github/reverse-proxy-confs
1
0
Fork 0
mirror of https://github.com/linuxserver/reverse-proxy-confs.git synced 2025-07-07 05:21:31 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'master' into master

Browse source
This commit is contained in:
adepssimius 2023-09-05 20:39:34 -04:00 committed by GitHub
commit ca5e2dfe6f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 264 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/check_samples.yml vendored
View file

@ -12,7 +12,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3.5.3 uses: actions/checkout@v4.0.0
- name: Check Allowed File Names - name: Check Allowed File Names
run: | run: |

11
cadvisor.subdomain.conf.sample
View file

@ -41,5 +41,16 @@ server {
set $upstream_port 8080; set $upstream_port 8080;
set $upstream_proto http; set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/cadvisor)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app cadvisor;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
} }
} }

46
frigate.subdomain.conf.sample Normal file
View file

@ -0,0 +1,46 @@
## Version 2023/06/21
# make sure that your frigate container is named frigate
# make sure that your dns has a cname set for frigate
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name frigate.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app frigate;
set $upstream_port 5000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

6
libreddit.subdomain.conf.sample
View file

@ -1,10 +1,10 @@
## Version 2023/02/05 ## Version 2023/06/21
# make sure that your libreddit container is named libreddit # make sure that your libreddit container is named libreddit
# make sure that your dns has a cname set for libreddit # make sure that your dns has a cname set for libreddit
server { server {
listen 443 ssl; listen 443 ssl http2;
listen [::]:443 ssl; listen [::]:443 ssl http2;
server_name libreddit.*; server_name libreddit.*;

44
linkstack.subdomain.conf.sample Normal file
View file

@ -0,0 +1,44 @@
## Version 2023/06/27
# make sure that your dns has a cname set for linkstack and that your linkstack container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name linkstack.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app linkstack;
set $upstream_port 443;
set $upstream_proto https;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

10
nextcloud.subdomain.conf.sample
View file

@ -1,4 +1,4 @@
## Version 2023/06/06 ## Version 2023/06/24
# make sure that your nextcloud container is named nextcloud # make sure that your nextcloud container is named nextcloud
# make sure that your dns has a cname set for nextcloud # make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config # assuming this container is called "swag", edit your nextcloud container's config
@ -32,8 +32,14 @@ server {
set $upstream_proto https; set $upstream_proto https;
proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# Uncomment X-Frame-Options directive in ssl.conf to pass security checks. # Hide proxy response headers from Nextcloud that conflict with ssl.conf
# Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan
proxy_hide_header Referrer-Policy;
proxy_hide_header X-Content-Type-Options;
proxy_hide_header X-Frame-Options; proxy_hide_header X-Frame-Options;
proxy_hide_header X-XSS-Protection;
# Disable proxy buffering
proxy_buffering off; proxy_buffering off;
} }
} }

16
nextcloud.subfolder.conf.sample
View file

@ -1,4 +1,4 @@
## Version 2023/06/06 ## Version 2023/06/24
# make sure that your nextcloud container is named nextcloud # make sure that your nextcloud container is named nextcloud
# make sure that nextcloud is set to work with the base url /nextcloud/ # make sure that nextcloud is set to work with the base url /nextcloud/
# Assuming this container is called "swag", edit your nextcloud container's config # Assuming this container is called "swag", edit your nextcloud container's config
@ -34,10 +34,18 @@ location ^~ /nextcloud/ {
proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /nextcloud(.*) $1 break; rewrite /nextcloud(.*) $1 break;
# Uncomment X-Frame-Options directive in ssl.conf to pass security checks.
proxy_hide_header X-Frame-Options;
proxy_buffering off;
proxy_set_header Range $http_range; proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range; proxy_set_header If-Range $http_if_range;
proxy_ssl_session_reuse off; proxy_ssl_session_reuse off;
# Hide proxy response headers from Nextcloud that conflict with ssl.conf
# Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan
proxy_hide_header Referrer-Policy;
proxy_hide_header X-Content-Type-Options;
proxy_hide_header X-Frame-Options;
proxy_hide_header X-XSS-Protection;
# Disable proxy buffering
proxy_buffering off;
} }

2
notifiarr.subdomain.conf.sample
View file

@ -31,6 +31,8 @@ server {
# enable for Authelia (requires authelia-server.conf in the server block) # enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf; #include /config/nginx/authelia-location.conf;
# Enable if you use webauth for Notifiarr client website authentication
#proxy_set_header X-WebAuth-User $user;
# enable for Authentik (requires authentik-server.conf in the server block) # enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf; #include /config/nginx/authentik-location.conf;

47
partdb.subdomain.conf.sample Normal file
View file

@ -0,0 +1,47 @@
## Version 2023/05/31
# make sure that your partdb container is named partdb
# make sure that your dns has a cname set for partdb
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name partdb.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app partdb;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

45
saltrim.subdomain.conf.sample Normal file
View file

@ -0,0 +1,45 @@
## Version 2023/08/05
# make sure that your saltrim webserver container is named bar_assistant-webserver-1 or manually change to match the upstream_app below
# make sure that your dns has a cname set for saltrim
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name saltrim.*;
include /config/nginx/ssl.conf;
client_max_body_size 100M;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app bar_assistant-webserver-1;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

45
shlink.subdomain.conf.sample Normal file
View file

@ -0,0 +1,45 @@
## Version 2023/05/31
# make sure that your shlink container is named shlink
# make sure that your dns has a cname set for shlink
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name shlink.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app shlink;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}