diff --git a/.editorconfig b/.editorconfig index 9d5c05a..61b6e4b 100644 --- a/.editorconfig +++ b/.editorconfig @@ -11,3 +11,4 @@ trim_trailing_whitespace = false [{*.conf,*.conf.sample}] indent_style = space indent_size = 4 +trim_trailing_whitespace = true diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..ae97f83 --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,25 @@ +# Contributing to reverse-proxy-confs + +## Gotchas + +* While contributing make sure to make all your changes before creating a Pull Request +* Read, and fill the Pull Request template + * If the PR is addressing an existing issue include, closes #\, in the body of the PR commit message +* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://discord.gg/YWrKVTn) + +### Styling + +* Indentation: 4 spaces +* Line-endings: LF +* Trailing newline: yes + +### Requirements + +* Must have the date on the first line, in YYYY/MM/DD format +* For subdomains, add a comment for a needed CNAME +* If the application needs further configuration, specify this in a comment + +* In most cases we want the comments for Authelia, ldap and basic auth to be present +* If the application has known API endpoints, we prefer these to be exempt from auth trough a location block (provided the application has security on the endpoint) + +* Files must not be executeable diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..7eaac77 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,2 @@ +github: linuxserver +open_collective: linuxserver diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..5796fd3 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,13 @@ +blank_issues_enabled: false +contact_links: + - name: Discord chat support + url: https://discord.gg/YWrKVTn + about: Realtime support / chat with the community and the team. + + - name: Discourse discussion forum + url: https://discourse.linuxserver.io + about: Post on our community forum. + + - name: Documentation + url: https://docs.linuxserver.io/general/swag#preset-proxy-confs + about: Documentation - information about how this repository works with SWAG. diff --git a/.github/ISSUE_TEMPLATE/issue.bug.yml b/.github/ISSUE_TEMPLATE/issue.bug.yml new file mode 100644 index 0000000..8a6b31e --- /dev/null +++ b/.github/ISSUE_TEMPLATE/issue.bug.yml @@ -0,0 +1,36 @@ +# Based on the issue template +name: Bug report +description: Create a report to help us improve. NOT TEMPLATE REQUESTS +title: "[BUG] " +labels: [Bug] +body: + - type: checkboxes + attributes: + label: Is there an existing issue for this? + description: Please search to see if an issue already exists for the bug you encountered. + options: + - label: I have searched the existing issues + required: true + - type: textarea + attributes: + label: Current Behavior + description: Tell us what happens instead of the expected behavior. + validations: + required: true + - type: textarea + attributes: + label: Expected Behavior + description: Tell us what should happen. + validations: + required: false + - type: textarea + attributes: + label: Steps To Reproduce + description: Steps to reproduce the behavior. + placeholder: | + 1. In this environment... + 2. With this config... + 3. Run '...' + 4. See error... + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/issue.feature.yml b/.github/ISSUE_TEMPLATE/issue.feature.yml new file mode 100644 index 0000000..66ca66f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/issue.feature.yml @@ -0,0 +1,31 @@ +# Based on the issue template +name: Feature request +description: Suggest an idea for this project. NOT TEMPLATE REQUESTS +title: "[FEAT] <title>" +labels: [enhancement] +body: + - type: checkboxes + attributes: + label: Is this a new feature request? + description: Please search to see if a feature request already exists. + options: + - label: I have searched the existing issues + required: true + - type: textarea + attributes: + label: Wanted change + description: Tell us what you want to happen. + validations: + required: true + - type: textarea + attributes: + label: Reason for change + description: Justify your request, why do you want it, what is the benefit. + validations: + required: true + - type: textarea + attributes: + label: Proposed code change + description: Do you have a potential code change in mind? + validations: + required: false diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index f6a6381..87e8888 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -2,14 +2,25 @@ [linuxserverurl]: https://linuxserver.io [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl] - -<!--- Before submitting a pull request please check the following --> +------------------------------ -<!--- That you have made a branch in your fork, we'd rather not merge from your master --> -<!--- That if the PR is addressing an existing issue include, closes #<issue number> , in the body of the PR commit message --> -<!--- You have included links to any files / patches etc your PR may be using in the body of the PR commit message --> -<!--- --> + - [ ] I have read the [contributing](https://github.com/linuxserver/reverse-proxy-confs/blob/master/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications -## Thanks, team linuxserver.io +------------------------------ +<!--- We welcome all PR’s though this doesn’t guarantee it will be accepted. --> + +## Description +<!--- Describe your changes in detail --> + +## Benefits of this PR and context +<!--- Please explain why we should accept this PR. If this fixes an outstanding bug, please reference the issue # --> + +## How Has This Been Tested? +<!--- Please describe in detail how you tested your changes. --> +<!--- Include details of your testing environment, and the tests you ran to --> +<!--- see how your change affects other areas of the code, etc. --> + +## Source / References +<!--- Please include any forum posts/github links relevant to the PR --> \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..90e05c4 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "github-actions" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" diff --git a/.github/workflows/call-invalid-issues-cron.yml b/.github/workflows/call-invalid-issues-cron.yml new file mode 100644 index 0000000..017f233 --- /dev/null +++ b/.github/workflows/call-invalid-issues-cron.yml @@ -0,0 +1,13 @@ +name: Mark stale issues and pull requests +on: + workflow_dispatch: + schedule: + - cron: "30 1 * * *" + +jobs: + stale: + permissions: + issues: write + pull-requests: write + uses: linuxserver/github-workflows/.github/workflows/issues-cron.yml@v1 + secrets: inherit diff --git a/.github/workflows/call_invalid_helper.yml b/.github/workflows/call_invalid_helper.yml new file mode 100644 index 0000000..773767c --- /dev/null +++ b/.github/workflows/call_invalid_helper.yml @@ -0,0 +1,12 @@ +name: Comment on invalid interaction +on: + issues: + types: + - labeled +jobs: + add-comment-on-invalid: + if: github.event.label.name == 'invalid' + permissions: + issues: write + uses: linuxserver/github-workflows/.github/workflows/invalid-interaction-helper.yml@v1 + secrets: inherit diff --git a/.github/workflows/check_samples.yml b/.github/workflows/check_samples.yml index 3a6c363..dd8c674 100644 --- a/.github/workflows/check_samples.yml +++ b/.github/workflows/check_samples.yml @@ -11,7 +11,8 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v3.3.0 - name: Check Allowed File Names run: | diff --git a/README.md b/README.md index 110b24c..71fd0eb 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ # How to use these Reverse Proxy Configs -This folder contains sample reverse proxy configs for various docker images linuxserver provides and other commonly used applications. +This folder contains sample reverse proxy configs for various docker images linuxserver provides and other commonly used applications. NOTE: We avoid providing samples that publicly expose server management software (ex: syno, qnap, unraid, proxmox, esxi, etc). Pull requests to add samples for this category of applications will not be accepted. @@ -23,12 +23,12 @@ Conversely subdomain reverse proxying does not require special accommodation by Make sure that your default site config contains the following lines in the appropriate spots as seen in the default version: -1) For subfolder methods: `include /config/nginx/proxy-confs/*.subfolder.conf;` -2) For subdomain methods: `include /config/nginx/proxy-confs/*.subdomain.conf;` +1. For subfolder methods: `include /config/nginx/proxy-confs/*.subfolder.conf;` +2. For subdomain methods: `include /config/nginx/proxy-confs/*.subdomain.conf;` ### Ensure you have a custom docker network -These confs assume that the swag container can reach other containers via their dns hostnames (defaults to container name) resolved via docker's internal dns. This is achieved through having the containers attached to the same user defined docker bridge network. +These confs assume that the swag container can reach other containers via their dns hostnames (defaults to container name) resolved via docker's internal dns. This is achieved through having the containers attached to the same user defined docker bridge network. - If you are using docker-compose and the containers are managed through the same yaml file, docker-compose will automatically create a custom network and attach all containers to it. Nothing extra is required. @@ -36,14 +36,14 @@ These confs assume that the swag container can reach other containers via their - If you are using a gui manager like portainer, you can create a custom bridge network in the gui, and select it when creating a new container. -- If you are using unraid, create a custom network in command line via `docker network create [networkname]`, then go to docker service settings (under advanced) and set the option `Preserve user defined networks:` to `Yes`. Then in each container setting, including the swag container, in the network type dropdown, select `Custom : [networkname]`. This is a necessary step as the bridge network that unraid uses by default does not allow container to container communication. +- If you are using unraid, create a custom network in command line via `docker network create [networkname]`, then go to docker service settings (under advanced) and set the option `Preserve user defined networks:` to `Yes`. Then in each container setting, including the swag container, in the network type dropdown, select `Custom : [networkname]`. This is a necessary step as the bridge network that unraid uses by default does not allow container to container communication. If the reverse proxied containers are not reachable via dns or they are running on a different machine, you will have to modify these confs to fit your needs. ### Rename the required proxy configs -1) Rename the conf files and remove the `.sample` at the end (ie. `sonarr.subfolder.conf`) -2) Restart the swag container +1. Rename the conf files and remove the `.sample` at the end (ie. `sonarr.subfolder.conf`) +2. Restart the swag container ### Make any necessary changes detailed in the config diff --git a/_template.subdomain.conf.sample b/_template.subdomain.conf.sample index 0046268..53024a5 100644 --- a/_template.subdomain.conf.sample +++ b/_template.subdomain.conf.sample @@ -1,8 +1,9 @@ -## Version 2022/09/08 +## Version 2023/02/05 # REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template. # REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done. # REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings. -# make sure that your dns has a cname set for <container_name> and that your <container_name> container is not using a base url +# make sure that your <container_name> container is named <container_name> +# make sure that your dns has a cname set for <container_name> server { listen 443 ssl; @@ -20,6 +21,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -31,6 +35,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app <container_name>; diff --git a/_template.subfolder.conf.sample b/_template.subfolder.conf.sample index 46be8cc..2f8eff6 100644 --- a/_template.subfolder.conf.sample +++ b/_template.subfolder.conf.sample @@ -1,8 +1,10 @@ -## Version 2022/09/08 +## Version 2023/02/05 # REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template. # REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done. # REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings. -# first go into <container_name> settings, under "General" set the URL Base to /<container_name>/ and restart the <container_name> container +# make sure that your <container_name> container is named <container_name> +# make sure that <container_name> is set to work with the base url /<container_name>/ + location /<container_name> { return 301 $scheme://$host/<container_name>/; @@ -19,6 +21,9 @@ location ^~ /<container_name>/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app <container_name>; diff --git a/adguard.subdomain.conf.sample b/adguard.subdomain.conf.sample index 73ea6f3..b0e22a4 100644 --- a/adguard.subdomain.conf.sample +++ b/adguard.