .github/workflows/check_samples.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index 31da960..40007c8 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -58,3 +58,24 @@ jobs: done exit 1 fi + + - name: Check Nginx Conf Validity + run: | + curl -fsL "https://raw.githubusercontent.com/linuxserver/docker-swag/master/root/defaults/nginx/proxy.conf.sample" -o proxy.conf + docker run -d --rm --name nginx -v "${WORKSPACE}:/testconfs:ro" ghcr.io/linuxserver/nginx + sleep 5 + docker exec nginx bash -c "\ + mkdir -p /config/nginx/proxy-confs && \ + cp /testconfs/*.conf.sample /config/nginx/proxy-confs/ && \ + cp /testconfs/proxy.conf /config/nginx/ && \ + rm -rf /config/nginx/proxy-confs/{_template.sub*,heimdall.subf*,boinc.subf*,organizr.subf*,wordpress.subf*} && \ + echo 'include /config/nginx/proxy-confs/*.subdomain.conf.sample;' >> /config/nginx/site-confs/default.conf && \ + sed -i -r 's|(root \\\$root;)|\1\ninclude /config/nginx/proxy-confs/*.subfolder.conf.sample;|' /config/nginx/site-confs/default.conf" + VALIDITY=$(docker exec nginx nginx -t 2>&1) || : + echo "${VALIDITY}" + echo "${VALIDITY}" >> $GITHUB_STEP_SUMMARY + if ! docker exec nginx nginx -t >/dev/null 2>&1; then + docker stop nginx + exit 1 + fi + docker stop nginx From 8b7a052003eb14125dd9e21c4fe98ece391fbb15 Mon Sep 17 00:00:00 2001 From: aptalca <541623+aptalca@users.noreply.github.com> Date: Sun, 16 Apr 2023 15:21:16 -0400 Subject: [PATCH 18/29] fix typo --- .github/workflows/check_samples.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index 40007c8..d9e2efb 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -62,7 +62,7 @@ jobs: - name: Check Nginx Conf Validity run: | curl -fsL "https://raw.githubusercontent.com/linuxserver/docker-swag/master/root/defaults/nginx/proxy.conf.sample" -o proxy.conf - docker run -d --rm --name nginx -v "${WORKSPACE}:/testconfs:ro" ghcr.io/linuxserver/nginx + docker run -d --rm --name nginx -v "${GITHUB_WORKSPACE}:/testconfs:ro" ghcr.io/linuxserver/nginx sleep 5 docker exec nginx bash -c "\ mkdir -p /config/nginx/proxy-confs && \ From afbffd0affe65f6197372026e4fd86b9bbbf615f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Apr 2023 21:00:20 +0000 Subject: [PATCH 19/29] Bump actions/checkout from 3.5.0 to 3.5.2 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.0 to 3.5.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.5.0...v3.5.2) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/check_samples.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index d9e2efb..454ef98 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3.5.0 + uses: actions/checkout@v3.5.2 - name: Check Allowed File Names run: | From 08a15c8febc76a9bc1f0bd74a048936f0c1c9941 Mon Sep 17 00:00:00 2001 From: thelamer Date: Tue, 18 Apr 2023 19:11:50 -0400 Subject: [PATCH 20/29] add kasm subdomain sample --- kasm.subdomain.conf.sample | 80 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 kasm.subdomain.conf.sample diff --git a/kasm.subdomain.conf.sample b/kasm.subdomain.conf.sample new file mode 100644 index 0000000..eb6300e --- /dev/null +++ b/kasm.subdomain.conf.sample @@ -0,0 +1,80 @@ +# This configuration assumes 8443 with the environment variable -e KASM_PORT=8443 set adjust to your needs +# Post installation you will need to access Kasm > Admin > Zones > default zone (edit) and modify +# Proxy Port to 0 as documented https://www.kasmweb.com/docs/latest/how_to/reverse_proxy.html#update-zones +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name kasm.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_read_timeout 1800s; + proxy_send_timeout 1800s; + proxy_connect_timeout 1800s; + proxy_buffering off; + include /config/nginx/resolver.conf; + set $upstream_app kasm; + set $upstream_port 8443; + set $upstream_proto https; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + +} + +# Wizard UI - Please enable some form of auth if publishing to the internet +# Or simply remove this and access it locally +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name kasm-wizard.