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for adguard and that your adguard container is named adguard +## Version 2023/02/05 +# make sure that your adguard container is named adguard +# make sure that your dns has a cname set for adguard server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app adguard; diff --git a/adminer.subdomain.conf.sample b/adminer.subdomain.conf.sample new file mode 100644 index 0000000..f1f3025 --- /dev/null +++ b/adminer.subdomain.conf.sample @@ -0,0 +1,47 @@ +## Version 2023/02/17 +# make sure that your adminer container is named adminer +# make sure that your dns has a cname set for adminer + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name adminer.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app adminer; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/adminer.subfolder.conf.sample b/adminer.subfolder.conf.sample index c9b0ee0..e8b0224 100644 --- a/adminer.subfolder.conf.sample +++ b/adminer.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# adminer does not require a base url setting, but the container needs to be named adminer +## Version 2023/02/05 +# make sure that your adminer container is named adminer +# adminer does not require a base url setting location /adminer { return 301 $scheme://$host/adminer/; @@ -16,6 +17,9 @@ location ^~ /adminer/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app adminer; diff --git a/adminmongo.subdomain.conf.sample b/adminmongo.subdomain.conf.sample index 509a661..8dfb8e8 100644 --- a/adminmongo.subdomain.conf.sample +++ b/adminmongo.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for adminmongo and that your adminmongo container is not using a base url +## Version 2023/02/05 +# make sure that your adminmongo container is named adminmongo +# make sure that your dns has a cname set for adminmongo server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app adminmongo; diff --git a/airsonic.subdomain.conf.sample b/airsonic.subdomain.conf.sample index 197bc7f..c44939b 100644 --- a/airsonic.subdomain.conf.sample +++ b/airsonic.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for airsonic and that your airsonic container is not using a base url +## Version 2023/02/05 +# make sure that your airsonic container is named airsonic +# make sure that your dns has a cname set for airsonic # add `server.use-forward-headers=true` to `/config/application.properties` to ensure logs contain real source IP server { @@ -18,6 +19,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -29,6 +33,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app airsonic; diff --git a/airsonic.subfolder.conf.sample b/airsonic.subfolder.conf.sample index aa97b18..54b4f88 100644 --- a/airsonic.subfolder.conf.sample +++ b/airsonic.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your airsonic container is named airsonic +# make sure that airsonic is set to work with the base url /airsonic/ # set the CONTEXT_PATH variable to /airsonic in airsonic container. location ^~ /airsonic { @@ -12,6 +14,9 @@ location ^~ /airsonic { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app airsonic; diff --git a/apprise-api.subdomain.conf.sample b/apprise-api.subdomain.conf.sample index a5fd3a9..8ab68f3 100644 --- a/apprise-api.subdomain.conf.sample +++ b/apprise-api.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/08/16 -# make sure that your dns has a cname set for apprise-api and that your apprise-api container is not using a base url +## Version 2023/02/05 +# make sure that your apprise-api container is named apprise-api +# make sure that your dns has a cname set for apprise-api server { listen 443 ssl; @@ -11,24 +12,29 @@ server { client_max_body_size 0; - # enable for ldap auth, fill in ldap details in ldap.conf - #include /config/nginx/ldap.conf; + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; - # enable for Authelia + # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; - # enable the next two lines for ldap auth - #auth_request /auth; - #error_page 401 =200 /ldaplogin; + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; - # enable for Authelia + # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app apprise-api; diff --git a/archisteamfarm.subdomain.conf.sample b/archisteamfarm.subdomain.conf.sample index 7d5d589..3343783 100644 --- a/archisteamfarm.subdomain.conf.sample +++ b/archisteamfarm.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your archisteamfarm container is named archisteamfarm # make sure that your dns has a cname set for archisteamfarm server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app archisteamfarm; diff --git a/aria2-with-webui.subdomain.conf.sample b/aria2-with-webui.subdomain.conf.sample index 5223f6b..b0b5313 100644 --- a/aria2-with-webui.subdomain.conf.sample +++ b/aria2-with-webui.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# Make sure that your dns has a cname set for aria2 and that your aria2-with-webui container is not using a base url +## Version 2023/02/05 +# make sure that your aria2 container is named aria2-with-webui +# make sure that your dns has a cname set for aria2 # # The RPC port will need to be changed to 443 in the AriaNg/WebUI-Aria2 settings or by using the AriaNg command api # e.g. https://aria2.example.com/#!/settings/rpc/set/https/aria2.example.com/443/jsonrpc @@ -21,6 +22,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -32,6 +36,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app aria2-with-webui; diff --git a/audiobookshelf.subdomain.conf.sample b/audiobookshelf.subdomain.conf.sample index 1e2c286..1338191 100644 --- a/audiobookshelf.subdomain.conf.sample +++ b/audiobookshelf.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for audiobookshelf and that your audiobookshelf container is not using a base url +## Version 2023/02/05 +# make sure that your audiobookshelf container is named audiobookshelf +# make sure that your dns has a cname set for audiobookshelf server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app audiobookshelf; diff --git a/audiobookshelf.subfolder.conf.sample b/audiobookshelf.subfolder.conf.sample index 94d1a5d..f97b5c3 100644 --- a/audiobookshelf.subfolder.conf.sample +++ b/audiobookshelf.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your audiobookshelf container is named audiobookshelf +# make sure that audiobookshelf is set to work with the base url /audiobookshelf/ # set the CONTEXT_PATH variable to /audiobookshelf in audiobookshelf container. location ^~ /audiobookshelf { @@ -12,6 +14,9 @@ location ^~ /audiobookshelf { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app audiobookshelf; diff --git a/authelia.subdomain.conf.sample b/authelia.subdomain.conf.sample index 004920b..fd06a73 100644 --- a/authelia.subdomain.conf.sample +++ b/authelia.subdomain.conf.sample @@ -1,9 +1,10 @@ -## Version 2021/05/18 +## Version 2023/02/12 +# make sure that your authelia container is named authelia # make sure that your dns has a cname set for authelia -# the default authelia-server and authelia-location confs included with letsencrypt rely on -# subfolder proxy at "/authelia" and enabling of this proxy conf is not necessary. -# But if you'd like to use authelia via subdomain, you can enable this proxy and set up your own -# authelia-server and authelia-location confs as described in authelia docs. +# the default authelia-server and authelia-location confs included with swag rely on +# a built-in subfolder proxy at "/authelia" and enabling this proxy conf is not necessary. +# But if you'd like to use authelia via subdomain, you can enable this proxy and set +# the $authelia_backed variable in the authelia-server.conf. server { listen 443 ssl; @@ -25,4 +26,32 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + + location ~ (/authelia)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app authelia; + set $upstream_port 9091; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/authelia)?/metrics { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # block metrics access by default because it is unprotected + # you can comment out the next line to enable remote metrics + deny all; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app authelia; + set $upstream_port 9959; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } } diff --git a/authentik.subdomain.conf.sample b/authentik.subdomain.conf.sample new file mode 100644 index 0000000..7b22778 --- /dev/null +++ b/authentik.subdomain.conf.sample @@ -0,0 +1,53 @@ +## Version 2023/02/12 +# make sure that your authentik container is named authentik-server +# make sure that your dns has a cname set for authentik + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name authentik.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app authentik-server; + set $upstream_port 9000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/authentik)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app authentik-server; + set $upstream_port 9000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/authentik)?/metrics { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # block metrics access by default because it is unprotected + # you can comment out the next line to enable remote metrics + deny all; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app authentik-server; + set $upstream_port 9300; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/babybuddy.subdomain.conf.sample b/babybuddy.subdomain.conf.sample index 1e0c21e..f45810e 100644 --- a/babybuddy.subdomain.conf.sample +++ b/babybuddy.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your babybuddy container is named babybuddy # make sure that your dns has a cname set for babybuddy server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app babybuddy; diff --git a/bazarr.subdomain.conf.sample b/bazarr.subdomain.conf.sample index 61dc9c7..213bf1d 100644 --- a/bazarr.subdomain.conf.sample +++ b/bazarr.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for bazarr and that your bazarr container is not using a base url +## Version 2023/02/05 +# make sure that your bazarr container is named bazarr +# make sure that your dns has a cname set for bazarr server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bazarr; diff --git a/bazarr.subfolder.conf.sample b/bazarr.subfolder.conf.sample index 3b65447..eede1dd 100644 --- a/bazarr.subfolder.conf.sample +++ b/bazarr.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# first go into bazarr settings, under "General" set the URL Base to /bazarr/ and restart the bazarr container +## Version 2023/02/05 +# make sure that your bazarr container is named bazarr +# make sure that bazarr is set to work with the base url /bazarr/ location /bazarr { return 301 $scheme://$host/bazarr/; @@ -16,6 +17,9 @@ location ^~ /bazarr/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bazarr; diff --git a/beets.subdomain.conf.sample b/beets.subdomain.conf.sample index 80f953b..1441dfc 100644 --- a/beets.subdomain.conf.sample +++ b/beets.subdomain.conf.sample @@ -1,6 +1,7 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your beets container is named beets +# make sure that your dns has a cname set for beets #First edit beets.yml and enable the reverse proxy settings, under "web" add "reverse_proxy: true" and restart the beets container. -#Make sure that your dns has a cname set for beets and that your beets container is not using a base url server { listen 443 ssl; @@ -18,8 +19,11 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { - #enable the next two lines for http auth + # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; @@ -29,6 +33,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app beets; diff --git a/beets.subfolder.conf.sample b/beets.subfolder.conf.sample index fa47d93..7a19a0b 100644 --- a/beets.subfolder.conf.sample +++ b/beets.subfolder.conf.sample @@ -1,5 +1,7 @@ -## Version 2022/09/08 -#first edit beets.yml and enable the reverse proxy settings, under "web" add "reverse_proxy: true" and restart the beets container +## Version 2023/02/05 +# make sure that your beets container is named beets +# make sure that beets is set to work with the base url /beets/ +# first edit beets.yml and enable the reverse proxy settings, under "web" add "reverse_proxy: true" and restart the beets container location /beets { # enable the next two lines for http auth @@ -12,6 +14,9 @@ location /beets { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app beets; diff --git a/bitwarden.subdomain.conf.sample b/bitwarden.subdomain.conf.sample index 2499f59..9474237 100644 --- a/bitwarden.subdomain.conf.sample +++ b/bitwarden.subdomain.conf.sample @@ -1,6 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for bitwarden and that your bitwarden container is not using a base url -# make sure your bitwarden container is named "bitwarden" +## Version 2023/02/13 +# make sure that your bitwarden container is named bitwarden +# make sure that your dns has a cname set for bitwarden # set the environment variable WEBSOCKET_ENABLED=true on your bitwarden container server { @@ -19,6 +19,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -30,6 +33,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; @@ -50,6 +56,19 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app bitwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/bitwarden)?/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; diff --git a/bitwarden.subfolder.conf.sample b/bitwarden.subfolder.conf.sample index 4817457..b41a86d 100644 --- a/bitwarden.subfolder.conf.sample +++ b/bitwarden.subfolder.conf.sample @@ -1,6 +1,9 @@ -## Version 2022/09/08 +## Version 2023/02/13 +# make sure that your bitwarden container is named bitwarden +# make sure that bitwarden is set to work with the base url /bitwarden/ ## Environmental Variable DOMAIN=https://<DOMAIN>/bitwarden must be set in bitwarden container including subfolder. ## This is using ports 80 and 3012 + location /bitwarden { return 301 $scheme://$host/bitwarden/; } @@ -16,6 +19,9 @@ location ^~ /bitwarden/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; @@ -36,6 +42,19 @@ location ~ (/bitwarden)?/admin { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app bitwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ~ (/bitwarden)?/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bitwarden; diff --git a/boinc.subdomain.conf.sample b/boinc.subdomain.conf.sample index b97d195..406acbc 100644 --- a/boinc.subdomain.conf.sample +++ b/boinc.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your boinc container is named boinc # make sure that your dns has a cname set for boinc server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app boinc; diff --git a/boinc.subfolder.conf.sample b/boinc.subfolder.conf.sample index 42d2be9..34184e1 100644 --- a/boinc.subfolder.conf.sample +++ b/boinc.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your bionc container is named bionc +# make sure that bionc is set to work with the base url /bionc/ # In boinc docker arguments, set an env variable for SUBFOLDER=/boinc/ location /boinc { @@ -16,6 +18,9 @@ location ^~ /boinc/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app boinc; diff --git a/booksonic.subdomain.conf.sample b/booksonic.subdomain.conf.sample index 11508e6..3b854e8 100644 --- a/booksonic.subdomain.conf.sample +++ b/booksonic.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for booksonic and that your booksonic container is not using a base url +## Version 2023/02/05 +# make sure that your booksonic container is named booksonic +# make sure that your dns has a cname set for booksonic server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app booksonic; diff --git a/booksonic.subfolder.conf.sample b/booksonic.subfolder.conf.sample index 156d6b8..37dfdf9 100644 --- a/booksonic.subfolder.conf.sample +++ b/booksonic.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your booksonic container is named booksonic +# make sure that booksonic is set to work with the base url /booksonic/ # set the CONTEXT_PATH variable to /booksonic in booksonic container. location ^~ /booksonic { @@ -12,6 +14,9 @@ location ^~ /booksonic { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app booksonic; diff --git a/bookstack.subdomain.conf.sample b/bookstack.subdomain.conf.sample index e61cea5..255ca16 100644 --- a/bookstack.subdomain.conf.sample +++ b/bookstack.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for bookstack and that your bookstack container is named bookstack +## Version 2023/02/05 +# make sure that your bookstack container is named bookstack +# make sure that your dns has a cname set for bookstack # Ensure you have the APP_URL Environment Variable set correctly in your Docker Run/Compose or in BookStack Env File (/www/.env) # https://github.com/linuxserver/docker-bookstack#docker @@ -19,8 +20,11 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { - #enable the next two lines for http auth + # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; @@ -30,6 +34,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app bookstack; diff --git a/budge.subdomain.conf.sample b/budge.subdomain.conf.sample index ba8f55b..c58792a 100644 --- a/budge.subdomain.conf.sample +++ b/budge.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2021/05/18 -# make sure that your dns has a cname set for budge and that your budge container is not using a base url +## Version 2023/02/05 +# make sure that your budge container is named budge +# make sure that your dns has a cname set for budge server { listen 443 ssl; @@ -11,24 +12,29 @@ server { client_max_body_size 0; - # enable for ldap auth, fill in ldap details in ldap.conf - #include /config/nginx/ldap.conf; + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; - # enable for Authelia + # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; - # enable the next two lines for ldap auth - #auth_request /auth; - #error_page 401 =200 /ldaplogin; + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; - # enable for Authelia + # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app budge; diff --git a/calibre-web.subdomain.conf.sample b/calibre-web.subdomain.conf.sample index bc7349d..e0af18a 100644 --- a/calibre-web.subdomain.conf.sample +++ b/calibre-web.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your calibre-web container is named calibre-web # make sure that your dns has a cname set for calibre-web server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -27,6 +31,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; # To use Authelia to log in to Calibre-Web, make sure "Reverse Proxy Login" is # enabled, "Reverse Proxy Header Name" is set to Remote-User, and each Authelia # user also has a corresponding user manually created in Calibre-Web. @@ -41,10 +48,10 @@ server { proxy_set_header X-Scheme $scheme; } - # OPDS feed for eBook reader apps - # Even if you use Authelia, the OPDS feed requires a password to be set for - # the user directly in Calibre-Web, as eBook reader apps don't support - # form-based logins, only HTTP Basic auth. + # OPDS feed for eBook reader apps + # Even if you use Authelia, the OPDS feed requires a password to be set for + # the user directly in Calibre-Web, as eBook reader apps don't support + # form-based logins, only HTTP Basic auth. location /opds/ { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; diff --git a/calibre-web.subfolder.conf.sample b/calibre-web.subfolder.conf.sample index 4e58abe..e28a272 100644 --- a/calibre-web.subfolder.conf.sample +++ b/calibre-web.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your calibre-web container is named calibre-web # calibre-web does not require a base url setting location /calibre-web { @@ -15,6 +16,9 @@ location ^~ /calibre-web/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; # To use Authelia to log in to Calibre-Web, make sure "Reverse Proxy Login" is # enabled, "Reverse Proxy Header Name" is set to Remote-User, and each Authelia # user also has a corresponding user manually created in Calibre-Web. diff --git a/calibre.subdomain.conf.sample b/calibre.subdomain.conf.sample index 6631479..4d0637d 100644 --- a/calibre.subdomain.conf.sample +++ b/calibre.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your calibre container is named calibre # make sure that your dns has a cname set for calibre # for the content server, go into calibre preferences / sharing over the net / advanced and # set the first option for prefix url to '/content-server', save and restart the container @@ -20,6 +21,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -31,6 +35,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app calibre; @@ -56,6 +63,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app calibre; diff --git a/calibre.subfolder.conf.sample b/calibre.subfolder.conf.sample index 3158274..21cc09b 100644 --- a/calibre.subfolder.conf.sample +++ b/calibre.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your calibre container is named calibre +# make sure that calibre is set to work with the base url /calibre/ # In calibre docker arguments, set an env variable for SUBFOLDER=/calibre/ # for the content server, go into calibre preferences / sharing over the net / advanced and # set the first option for prefix url to '/content-server', save and restart the container @@ -19,6 +21,9 @@ location ^~ /calibre/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app calibre; @@ -43,6 +48,9 @@ location ^~ /content-server/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app calibre; diff --git a/castopod.subdomain.conf.sample b/castopod.subdomain.conf.sample index f2a06ee..6d60034 100644 --- a/castopod.subdomain.conf.sample +++ b/castopod.subdomain.conf.sample @@ -1,5 +1,7 @@ -## Version 2022/10/06 -# make sure that your dns has a cname set for castopod and that your castopod container is not using a base url +## Version 2023/02/05 +# make sure that your castopod container is named castopod +# make sure that your dns has a cname set for castopod + server { listen 443 ssl; listen [::]:443 ssl; @@ -9,13 +11,16 @@ server { include /config/nginx/ssl.conf; client_max_body_size 0; - + # enable for ldap auth (requires ldap-location.conf in the location block) #include /config/nginx/ldap-server.conf; # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; - + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -27,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app castopod; @@ -35,4 +43,4 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } -} +} diff --git a/changedetection.subdomain.conf.sample b/changedetection.subdomain.conf.sample index 9058f88..f9b3071 100644 --- a/changedetection.subdomain.conf.sample +++ b/changedetection.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for changedetection and that your changedetection container is named changedetection +## Version 2023/02/05 +# make sure that your changedetection container is named changedetection +# make sure that your dns has a cname set for changedetection server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app changedetection; diff --git a/chevereto.subdomain.conf.sample b/chevereto.subdomain.conf.sample index c162bc2..6349fab 100644 --- a/chevereto.subdomain.conf.sample +++ b/chevereto.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for chevereto and that your chevereto container is not using a base url +## Version 2023/02/05 +# make sure that your chevereto container is named chevereto +# make sure that your dns has a cname set for chevereto server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app chevereto; diff --git a/chronograf.subdomain.conf.sample b/chronograf.subdomain.conf.sample index 1d3e1c3..76c6e4c 100644 --- a/chronograf.subdomain.conf.sample +++ b/chronograf.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# Make sure that your dns has a cname set for chronograf and that your chronograf container is not using a base url +## Version 2023/02/05 +# make sure that your chronograf container is named chronograf +# make sure that your dns has a cname set for chronograf server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app chronograf; diff --git a/chronograf.subfolder.conf.sample b/chronograf.subfolder.conf.sample index 63f57b2..0510f34 100644 --- a/chronograf.subfolder.conf.sample +++ b/chronograf.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your chronograf container is named chronograf +# make sure that chronograf is set to work with the base url /chronograf/ # add BASE_PATH=/chronograf environment variable to your docker compose/run location /chronograf { @@ -16,6 +18,9 @@ location ^~ /chronograf/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app chronograf; diff --git a/cloudbeaver.subdomain.conf.sample b/cloudbeaver.subdomain.conf.sample index 89e8601..fe2944c 100644 --- a/cloudbeaver.subdomain.conf.sample +++ b/cloudbeaver.subdomain.conf.sample @@ -1,6 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for cloudbeaver and that your cloudbeaver container is not using a base url -# tested using dbeaver/cloudbeaver +## Version 2023/02/05 +# make sure that your cloudbeaver container is named cloudbeaver +# make sure that your dns has a cname set for cloudbeaver server { listen 443 ssl; @@ -20,6 +20,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -31,6 +34,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app cloudbeaver; diff --git a/code-server.subdomain.conf.sample b/code-server.subdomain.conf.sample index 93a75c1..4c7abcb 100644 --- a/code-server.subdomain.conf.sample +++ b/code-server.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your code-server container is named code-server # make sure that your dns has a cname set for code-server server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app code-server; diff --git a/codimd.subdomain.conf.sample b/codimd.subdomain.conf.sample index 94c2e96..2eae937 100644 --- a/codimd.subdomain.conf.sample +++ b/codimd.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2022/09/08 +## Version 2023/02/05 # make sure you have added the following environmental variables to your run command/compose file # CMD_DOMAIN=codimd.server.com # CMD_PROTOCOL_USESSL=true @@ -19,6 +19,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -30,6 +33,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app codimd; diff --git a/collabora.subdomain.conf.sample b/collabora.subdomain.conf.sample index 3d830d3..712cfef 100644 --- a/collabora.subdomain.conf.sample +++ b/collabora.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for collabora and that your collabora container is named collabora +## Version 2023/02/05 +# make sure that your collabora container is named collabora +# make sure that your dns has a cname set for collabora server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app collabora; diff --git a/commento.subdomain.conf.sample b/commento.subdomain.conf.sample index 4521142..6ee6ddc 100644 --- a/commento.subdomain.conf.sample +++ b/commento.