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app kasm; + set $upstream_port 3000; + set $upstream_proto https; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + +} From e5df1f2ef96ecc1019f08154b020169636dbc172 Mon Sep 17 00:00:00 2001 From: thelamer Date: Tue, 18 Apr 2023 19:21:32 -0400 Subject: [PATCH 21/29] fix missing header --- kasm.subdomain.conf.sample | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kasm.subdomain.conf.sample b/kasm.subdomain.conf.sample index eb6300e..7c9fea9 100644 --- a/kasm.subdomain.conf.sample +++ b/kasm.subdomain.conf.sample @@ -1,3 +1,6 @@ +## Version 2023/04/18 +# make sure that your kasm container is named kasm + # This configuration assumes 8443 with the environment variable -e KASM_PORT=8443 set adjust to your needs # Post installation you will need to access Kasm > Admin > Zones > default zone (edit) and modify # Proxy Port to 0 as documented https://www.kasmweb.com/docs/latest/how_to/reverse_proxy.html#update-zones From 9f36f3102f542a6288cef6b88e05fcd2e13f14ba Mon Sep 17 00:00:00 2001 From: thelamer Date: Tue, 18 Apr 2023 19:43:42 -0400 Subject: [PATCH 22/29] use stock proxy conf --- kasm.subdomain.conf.sample | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/kasm.subdomain.conf.sample b/kasm.subdomain.conf.sample index 7c9fea9..f99f124 100644 --- a/kasm.subdomain.conf.sample +++ b/kasm.subdomain.conf.sample @@ -15,17 +15,8 @@ server { client_max_body_size 0; location / { - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_read_timeout 1800s; - proxy_send_timeout 1800s; - proxy_connect_timeout 1800s; - proxy_buffering off; + + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app kasm; set $upstream_port 8443; From aa9a292cec3351ea2eb5e99516983c4b31f131f1 Mon Sep 17 00:00:00 2001 From: thelamer Date: Tue, 18 Apr 2023 18:14:37 -0700 Subject: [PATCH 23/29] add more comments and include auth examples in kasm endpoint --- kasm.subdomain.conf.sample | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/kasm.subdomain.conf.sample b/kasm.subdomain.conf.sample index f99f124..bb5b501 100644 --- a/kasm.subdomain.conf.sample +++ b/kasm.subdomain.conf.sample @@ -1,5 +1,6 @@ ## Version 2023/04/18 # make sure that your kasm container is named kasm +# make sure that your dns has a cname set for kasm and kasm-wizard # This configuration assumes 8443 with the environment variable -e KASM_PORT=8443 set adjust to your needs # Post installation you will need to access Kasm > Admin > Zones > default zone (edit) and modify @@ -14,7 +15,28 @@ server { client_max_body_size 0; + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; From d2f0db26c15a838bd0b572032456f4bf77fac06b Mon Sep 17 00:00:00 2001 From: morpheus65535 Date: Wed, 19 Apr 2023 06:11:27 -0400 Subject: [PATCH 24/29] Delete duplicacy.subfolder.conf.sample --- duplicacy.subfolder.conf.sample | 123 -------------------------------- 1 file changed, 123 deletions(-) delete mode 100644 duplicacy.subfolder.conf.sample diff --git a/duplicacy.subfolder.conf.sample b/duplicacy.subfolder.conf.sample deleted file mode 100644 index 425493c..0000000 --- a/duplicacy.subfolder.conf.sample +++ /dev/null @@ -1,123 +0,0 @@ -## Version 2023/02/20 -# make sure that your duplicacy container is named duplicacy -# duplicacy doesn't support custom base url and can only be served from root - -location /duplicacy { - return 301 $scheme://$host/duplicacy/; -} - -location /activate_license { - return 307 $scheme://$host/duplicacy/activate_license; -} - -location /delete_repository { - return 307 $scheme://$host/duplicacy/delete_repository; -} - -location /get_backup_status { - return 301 $scheme://$host/duplicacy/get_backup_status; -} - -location /get_listing_status { - return 307 $scheme://$host/duplicacy/get_listing_status; -} - -location /get_patterns { - return 307 $scheme://$host/duplicacy/get_patterns; -} - -location /get_restore_status { - return 307 $scheme://$host/duplicacy/get_restore_status; -} - -location /get_schedule_status { - return 301 $scheme://$host/duplicacy/get_schedule_status; -} - -location /list_files { - return 307 $scheme://$host/duplicacy/list_files; -} - -location /list_repositories { - return 307 $scheme://$host/duplicacy/list_repositories; -} - -location /list_restore_directory { - return 307 $scheme://$host/duplicacy/list_restore_directory; -} - -location /list_revisions { - return 307 $scheme://$host/duplicacy/list_revisions; -} - -location /list_local_directory { - return 307 $scheme://$host/duplicacy/list_local_directory; -} - -location /save_patterns { - return 307 $scheme://$host/duplicacy/save_patterns; -} - -location /save_repository { - return 307 $scheme://$host/duplicacy/save_repository; -} - -location /save_settings { - return 307 $scheme://$host/duplicacy/save_settings; -} - -location /set_backup_options { - return 307 $scheme://$host/duplicacy/set_backup_options; -} - -location /set_backup_report_url { - return 307 $scheme://$host/duplicacy/set_backup_report_url; -} - -location /set_cli_stable_version { - return 307 $scheme://$host/duplicacy/set_cli_stable_version; -} - -location /start_restore { - return 307 $scheme://$host/duplicacy/start_restore; -} - -location /start_stop_backup { - return 307 $scheme://$host/duplicacy/start_stop_backup; -} - -location /start_stop_schedule { - return 307 $scheme://$host/duplicacy/start_stop_schedule; -} - -location /stop_restore { - return 307 $scheme://$host/duplicacy/stop_restore; -} - -location /update_listing_session { - return 307 $scheme://$host/duplicacy/update_listing_session; -} - -location ^~ /duplicacy/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app duplicacy; - set $upstream_port 3875; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - rewrite /duplicacy(.*) $1 break; -} From 53f7be033acbad16d74a2f37bb0cdb6bab78ebfd Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 20 Apr 2023 16:44:39 -0500 Subject: [PATCH 25/29] Fix grafana api auth (add comments) --- grafana.subdomain.conf.sample | 5 ++++- grafana.subfolder.conf.sample | 10 +++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/grafana.subdomain.conf.sample b/grafana.subdomain.conf.sample index a800440..b0531fc 100644 --- a/grafana.subdomain.conf.sample +++ b/grafana.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/04/14 +## Version 2023/04/20 # make sure that your grafana container is named grafana # make sure that your dns has a cname set for grafana @@ -55,5 +55,8 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # Clear Authorization Header if you are using http auth and normal Grafana auth + #proxy_set_header Authorization ""; + } } diff --git a/grafana.subfolder.conf.sample b/grafana.subfolder.conf.sample index 8fe4bdf..f460c48 100644 --- a/grafana.subfolder.conf.sample +++ b/grafana.subfolder.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/04/14 +## Version 2023/04/20 # make sure that your grafana container is named grafana # make sure that grafana is set to work with the base url /grafana/ # grafana requires environment variables set thus: @@ -22,10 +22,10 @@ location ^~ /grafana/ { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; - set $upstream_grafana grafana; + set $upstream_app grafana; set $upstream_port 3000; set $upstream_proto http; - proxy_pass http://$upstream_grafana:$upstream_port ; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; # Clear Authorization Header if you are using http auth and normal Grafana auth #proxy_set_header Authorization ""; @@ -37,10 +37,10 @@ location ^~ /grafana/ { location ^~ /grafana/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; - set $upstream_grafana grafana; + set $upstream_app grafana; set $upstream_port 3000; set $upstream_proto http; - proxy_pass