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for commento and that your commento config is not using a subdirectory. +## Version 2023/02/05 +# make sure that your commento container is named commento +# make sure that your dns has a cname set for commento server { listen 443 ssl; @@ -17,8 +18,11 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { - #enable the next two lines for http auth + # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app commento; diff --git a/couchpotato.subdomain.conf.sample b/couchpotato.subdomain.conf.sample index 4ab200f..07a6671 100644 --- a/couchpotato.subdomain.conf.sample +++ b/couchpotato.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for couchpotato and that your couchpotato container is not using a base url +## Version 2023/02/05 +# make sure that your couchpotato container is named couchpotato +# make sure that your dns has a cname set for couchpotato server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app couchpotato; diff --git a/couchpotato.subfolder.conf.sample b/couchpotato.subfolder.conf.sample index 62bb85f..e416b12 100644 --- a/couchpotato.subfolder.conf.sample +++ b/couchpotato.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# first go into couchpotato settings, under "General" set the URL Base to /couchpotato and restart the couchpotato container +## Version 2023/02/05 +# make sure that your couchpotato container is named couchpotato +# make sure that couchpotato is set to work with the base url /couchpotato/ location ^~ /couchpotato { # enable the next two lines for http auth @@ -12,6 +13,9 @@ location ^~ /couchpotato { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app couchpotato; diff --git a/crontabui.subfolder.conf.sample b/crontabui.subfolder.conf.sample index ba22371..0398d26 100644 --- a/crontabui.subfolder.conf.sample +++ b/crontabui.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your crontabui container is named crontabui # crontabui does not require a base url setting location /crontabui { @@ -16,6 +17,9 @@ location ^~ /crontabui/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app crontabui; diff --git a/crowdsec-dashboard.subdomain.conf.sample b/crowdsec-dashboard.subdomain.conf.sample index 3cc84f1..61651e9 100644 --- a/crowdsec-dashboard.subdomain.conf.sample +++ b/crowdsec-dashboard.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for crowdsec-dashboard and that your crowdsec-dashboard container is not using a base url +## Version 2023/02/05 +# make sure that your crowdsec-dashboard container is named crowdsec-dashboard +# make sure that your dns has a cname set for crowdsec-dashboard server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app crowdsec-dashboard; diff --git a/crowdsec.subdomain.conf.sample b/crowdsec.subdomain.conf.sample index 8dbb7a3..a93214e 100644 --- a/crowdsec.subdomain.conf.sample +++ b/crowdsec.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/08/26 -# make sure that your dns has a cname set for crowdsec and that your crowdsec container is not using a base url +## Version 2023/02/05 +# make sure that your crowdsec container is named crowdsec +# make sure that your dns has a cname set for crowdsec server { listen 443 ssl; @@ -11,30 +12,35 @@ server { client_max_body_size 0; - # enable for ldap auth, fill in ldap details in ldap.conf - #include /config/nginx/ldap.conf; + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; - # enable for Authelia + # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; - # enable the next two lines for ldap auth - #auth_request /auth; - #error_page 401 =200 /ldaplogin; + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; - # enable for Authelia + # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app crowdsec; set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - + } } diff --git a/dashy.subdomain.conf.sample b/dashy.subdomain.conf.sample index a4ffad8..3f13663 100644 --- a/dashy.subdomain.conf.sample +++ b/dashy.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for dashy and that your dashy container is not using a base url +## Version 2023/02/05 +# make sure that your dashy container is named dashy +# make sure that your dns has a cname set for dashy server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app dashy; diff --git a/deluge.subdomain.conf.sample b/deluge.subdomain.conf.sample index 6491d14..2f94ccd 100644 --- a/deluge.subdomain.conf.sample +++ b/deluge.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for deluge and that your deluge container is not using a base url +## Version 2023/02/05 +# make sure that your deluge container is named deluge +# make sure that your dns has a cname set for deluge server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app deluge; diff --git a/deluge.subfolder.conf.sample b/deluge.subfolder.conf.sample index 9ed5e2e..74aab62 100644 --- a/deluge.subfolder.conf.sample +++ b/deluge.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your deluge container is named deluge # deluge does not require a base url setting location /deluge { @@ -16,6 +17,9 @@ location ^~ /deluge/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app deluge; diff --git a/dillinger.subdomain.conf.sample b/dillinger.subdomain.conf.sample index ce04a81..081b345 100644 --- a/dillinger.subdomain.conf.sample +++ b/dillinger.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your dillinger container is named dillinger # make sure that your dns has a cname set for dillinger server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app dillinger; diff --git a/documentserver.subdomain.conf.sample b/documentserver.subdomain.conf.sample index ac81a8e..07d2c84 100644 --- a/documentserver.subdomain.conf.sample +++ b/documentserver.subdomain.conf.sample @@ -1,6 +1,6 @@ -## Version 2022/09/08 -# Make sure that your dns has a cname set for onlyoffice named "documentserver" -# Make sure that the onlyoffice documentserver container is named "documentserver" +## Version 2023/02/05 +# make sure that your onlyoffice documentserver container is named documentserver +# make sure that your dns has a cname set for documentserver server { listen 443 ssl; @@ -18,8 +18,11 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { - #enable the next two lines for http auth + # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; @@ -29,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app documentserver; diff --git a/dokuwiki.subdomain.conf.sample b/dokuwiki.subdomain.conf.sample index 3a0995b..9477dc4 100644 --- a/dokuwiki.subdomain.conf.sample +++ b/dokuwiki.subdomain.conf.sample @@ -1,6 +1,7 @@ -## Version 2022/09/08 -# First complete the setup by appending install.php to URL. -# Make sure that your dns has a cname set for dokuwiki +## Version 2023/02/05 +# make sure that your dokuwiki container is named dokuwiki +# make sure that your dns has a cname set for dokuwiki +# complete the setup by appending install.php to URL server { listen 443 ssl; @@ -18,8 +19,11 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { - #enable the next two lines for http auth + # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; @@ -29,6 +33,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app dokuwiki; diff --git a/dokuwiki.subfolder.conf.sample b/dokuwiki.subfolder.conf.sample index e8cc6a3..401968f 100644 --- a/dokuwiki.subfolder.conf.sample +++ b/dokuwiki.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your dokuwiki container is named dokuwiki +# make sure that dokuwiki is set to work with the base url /dokuwiki/ # first go into dokuwiki settings (Admin on the top left when Logged in), under "Configuration Settings" set the "basedir" to /dokuwiki/ and restart the dokuwiki container location /dokuwiki { @@ -16,6 +18,9 @@ location ^~ /dokuwiki/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app dokuwiki; diff --git a/domoticz.subdomain.conf.sample b/domoticz.subdomain.conf.sample index e37ff1f..3311a04 100644 --- a/domoticz.subdomain.conf.sample +++ b/domoticz.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# Make sure that your dns has a cname set for domoticz and that your domoticz container is not using a base url +## Version 2023/02/05 +# make sure that your domoticz container is named domoticz +# make sure that your dns has a cname set for domoticz server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app domoticz; diff --git a/domoticz.subfolder.conf.sample b/domoticz.subfolder.conf.sample index 81f1ee6..9bca758 100644 --- a/domoticz.subfolder.conf.sample +++ b/domoticz.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your domoticz container is named domoticz +# make sure that domoticz is set to work with the base url /domoticz/ # set the WEBROOT variable to domoticz for the domoticz container. location ^~ /domoticz/ { @@ -12,6 +14,9 @@ location ^~ /domoticz/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app domoticz; diff --git a/dozzle.subdomain.conf.sample b/dozzle.subdomain.conf.sample index 575e825..cc21037 100644 --- a/dozzle.subdomain.conf.sample +++ b/dozzle.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for dozzle and that your dozzle container is named dozzle +## Version 2023/02/05 +# make sure that your dozzle container is named dozzle +# make sure that your dns has a cname set for dozzle server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app dozzle; diff --git a/dozzle.subfolder.conf.sample b/dozzle.subfolder.conf.sample index 2449c25..b0cd5bd 100644 --- a/dozzle.subfolder.conf.sample +++ b/dozzle.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your dozzle container is named dozzle +# make sure that dozzle is set to work with the base url /dozzle/ # First either add "--base /dozzle" or "-e DOZZLE_BASE=/dozzle" to your docker run command, and restart the Dozzle container location /dozzle { @@ -16,6 +18,9 @@ location ^~ /dozzle/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app dozzle; diff --git a/drone.subdomain.conf.sample b/drone.subdomain.conf.sample index e057267..7d016f2 100644 --- a/drone.subdomain.conf.sample +++ b/drone.subdomain.conf.sample @@ -1,4 +1,7 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your drone container is named drone +# make sure that your dns has a cname set for drone + server { listen 443 ssl; listen [::]:443 ssl; @@ -15,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -26,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app drone; diff --git a/duplicati.subdomain.conf.sample b/duplicati.subdomain.conf.sample index 8af8a78..f333249 100644 --- a/duplicati.subdomain.conf.sample +++ b/duplicati.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for duplicati and that your duplicati container is not using a base url +## Version 2023/02/05 +# make sure that your duplicati container is named duplicati +# make sure that your dns has a cname set for duplicati server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app duplicati; diff --git a/duplicati.subfolder.conf.sample b/duplicati.subfolder.conf.sample index 77b592e..2640006 100644 --- a/duplicati.subfolder.conf.sample +++ b/duplicati.subfolder.conf.sample @@ -1,5 +1,7 @@ -## Version 2022/09/08 -# duplicati does not require a base url setting. DUPLICATI AUTH WILL NOT WORK WITH THIS CONFIG, use the auth options below +## Version 2023/02/05 +# make sure that your duplicati container is named duplicati +# duplicati does not require a base url setting +# DUPLICATI AUTH WILL NOT WORK WITH THIS CONFIG, use the auth options below location /duplicati { return 301 $scheme://$host/duplicati/; @@ -16,6 +18,9 @@ location ^~ /duplicati/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app duplicati; diff --git a/emby.subdomain.conf.sample b/emby.subdomain.conf.sample index 936d102..b843ad2 100644 --- a/emby.subdomain.conf.sample +++ b/emby.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2021/05/18 -# make sure that your dns has a cname set for emby and that your emby container is not using a base url +## Version 2023/02/05 +# make sure that your emby container is named emby +# make sure that your dns has a cname set for emby # if emby is running in bridge mode and the container is named "emby", the below config should work as is # if not, replace the line "set $upstream_app emby;" with "set $upstream_app <containername>;" # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of emby diff --git a/emby.subfolder.conf.sample b/emby.subfolder.conf.sample index 0fcc693..b2295c7 100644 --- a/emby.subfolder.conf.sample +++ b/emby.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2021/05/18 -# make sure that your dns has a cname set for emby +## Version 2023/02/05 +# make sure that your emby container is named emby +# emby does not require a base url setting # if emby is running in bridge mode and the container is named "emby", the below config should work as is # if not, replace the line "set $upstream_app emby;" with "set $upstream_app <containername>;" # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of emby diff --git a/embystat.subdomain.conf.sample b/embystat.subdomain.conf.sample index 7b78a99..a738468 100644 --- a/embystat.subdomain.conf.sample +++ b/embystat.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your embystat container is named embystat # make sure that your dns has a cname set for embystat server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app embystat; diff --git a/emulatorjs.subdomain.conf.sample b/emulatorjs.subdomain.conf.sample index 32b3824..92b05c2 100644 --- a/emulatorjs.subdomain.conf.sample +++ b/emulatorjs.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your emulatorjs container is named emulatorjs # make sure that your dns has a cname set for emulatorjs # In emulatorjs docker arguments, set an env variable for SUBFOLDER=/backend/ # The backend interface will be accessible at https://emulatorjs.yourdomain.com/backend/ @@ -20,6 +21,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -31,6 +35,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app emulatorjs; @@ -54,6 +61,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app emulatorjs; diff --git a/filebot.subdomain.conf.sample b/filebot.subdomain.conf.sample index f8c0d08..1593399 100644 --- a/filebot.subdomain.conf.sample +++ b/filebot.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for filebot and that your filebot container is not using a base url +## Version 2023/02/05 +# make sure that your filebot container is named filebot +# make sure that your dns has a cname set for filebot server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app filebot; diff --git a/filebot.subfolder.conf.sample b/filebot.subfolder.conf.sample index aaa204d..20a7430 100644 --- a/filebot.subfolder.conf.sample +++ b/filebot.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your filebot container is named filebot # filebot does not require a base url setting location /filebot { @@ -16,6 +17,9 @@ location ^~ /filebot/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app filebot; diff --git a/filebrowser.subdomain.conf.sample b/filebrowser.subdomain.conf.sample index 81c6dbe..194815f 100644 --- a/filebrowser.subdomain.conf.sample +++ b/filebrowser.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for filebrowser and that your filebrowser container is not using a base url +## Version 2023/02/05 +# make sure that your filebrowser container is named filebrowser +# make sure that your dns has a cname set for filebrowser server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app filebrowser; diff --git a/filebrowser.subfolder.conf.sample b/filebrowser.subfolder.conf.sample index 64893e4..8c7ceaf 100644 --- a/filebrowser.subfolder.conf.sample +++ b/filebrowser.subfolder.conf.sample @@ -1,5 +1,7 @@ -## Version 2022/09/08 -# set this environment variable on your filebrowser container FILEBROWSER_BASEURL=/filebrowser +## Version 2023/02/05 +# make sure that your filebrowser container is named filebrowser +# make sure that filebrowser is set to work with the base url /filebrowser/ +# set this environment variable on your filebrowser container FB_BASEURL=/filebrowser location /filebrowser { return 301 $scheme://$host/filebrowser/; @@ -16,6 +18,9 @@ location ^~ /filebrowser/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app filebrowser; diff --git a/firefly.subdomain.conf.sample b/firefly.subdomain.conf.sample index f06b2f5..b30494c 100644 --- a/firefly.subdomain.conf.sample +++ b/firefly.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for firefly and that your firefly container is not using a base url +## Version 2023/02/05 +# make sure that your firefly container is named firefly +# make sure that your dns has a cname set for firefly server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app firefly; diff --git a/firefox.subdomain.conf.sample b/firefox.subdomain.conf.sample index 3a9401e..d12cff6 100644 --- a/firefox.subdomain.conf.sample +++ b/firefox.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for firefox and that your firefox container is not using a base url +## Version 2023/02/05 +# make sure that your firefox container is named firefox +# make sure that your dns has a cname set for firefox server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app firefox; diff --git a/flexget.subdomain.conf.sample b/flexget.subdomain.conf.sample index 9c7b787..827ddc8 100644 --- a/flexget.subdomain.conf.sample +++ b/flexget.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your flexget container is named flexget # make sure that your dns has a cname set for flexget server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app flexget; diff --git a/flexget.subfolder.conf.sample b/flexget.subfolder.conf.sample index 87ff4a0..12f1566 100644 --- a/flexget.subfolder.conf.sample +++ b/flexget.subfolder.conf.sample @@ -1,34 +1,39 @@ -## Version 2022/09/08 +## Version 2023/02/12 +# make sure that your flexget container is named flexget +# make sure that flexget is set to work with the base url /flexget/ # make sure to set 'base_url: /flexget' under your flexget's config.yml web_server block -# + location /flexget { return 301 $scheme://$host/flexget/; } - location ^~ /flexget/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; +location ^~ /flexget/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app flexget; - set $upstream_port 5050; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; - location ^~ /flexget/api/ { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app flexget; - set $upstream_port 5050; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app flexget; + set $upstream_port 5050; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; +} + +location ^~ /flexget/api/ { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app flexget; + set $upstream_port 5050; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; +} diff --git a/flood.subdomain.conf.sample b/flood.subdomain.conf.sample index fd5f52e..dd5c906 100644 --- a/flood.subdomain.conf.sample +++ b/flood.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for flood and that your flood container is not using a base url +## Version 2023/02/05 +# make sure that your flood container is named flood +# make sure that your dns has a cname set for flood server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app flood; diff --git a/flood.subfolder.conf.sample b/flood.subfolder.conf.sample index ec1415e..6b16d65 100644 --- a/flood.subfolder.conf.sample +++ b/flood.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your flood container is named flood # flood does not require a base url setting location /flood { @@ -16,6 +17,9 @@ location ^~ /flood/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app flood; diff --git a/foldingathome.subdomain.conf.sample b/foldingathome.subdomain.conf.sample index aff5b09..fe66399 100644 --- a/foldingathome.subdomain.conf.sample +++ b/foldingathome.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your foldingathome container is named foldingathome # make sure that your dns has a cname set for foldingathome server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; proxy_buffering off; include /config/nginx/resolver.conf; diff --git a/foundryvtt.subdomain.conf.sample b/foundryvtt.subdomain.conf.sample index af61d2a..ea62cb9 100644 --- a/foundryvtt.subdomain.conf.sample +++ b/foundryvtt.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your foundryvtt container is named foundryvtt # make sure that your dns has a cname set for foundryvtt # Ensure that your Foundry VTT's {userData}/Config/options.json file is configured as follows: # "hostname": "your.hostname.com", @@ -26,6 +27,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +41,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app foundryvtt; diff --git a/freshrss.subdomain.conf.sample b/freshrss.subdomain.conf.sample index 34a61eb..fa338b1 100644 --- a/freshrss.subdomain.conf.sample +++ b/freshrss.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your freshrss container is named freshrss # make sure that your dns has a cname set for freshrss server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app freshrss; diff --git a/freshrss.subfolder.conf.sample b/freshrss.subfolder.conf.sample index 91adef9..208d400 100644 --- a/freshrss.subfolder.conf.sample +++ b/freshrss.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# freshrss does not have a base url setting +## Version 2023/02/05 +# make sure that your freshrss container is named freshrss +# freshrss does not require a base url setting location /freshrss { return 301 $scheme://$host/freshrss/; @@ -16,6 +17,9 @@ location ^~ /freshrss/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app freshrss; diff --git a/gaps.subdomain.conf.sample b/gaps.subdomain.conf.sample index 7ef603b..3753a93 100644 --- a/gaps.subdomain.conf.sample +++ b/gaps.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for gaps and that your gaps container is not using a base url +## Version 2023/02/05 +# make sure that your gaps container is named gaps +# make sure that your dns has a cname set for gaps server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app gaps; diff --git a/gaps.subfolder.conf.sample b/gaps.subfolder.conf.sample index ec81bf9..9f99ff7 100644 --- a/gaps.subfolder.conf.sample +++ b/gaps.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your gaps container is named gaps +# make sure that gaps is set to work with the base url /gaps/ # In your Docker compose (or docker run) add: BASE_URL: /gaps location /gaps { @@ -16,6 +18,9 @@ location ^~ /gaps/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app gaps; diff --git a/get_iplayer.subdomain.conf.sample b/get_iplayer.subdomain.conf.sample index d3e698f..d4a89c9 100644 --- a/get_iplayer.subdomain.conf.sample +++ b/get_iplayer.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for get_iplayer and that your get_iplayer container is named get_iplayer +## Version 2023/02/05 +# make sure that your get_iplayer container is named get_iplayer +# make sure that your dns has a cname set for get_iplayer server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app get_iplayer; diff --git a/ghost.subdomain.conf.sample b/ghost.subdomain.conf.sample index 4c9c1b7..99641ce 100644 --- a/ghost.subdomain.conf.sample +++ b/ghost.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for ghost and that your ghost config is not using a subdirectory. +## Version 2023/02/05 +# make sure that your ghost container is named ghost +# make sure that your dns has a cname set for ghost server { listen 443 ssl; @@ -17,8 +18,11 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { - #enable the next two lines for http auth + # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app ghost; diff --git a/ghost.subfolder.conf.sample b/ghost.subfolder.conf.sample index 482a590..5673ccc 100644 --- a/ghost.subfolder.conf.sample +++ b/ghost.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your ghost container is named ghost +# make sure that ghost is set to work with the base url /ghost/ # Make sure you are using a subfolder in your ghost config file. https://ghost.org/docs/concepts/config/#url # Note: /ghost/ is by default used for the admin page. See https://ghost.org/docs/concepts/config/#admin-url @@ -13,6 +15,9 @@ location /blog { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app ghost; diff --git a/gitea.subdomain.conf.sample b/gitea.subdomain.conf.sample index d9d33d4..c51fa5b 100644 --- a/gitea.subdomain.conf.sample +++ b/gitea.subdomain.conf.sample @@ -1,5 +1,7 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for gitea and the following parameters in /data/gitea/conf/app.ini are edited +## Version 2023/02/05 +# make sure that your gitea container is named gitea +# make sure that your dns has a cname set for gitea +# edit the following parameters in /data/gitea/conf/app.ini # [server] # SSH_DOMAIN = gitea.server.com # ROOT_URL = https://gitea.server.com/ @@ -21,6 +23,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -32,6 +37,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app gitea; diff --git a/gitea.subfolder.conf.sample b/gitea.subfolder.conf.sample index 7f056d4..14f84a7 100644 --- a/gitea.subfolder.conf.sample +++ b/gitea.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2021/05/18 +## Version 2023/02/05 +# make sure that your gitea container is named gitea +# make sure that gitea is set to work with the base url /gitea/ # The following parameters in /data/gitea/conf/app.ini should be edited to match your setup # [server] # SSH_DOMAIN = example.com:2222 diff --git a/glances.subdomain.conf.sample b/glances.subdomain.conf.sample index a6c63a8..d0baef0 100644 --- a/glances.subdomain.conf.sample +++ b/glances.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for glances and that your glances container is not using a base url +## Version 2023/02/05 +# make sure that your glances container is named glances +# make sure that your dns has a cname set for glances server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app glances; diff --git a/glances.subfolder.conf.sample b/glances.subfolder.conf.sample index 80a2f9d..b4da5f4 100644 --- a/glances.subfolder.conf.sample +++ b/glances.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your glances container is named glances # glances does not require a base url setting location /glances { @@ -16,6 +17,9 @@ location ^~ /glances/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app glances; diff --git a/gotify.subdomain.conf.sample b/gotify.subdomain.conf.sample index e391511..b0f24a8 100644 --- a/gotify.subdomain.conf.sample +++ b/gotify.