http://$upstream_grafana:$upstream_port ; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; # Clear Authorization Header if you are using http auth and normal Grafana auth #proxy_set_header Authorization ""; From 420224516ec7778cb8c45d17d11f5a55e6f17c89 Mon Sep 17 00:00:00 2001 From: vp-en <67713433+vp-en@users.noreply.github.com> Date: Sat, 22 Apr 2023 22:02:26 +0200 Subject: [PATCH 26/29] Add `notifiarr.subdomain.conf.sample` --- notifiarr.subdomain.conf.sample | 45 +++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 notifiarr.subdomain.conf.sample diff --git a/notifiarr.subdomain.conf.sample b/notifiarr.subdomain.conf.sample new file mode 100644 index 0000000..3e849c0 --- /dev/null +++ b/notifiarr.subdomain.conf.sample @@ -0,0 +1,45 @@ +## Version 2023/02/05 +# make sure that your notifiarr container is named notifiarr +# make sure that your dns has a cname set for notifiarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name notifiarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app notifiarr; + set $upstream_port 5454; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} \ No newline at end of file From c69f0f6b4f3faf8962d565715a466e7e5694b27f Mon Sep 17 00:00:00 2001 From: vp-en <67713433+vp-en@users.noreply.github.com> Date: Sat, 22 Apr 2023 22:02:51 +0200 Subject: [PATCH 27/29] Add `wizarr.subdomain.conf.sample` --- wizarr.subdomain.conf.sample | 45 ++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 wizarr.subdomain.conf.sample diff --git a/wizarr.subdomain.conf.sample b/wizarr.subdomain.conf.sample new file mode 100644 index 0000000..f22eeaf --- /dev/null +++ b/wizarr.subdomain.conf.sample @@ -0,0 +1,45 @@ +## Version 2023/02/05 +# make sure that your wizarr container is named wizarr +# make sure that your dns has a cname set for wizarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name wizarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app wizarr; + set $upstream_port 5690; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} \ No newline at end of file From c58fa5413c2789ec6fe6877181fb65473f85a7db Mon Sep 17 00:00:00 2001 From: vp-en <67713433+vp-en@users.noreply.github.com> Date: Mon, 24 Apr 2023 22:50:07 +0200 Subject: [PATCH 28/29] Add `homarr.subdomain.conf.sample` --- homarr.subdomain.conf.sample | 45 ++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 homarr.subdomain.conf.sample diff --git a/homarr.subdomain.conf.sample b/homarr.subdomain.conf.sample new file mode 100644 index 0000000..eb9123b --- /dev/null +++ b/homarr.subdomain.conf.sample @@ -0,0 +1,45 @@ +## Version 2023/02/05 +# make sure that your homarr container is named homarr +# make sure that your dns has a cname set for homarr + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name homarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app homarr; + set $upstream_port 7575; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} From 59c09efa856255a6e69205e90209be50bc243e38 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 29 Apr 2023 08:48:25 -0500 Subject: [PATCH 29/29] Remove authelia comments Not needed in the next version of authelia --- authelia.subdomain.conf.sample | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/authelia.subdomain.conf.sample b/authelia.subdomain.conf.sample index 0020b3b..39ab801 100644 --- a/authelia.subdomain.conf.sample +++ b/authelia.subdomain.conf.sample @@ -1,10 +1,6 @@ -## Version 2023/04/14 +## Version 2023/04/29 # make sure that your authelia container is named authelia # make sure that your dns has a cname set for authelia -# the default authelia-server and authelia-location confs included with swag rely on -# a built-in subfolder proxy at "/authelia" and enabling this proxy conf is not necessary. -# But if you'd like to use authelia via subdomain, you can enable this proxy and set -# the $authelia_backed variable in the authelia-server.conf. server { listen 443 ssl;