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your gotify container is named gotify # make sure that your dns has a cname set for gotify server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app gotify; diff --git a/gotify.subfolder.conf.sample b/gotify.subfolder.conf.sample index 5d8118e..aae75b8 100644 --- a/gotify.subfolder.conf.sample +++ b/gotify.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# gotify doesn't require a base url +## Version 2023/02/05 +# make sure that your gotify container is named gotify +# gotify does not require a base url setting location /gotify { return 301 $scheme://$host/gotify/; @@ -16,6 +17,9 @@ location /gotify/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app gotify; diff --git a/grafana.subdomain.conf.sample b/grafana.subdomain.conf.sample index 0db34f2..7e1a95e 100644 --- a/grafana.subdomain.conf.sample +++ b/grafana.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for grafana and that your grafana container is not using a base url +## Version 2023/02/12 +# make sure that your grafana container is named grafana +# make sure that your dns has a cname set for grafana server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app grafana; @@ -39,4 +46,32 @@ server { #proxy_set_header Authorization ""; } + + location ~ (/grafana)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app grafana; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/grafana)?/metrics { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # block metrics access by default because it is unprotected + # you can comment out the next line to enable remote metrics + deny all; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app grafana; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } } diff --git a/grafana.subfolder.conf.sample b/grafana.subfolder.conf.sample index f283e11..b6f9a36 100644 --- a/grafana.subfolder.conf.sample +++ b/grafana.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/12 +# make sure that your grafana container is named grafana +# make sure that grafana is set to work with the base url /grafana/ # grafana requires environment variables set thus: # environment: # - "GF_SERVER_ROOT_URL=https://my.domain.com/grafana" @@ -15,6 +17,47 @@ location ^~ /grafana/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_grafana grafana; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass http://$upstream_grafana:$upstream_port ; + + # Clear Authorization Header if you are using http auth and normal Grafana auth + #proxy_set_header Authorization ""; + + rewrite ^/grafana/(.*)$ /$1 break; + +} + +location ^~ /grafana/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_grafana grafana; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass http://$upstream_grafana:$upstream_port ; + + # Clear Authorization Header if you are using http auth and normal Grafana auth + #proxy_set_header Authorization ""; + + rewrite ^/grafana/(.*)$ /$1 break; + +} + +location ^~ /grafana/metrics { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # block metrics access by default because it is unprotected + # you can comment out the next line to enable remote metrics + deny all; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_grafana grafana; diff --git a/graylog.subdomain.conf.sample b/graylog.subdomain.conf.sample index 309fe48..2b1b4f6 100644 --- a/graylog.subdomain.conf.sample +++ b/graylog.subdomain.conf.sample @@ -1,7 +1,8 @@ -## Version 2022/10/05 +## Version 2023/02/05 +# make sure that your graylog container is named graylog +# make sure that your dns has a cname set for graylog # Ensure the upstream_port matches your GRAYLOG_HTTP_BIND_ADDRESS port # This conf assumes GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000 -# make sure that your dns has a cname set for graylog and that your graylog container is not using a base url server { listen 443 ssl; @@ -19,6 +20,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -30,6 +34,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app graylog; diff --git a/grocy.subdomain.conf.sample b/grocy.subdomain.conf.sample index 3464be0..5f4479e 100644 --- a/grocy.subdomain.conf.sample +++ b/grocy.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/12 +# make sure that your grocy container is named grocy # make sure that your dns has a cname set for grocy server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app grocy; @@ -37,7 +44,7 @@ server { } - location /api { + location ~ (/grocy)?/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app grocy; diff --git a/guacamole.subdomain.conf.sample b/guacamole.subdomain.conf.sample index bb71761..bc5a1eb 100644 --- a/guacamole.subdomain.conf.sample +++ b/guacamole.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for guacamole and that your guacamole container is not using a base url +## Version 2023/02/05 +# make sure that your guacamole container is named guacamole +# make sure that your dns has a cname set for guacamole server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app guacamole; diff --git a/guacamole.subfolder.conf.sample b/guacamole.subfolder.conf.sample index 2b139e7..b1355f2 100644 --- a/guacamole.subfolder.conf.sample +++ b/guacamole.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your guacamole container is named guacamole # guacamole does not require a base url setting location /guacamole { @@ -16,6 +17,9 @@ location ^~ /guacamole/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app guacamole; diff --git a/hass-configurator.subdomain.conf.sample b/hass-configurator.subdomain.conf.sample index e0afbad..1575a42 100644 --- a/hass-configurator.subdomain.conf.sample +++ b/hass-configurator.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for hass configurator +## Version 2023/02/05 +# make sure that your hass container is named hass +# make sure that your dns has a cname set for hass # this proxy configuration file is for the hass-configurator-docker container that is used # in the hassos addon store (https://github.com/CausticLab/hass-configurator-docker) @@ -19,6 +20,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -30,6 +34,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app hass-configurator; diff --git a/headphones.subdomain.conf.sample b/headphones.subdomain.conf.sample index 8ed6405..ddee5b3 100644 --- a/headphones.subdomain.conf.sample +++ b/headphones.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your headphones container is named headphones # make sure that your dns has a cname set for headphones server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app headphones; diff --git a/headphones.subfolder.conf.sample b/headphones.subfolder.conf.sample index ab6ecc5..d1dd198 100644 --- a/headphones.subfolder.conf.sample +++ b/headphones.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your headphones container is named headphones +# make sure that headphones is set to work with the base url /headphones/ # first stop the headphones container and edit the config.ini for headphones and set http_root to /headphones and then start the headphones container location ^~ /headphones { @@ -12,6 +14,9 @@ location ^~ /headphones { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app headphones; diff --git a/healthchecks.subdomain.conf.sample b/healthchecks.subdomain.conf.sample index 31e389f..10592c3 100644 --- a/healthchecks.subdomain.conf.sample +++ b/healthchecks.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for <container_name> and that your <container_name> container is not using a base url +## Version 2023/02/05 +# make sure that your healthchecks container is named healthchecks +# make sure that your dns has a cname set for healthchecks # make sure your Healthchecks ALLOWED_HOSTS and SITE_ROOT align with the server_name used in this conf. server { @@ -18,6 +19,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -29,6 +33,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app healthchecks; diff --git a/hedgedoc.subdomain.conf.sample b/hedgedoc.subdomain.conf.sample index a3da7de..69bf395 100644 --- a/hedgedoc.subdomain.conf.sample +++ b/hedgedoc.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2022/09/08 +## Version 2023/02/05 # make sure you set the following environment variables in your docker arguments # CMD_DOMAIN=hedgedoc.server.com # CMD_URL_ADDPORT=false @@ -20,6 +20,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -31,6 +34,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app hedgedoc; diff --git a/heimdall.subdomain.conf.sample b/heimdall.subdomain.conf.sample index 1e94ffb..519a7f6 100644 --- a/heimdall.subdomain.conf.sample +++ b/heimdall.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your heimdall container is named heimdall # make sure that your dns has a cname set for heimdall server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app heimdall; diff --git a/heimdall.subfolder.conf.sample b/heimdall.subfolder.conf.sample index c4e1120..56e6926 100644 --- a/heimdall.subfolder.conf.sample +++ b/heimdall.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your heimdall container is named heimdall # In order to use this location block you need to edit the default file one folder up and comment out the / location location / { @@ -12,6 +13,9 @@ location / { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app heimdall; diff --git a/homeassistant.subdomain.conf.sample b/homeassistant.subdomain.conf.sample index 08abac2..954ba1c 100644 --- a/homeassistant.subdomain.conf.sample +++ b/homeassistant.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for homeassistant and that your homeassistant container is not using a base url +## Version 2023/02/05 +# make sure that your homeassistant container is named homeassistant +# make sure that your dns has a cname set for homeassistant # As of homeassistant 2021.7.0, it is now required to define the network range your proxy resides in, this is done in Homeassitants configuration.yaml # https://www.home-assistant.io/integrations/http/#trusted_proxies @@ -26,6 +27,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -37,6 +41,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app homeassistant; diff --git a/homebridge.subdomain.conf.sample b/homebridge.subdomain.conf.sample index 13b5531..2178828 100644 --- a/homebridge.subdomain.conf.sample +++ b/homebridge.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for homebridge and that your homebridge container is not using a base url +## Version 2023/02/05 +# make sure that your homebridge container is named homebridge +# make sure that your dns has a cname set for homebridge server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app homebridge; # change to host IP if using host networking mode diff --git a/homer.subdomain.conf.sample b/homer.subdomain.conf.sample index cb078d1..6dd9082 100644 --- a/homer.subdomain.conf.sample +++ b/homer.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for homer and that your homer container is not using a base url +## Version 2023/02/05 +# make sure that your homer container is named homer +# make sure that your dns has a cname set for homer server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app homer; diff --git a/huginn.subdomain.conf.sample b/huginn.subdomain.conf.sample index 698658b..ffba571 100644 --- a/huginn.subdomain.conf.sample +++ b/huginn.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your huginn container is named huginn # make sure that your dns has a cname set for huginn server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app huginn; diff --git a/influxdb.subdomain.conf.sample b/influxdb.subdomain.conf.sample index 9154830..9285c5f 100644 --- a/influxdb.subdomain.conf.sample +++ b/influxdb.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for influxdb and that your influxdb container is not using a base url +## Version 2023/02/05 +# make sure that your influxdb container is named influxdb +# make sure that your dns has a cname set for influxdb server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app influxdb; diff --git a/jackett.subdomain.conf.sample b/jackett.subdomain.conf.sample index b021b4f..9c6973d 100644 --- a/jackett.subdomain.conf.sample +++ b/jackett.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for jackett and that your jackett container is not using a base url +## Version 2023/02/05 +# make sure that your jackett container is named jackett +# make sure that your dns has a cname set for jackett server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app jackett; diff --git a/jackett.subfolder.conf.sample b/jackett.subfolder.conf.sample index ada717e..030b96c 100644 --- a/jackett.subfolder.conf.sample +++ b/jackett.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# first go into jackett settings, set the URL Base to /jackett and restart the jackett container +## Version 2023/02/05 +# make sure that your jackett container is named jackett +# make sure that jackett is set to work with the base url /jackett/ location ^~ /jackett { # enable the next two lines for http auth @@ -12,6 +13,9 @@ location ^~ /jackett { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app jackett; diff --git a/jdownloader.subdomain.conf.sample b/jdownloader.subdomain.conf.sample index 21eaad6..797c791 100644 --- a/jdownloader.subdomain.conf.sample +++ b/jdownloader.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for jdownloader and that your jdownloader container is not using a base url +## Version 2023/02/05 +# make sure that your jdownloader container is named jdownloader +# make sure that your dns has a cname set for jdownloader server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app jdownloader; diff --git a/jellyfin.subdomain.conf.sample b/jellyfin.subdomain.conf.sample index 489f34c..37fa3b0 100644 --- a/jellyfin.subdomain.conf.sample +++ b/jellyfin.subdomain.conf.sample @@ -1,10 +1,10 @@ -## Version 2021/05/18 +## Version 2023/02/05 +# make sure that your jellyfin container is named jellyfin # make sure that your dns has a cname set for jellyfin # if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is # if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app <containername>;" # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of jellyfin -# in jellyfin settings, under "Advanced/Networking" change the public https port to 443, leave the local ports as is, -# and set the "Secure connection mode" to "Handled by reverse proxy" +# in jellyfin settings, under "Advanced/Networking" add subdomain.mydomain.tld as a known proxy server { listen 443 ssl; diff --git a/jellyfin.subfolder.conf.sample b/jellyfin.subfolder.conf.sample index fbbc5c2..3d55e1a 100644 --- a/jellyfin.subfolder.conf.sample +++ b/jellyfin.subfolder.conf.sample @@ -1,10 +1,9 @@ -## Version 2021/05/18 -# make sure that your dns has a cname set for jellyfin +## Version 2023/02/05 +# make sure that your jellyfin container is named jellyfin # if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is # if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app <containername>;" # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of jellyfin -# in jellyfin settings, under "Advanced/Networking" change the public https port to 443, leave the local ports as is, set the base url to "/jellyfin", -# and set the "Secure connection mode" to "Handled by reverse proxy" +# in jellyfin settings, under "Advanced/Networking" change the public https port to 443, leave the local ports as is, set the base url to "/jellyfin" location /jellyfin { return 301 $scheme://$host/jellyfin/; diff --git a/jellyseerr.subdomain.conf.sample b/jellyseerr.subdomain.conf.sample index c708e10..20a75f0 100644 --- a/jellyseerr.subdomain.conf.sample +++ b/jellyseerr.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for jellyseerr and that your jellyseerr container is named jellyseerr +## Version 2023/02/05 +# make sure that your jellyseerr container is named jellyseerr +# make sure that your dns has a cname set for jellyseerr server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app jellyseerr; diff --git a/jenkins.subfolder.conf.sample b/jenkins.subfolder.conf.sample index 357346a..ac6e7e2 100644 --- a/jenkins.subfolder.conf.sample +++ b/jenkins.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your jenkins container is named jenkins +# make sure that jenkins is set to work with the base url /jenkins/ # First either add '--prefix=/jenkins' or '-e JENKINS_OPTS="--prefix=/jenkins"' to your docker run command, and restart the Jenkins container. # Also be sure to add '/jenkins/' to your URL under: Jenkins > Configuration > Manage Jenkins > Jenkins URL @@ -17,6 +19,9 @@ location ^~ /jenkins/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app jenkins; diff --git a/kanzi.subdomain.conf.sample b/kanzi.subdomain.conf.sample index a883b97..0a9ad93 100644 --- a/kanzi.subdomain.conf.sample +++ b/kanzi.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your kanzi container is named kanzi # make sure that your dns has a cname set for kanzi server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app kanzi; diff --git a/kanzi.subfolder.conf.sample b/kanzi.subfolder.conf.sample index 6cd1a67..5ec965d 100644 --- a/kanzi.subfolder.conf.sample +++ b/kanzi.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# kanzi does not have a base url setting +## Version 2023/02/05 +# make sure that your kanzi container is named kanzi +# kanzi does not require a base url setting location /kanzi { return 301 $scheme://$host/kanzi/; @@ -16,6 +17,9 @@ location ^~ /kanzi/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app kanzi; diff --git a/kavita.subdomain.conf.sample b/kavita.subdomain.conf.sample index e69d5c0..207b82d 100644 --- a/kavita.subdomain.conf.sample +++ b/kavita.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2021/05/18 -# make sure that your dns has a cname set for kavita and that your kavita container is not using a base url +## Version 2023/02/05 +# make sure that your kavita container is named kavita +# make sure that your dns has a cname set for kavita server { listen 443 ssl; @@ -11,24 +12,29 @@ server { client_max_body_size 0; - # enable for ldap auth, fill in ldap details in ldap.conf - #include /config/nginx/ldap.conf; + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; - # enable for Authelia + # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; - # enable the next two lines for ldap auth - #auth_request /auth; - #error_page 401 =200 /ldaplogin; + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; - # enable for Authelia + # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app kavita; diff --git a/komga.subdomain.conf.sample b/komga.subdomain.conf.sample index f1b11cf..418fd0e 100644 --- a/komga.subdomain.conf.sample +++ b/komga.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for komga and that your komga container is not using a base url +## Version 2023/02/05 +# make sure that your komga container is named komga +# make sure that your dns has a cname set for komga server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app komga; diff --git a/komga.subfolder.conf.sample b/komga.subfolder.conf.sample index 5e58c16..7cd97d7 100644 --- a/komga.subfolder.conf.sample +++ b/komga.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your komga container is named komga +# make sure that komga is set to work with the base url /komga/ # First make sure your Container has set an Baseurl set via docker-compose File "envirnoment: SERVER_SERVLET_CONTEXT_PATH=/komga" and recreate the container. location /komga { @@ -16,6 +18,9 @@ location ^~ /komga/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app komga; @@ -25,11 +30,11 @@ location ^~ /komga/ { } - location ^~ /komga/api { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app komga; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } +location ^~ /komga/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app komga; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; +} diff --git a/lazylibrarian.subdomain.conf.sample b/lazylibrarian.subdomain.conf.sample index 426afc7..342af83 100644 --- a/lazylibrarian.subdomain.conf.sample +++ b/lazylibrarian.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your lazylibrarian container is named lazylibrarian # make sure that your dns has a cname set for lazylibrarian server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app lazylibrarian; diff --git a/lazylibrarian.subfolder.conf.sample b/lazylibrarian.subfolder.conf.sample index 0d23341..2ba4c21 100644 --- a/lazylibrarian.subfolder.conf.sample +++ b/lazylibrarian.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# first go into lazylibrarian settings, under "Interface" set the URL Base to /lazylibrarian and restart the lazylibrarian container +## Version 2023/02/05 +# make sure that your lazylibrarian container is named lazylibrarian +# make sure that lazylibrarian is set to work with the base url /lazylibrarian/ location ^~ /lazylibrarian { # enable the next two lines for http auth @@ -12,6 +13,9 @@ location ^~ /lazylibrarian { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app lazylibrarian; diff --git a/librespeed.subdomain.conf.sample b/librespeed.subdomain.conf.sample index 27c4301..8328444 100644 --- a/librespeed.subdomain.conf.sample +++ b/librespeed.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your librespeed container is named librespeed # make sure that your dns has a cname set for librespeed server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app librespeed; diff --git a/lidarr.subdomain.conf.sample b/lidarr.subdomain.conf.sample index 0e5e96b..ccdfe36 100644 --- a/lidarr.subdomain.conf.sample +++ b/lidarr.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for lidarr and that your lidarr container is not using a base url +## Version 2023/02/05 +# make sure that your lidarr container is named lidarr +# make sure that your dns has a cname set for lidarr server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app lidarr; diff --git a/lidarr.subfolder.conf.sample b/lidarr.subfolder.conf.sample index 9868d21..dac4f28 100644 --- a/lidarr.subfolder.conf.sample +++ b/lidarr.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# first go into lidarr settings, under "General" set the URL Base to /lidarr and restart the lidarr container +## Version 2023/02/05 +# make sure that your lidarr container is named lidarr +# make sure that lidarr is set to work with the base url /lidarr/ location ^~ /lidarr { # enable the next two lines for http auth @@ -12,6 +13,9 @@ location ^~ /lidarr { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app lidarr; diff --git a/lldap.subdomain.conf.sample b/lldap.subdomain.conf.sample index 4c257a2..684ee77 100644 --- a/lldap.subdomain.conf.sample +++ b/lldap.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2021/05/18 -# make sure that your dns has a cname set for lldap and that your lldap container is not using a base url +## Version 2023/02/05 +# make sure that your lldap container is named lldap +# make sure that your dns has a cname set for lldap server { listen 443 ssl; @@ -11,24 +12,29 @@ server { client_max_body_size 0; - # enable for ldap auth, fill in ldap details in ldap.conf - #include /config/nginx/ldap.conf; + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; - # enable for Authelia + # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; - # enable the next two lines for ldap auth - #auth_request /auth; - #error_page 401 =200 /ldaplogin; + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; - # enable for Authelia + # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app lldap; diff --git a/lychee.subdomain.conf.sample b/lychee.subdomain.conf.sample index e4955ab..80d3260 100644 --- a/lychee.subdomain.conf.sample +++ b/lychee.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your lychee container is named lychee # make sure that your dns has a cname set for lychee server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app lychee; diff --git a/lychee.subfolder.conf.sample b/lychee.subfolder.conf.sample index 2d77c62..4b8f6ad 100644 --- a/lychee.subfolder.conf.sample +++ b/lychee.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your lychee container is named lychee # lychee does not require a base url setting location /lychee { @@ -16,6 +17,9 @@ location /lychee/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app lychee; diff --git a/mailu.subdomain.conf.sample b/mailu.subdomain.conf.sample index 49aa84a..c9af6fd 100644 --- a/mailu.subdomain.conf.sample +++ b/mailu.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for mailu and that your mailu front container is named front +## Version 2023/02/05 +# make sure that your mailu container is named front +# make sure that your dns has a cname set for mailu server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app front; diff --git a/mailu.subfolder.conf.sample b/mailu.subfolder.conf.sample index 2f96d1d..5a4cfef 100644 --- a/mailu.subfolder.conf.sample +++ b/mailu.subfolder.conf.sample @@ -1,10 +1,11 @@ -## Version 2022/09/08 -# mailu does not require a base url setting, but the container needs to be named front +## Version 2023/02/05 +# make sure that your mailu container is named mailu +# mailu does not require a base url setting # This config have been tested with "TLS_FLAVOR=mail" # To avoid errors you must change in docker-compose ports: 80 and 443, more info: https://mailu.io/1.7/reverse.html -location /admin{ +location /admin { return 301 $scheme://$host/admin/; } @@ -19,6 +20,9 @@ location ^~ /admin/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app front; @@ -28,7 +32,7 @@ location ^~ /admin/ { } -location /webmail{ +location /webmail { return 301 $scheme://$host/webmail/; } @@ -43,6 +47,9 @@ location ^~ /webmail/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app front; diff --git a/mastodon.subdomain.conf.sample b/mastodon.subdomain.conf.sample index 5a3d8f6..b816d1d 100644 --- a/mastodon.subdomain.conf.sample +++ b/mastodon.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/11/10 +## Version 2023/02/05 +# make sure that your mastodon container is named mastodon # make sure that your dns has a cname set for mastodon # make sure you set `WEB_DOMAIN=mastodon.example.com` env var for the mastodon container # if you set `LOCAL_DOMAIN=example.com` (without the mastodon subdomain), then don't forget to add @@ -21,6 +22,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -32,6 +36,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app mastodon; diff --git a/matomo.subdomain.conf.sample b/matomo.subdomain.conf.sample index 57280ab..772111b 100644 --- a/matomo.subdomain.conf.sample +++ b/matomo.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for matomo and that your matomo container is not using a base url +## Version 2023/02/05 +# make sure that your matomo container is named matomo +# make sure that your dns has a cname set for matomo server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app matomo; diff --git a/mattermost.subdomain.conf.sample b/mattermost.subdomain.conf.sample index a31c020..a5b41af 100644 --- a/mattermost.subdomain.conf.sample +++ b/mattermost.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2022/07/29 +## Version 2023/02/05 # Make sure that your DNS has a CNAME record for "mattermost" and your Mattermost container is using the same subdomain # To learn how to deploy Mattermost via Docker, visit https://docs.mattermost.com/install/install-docker.html @@ -12,24 +12,29 @@ server { client_max_body_size 0; - # enable for ldap auth, fill in ldap details in ldap.conf - #include /config/nginx/ldap.conf; + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; - # enable for Authelia + # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; - # enable the next two lines for ldap auth - #auth_request /auth; - #error_page 401 =200 /ldaplogin; + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; - # enable for Authelia + # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app mattermost; diff --git a/mealie.subdomain.conf.sample b/mealie.subdomain.conf.sample index 5c2a06d..dda960b 100644 --- a/mealie.subdomain.conf.sample +++ b/mealie.subdomain.conf.sample @@ -1,5 +1,5 @@ -## Version 2022/09/08 -# Ensure your DNS has a CNAME set for mealie and that mealie container is not using a base URL. +## Version 2023/02/05 +# Ensure your DNS has a CNAME set for mealie and that mealie container is named. server { listen 443 ssl; @@ -17,6 +17,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +31,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app mealie; diff --git a/medusa.subdomain.conf.sample b/medusa.subdomain.conf.sample index 474628b..5617b1c 100644 --- a/medusa.subdomain.conf.sample +++ b/medusa.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your medusa container is named medusa # make sure that your dns has a cname set for medusa server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app medusa; diff --git a/medusa.subfolder.conf.sample b/medusa.subfolder.conf.sample index dcfdc08..2e8ed83 100644 --- a/medusa.subfolder.conf.sample +++ b/medusa.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# first go into medusa settings, under "Interface" set the URL Base to /medusa and restart the medusa container +## Version 2023/02/05 +# make sure that your medusa container is named medusa +# make sure that medusa is set to work with the base url /medusa/ location ^~ /medusa { # enable the next two lines for http auth @@ -12,6 +13,9 @@ location ^~ /medusa { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app medusa; diff --git a/metube.subdomain.conf.sample b/metube.subdomain.conf.sample index 2e57329..88783b1 100644 --- a/metube.subdomain.conf.sample +++ b/metube.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your metube container is named metube # make sure that your dns has a cname set for metube server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app metube; diff --git a/metube.subfolder.conf.sample b/metube.subfolder.conf.sample index 83c6da8..bb10a01 100644 --- a/metube.subfolder.conf.sample +++ b/metube.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your metube container is named metube +# make sure that metube is set to work with the base url /metube/ # set the URL_PREFIX environment variable for the metube container to "/metube" location /metube { @@ -12,6 +14,9 @@ location /metube { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app metube; diff --git a/miniflux.subdomain.conf.sample b/miniflux.subdomain.conf.sample index 7ba66a3..66197b6 100644 --- a/miniflux.subdomain.conf.sample +++ b/miniflux.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your miniflux container is named miniflux # make sure that your dns has a cname set for miniflux server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app miniflux; diff --git a/miniflux.subfolder.conf.sample b/miniflux.subfolder.conf.sample index c8af8e2..9fce1d9 100644 --- a/miniflux.subfolder.conf.sample +++ b/miniflux.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your miniflux container is named miniflux +# make sure that miniflux is set to work with the base url /miniflux/ # set the environment variable "BASE_URL" to "https://yourdomain.url/miniflux/", or follow this guide to create a config file for Miniflux: https://miniflux.app/docs/configuration.html location /miniflux { @@ -16,6 +18,9 @@ location /miniflux/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app miniflux; diff --git a/monica.subdomain.conf.sample b/monica.subdomain.conf.sample index df686b0..70e1878 100644 --- a/monica.subdomain.conf.sample +++ b/monica.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your monica. container is named monica. # make sure that your dns has a cname set for monica. server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app monica; diff --git a/monica.subfolder.conf.sample b/monica.subfolder.conf.sample index 3289a8d..2e7c84d 100644 --- a/monica.subfolder.conf.sample +++ b/monica.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your monica container is named monica +# make sure that monica is set to work with the base url /monica/ # Set the monica Docker container's APP_URL to a fully-qualified domain that ends with /monica/ and restart the container. # Example: https://yourhost.cc/monica/ @@ -17,6 +19,9 @@ location ^~ /monica/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app monica; diff --git a/monitorr.subdomain.conf.sample b/monitorr.subdomain.conf.sample index be01c28..219c461 100644 --- a/monitorr.subdomain.conf.sample +++ b/monitorr.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your monitorr container is named monitorr # make sure that your dns has a cname set for monitorr server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app monitorr; diff --git a/monitorr.subfolder.conf.sample b/monitorr.subfolder.conf.sample index 26820c0..a084431 100644 --- a/monitorr.subfolder.conf.sample +++ b/monitorr.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your monitorr container is named monitorr # monitorr does not require a base url setting location /monitorr { @@ -16,6 +17,9 @@ location ^~ /monitorr/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app monitorr; diff --git a/mstream.subdomain.conf.sample b/mstream.subdomain.conf.sample index 832cc46..f95471e 100644 --- a/mstream.subdomain.conf.sample +++ b/mstream.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for mstream and your container name is mstream and running using http (default) +## Version 2023/02/05 +# make sure that your mstream container is named mstream +# make sure that your dns has a cname set for mstream server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app mstream; diff --git a/mylar.subdomain.conf.sample b/mylar.subdomain.conf.sample index 28bc61c..4d92731 100644 --- a/mylar.subdomain.conf.sample +++ b/mylar.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your mylar container is named mylar # make sure that your dns has a cname set for mylar server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app mylar; diff --git a/mylar.subfolder.conf.sample b/mylar.subfolder.conf.sample index 8e92e8a..fe869d6 100644 --- a/mylar.subfolder.conf.sample +++ b/mylar.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your mylar container is named mylar +# make sure that mylar is set to work with the base url /mylar/ # first stop the mylar container and edit the config.ini for mylar and set http_root to /mylar and then start the mylar container location ^~ /mylar { @@ -12,6 +14,9 @@ location ^~ /mylar { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app mylar; diff --git a/mytinytodo.subfolder.conf.sample b/mytinytodo.subfolder.conf.sample index 1c7a1fa..6a09929 100644 --- a/mytinytodo.subfolder.conf.sample +++ b/mytinytodo.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your mytinytodo container is named mytinytodo +# make sure that mytinytodo is set to work with the base url /todo/ # works with https://github.com/breakall/mytinytodo-docker # set the mtt_url to 'https://your.domain.com/todo/' in db/config.php @@ -7,7 +9,6 @@ location /todo { } location ^~ /todo/ { - # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; @@ -18,6 +19,9 @@ location ^~ /todo/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app mytinytodo; diff --git a/n8n.subdomain.conf.sample b/n8n.subdomain.conf.sample index d1327f4..73bf79e 100644 --- a/n8n.subdomain.conf.sample +++ b/n8n.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for n8n and that your n8n container is not using a base url +## Version 2023/02/05 +# make sure that your n8n container is named n8n +# make sure that your dns has a cname set for n8n # add `server.use-forward-headers=true` to `/config/application.properties` to ensure logs contain real source IP server { @@ -18,6 +19,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -29,6 +33,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app n8n; diff --git a/navidrome.subdomain.conf.sample b/navidrome.subdomain.conf.sample index 4acd387..043070f 100644 --- a/navidrome.subdomain.conf.sample +++ b/navidrome.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for navidrome and that your navidrome container is not using a base url +## Version 2023/02/05 +# make sure that your navidrome container is named navidrome +# make sure that your dns has a cname set for navidrome server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app navidrome; diff --git a/netboot.subdomain.conf.sample b/netboot.subdomain.conf.sample index 6593725..3f2601b 100644 --- a/netboot.subdomain.conf.sample +++ b/netboot.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your netboot container is named netboot # make sure that your dns has a cname set for netboot server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app netboot; diff --git a/netdata.subdomain.conf.sample b/netdata.subdomain.conf.sample index e1f5186..cd4bc56 100644 --- a/netdata.subdomain.conf.sample +++ b/netdata.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your netdata container is named netdata # make sure that your dns has a cname set for netdata server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app netdata; diff --git a/netdata.subfolder.conf.sample b/netdata.subfolder.conf.sample index 7adcdba..5cb7861 100644 --- a/netdata.subfolder.conf.sample +++ b/netdata.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your netdata container is named netdata # netdata does not require a base url setting location /netdata { @@ -16,6 +17,9 @@ location ^~ /netdata/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app netdata; diff --git a/nextcloud.subdomain.conf.sample b/nextcloud.subdomain.conf.sample index 27c2ea5..e63d077 100644 --- a/nextcloud.subdomain.conf.sample +++ b/nextcloud.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/10/28 +## Version 2023/02/05 +# make sure that your nextcloud container is named nextcloud # make sure that your dns has a cname set for nextcloud # assuming this container is called "swag", edit your nextcloud container's config # located at /config/www/nextcloud/config/config.php and add the following lines before the ");": diff --git a/nextcloud.subfolder.conf.sample b/nextcloud.subfolder.conf.sample index 0112163..11bbb75 100644 --- a/nextcloud.subfolder.conf.sample +++ b/nextcloud.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/10/28 +## Version 2023/02/05 +# make sure that your nextcloud container is named nextcloud +# make sure that nextcloud is set to work with the base url /nextcloud/ # Assuming this container is called "swag", edit your nextcloud container's config # located at /config/www/nextcloud/config/config.php and add the following lines before the ");": # 'trusted_proxies' => ['swag'], @@ -12,16 +14,16 @@ # ), location ^~ /.well-known { - # The rules in this block are an adaptation of the rules - # in the Nextcloud `.htaccess` that concern `/.well-known`. + # The rules in this block are an adaptation of the rules + # in the Nextcloud `.htaccess` that concern `/.well-known`. - location = /.well-known/carddav { return 301 /nextcloud/remote.php/dav/; } - location = /.well-known/caldav { return 301 /nextcloud/remote.php/dav/; } + location = /.well-known/carddav { return 301 /nextcloud/remote.php/dav/; } + location = /.well-known/caldav { return 301 /nextcloud/remote.php/dav/; } - # Let Nextcloud's API for `/.well-known` URIs handle all other - # requests by passing them to the front-end controller. - return 301 /nextcloud/index.php$request_uri; - } + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /nextcloud/index.php$request_uri; +} location ^~ /nextcloud/ { include /config/nginx/proxy.conf; diff --git a/ntfy.subdomain.conf.sample b/ntfy.subdomain.conf.sample index a433d6d..a8c425a 100644 --- a/ntfy.subdomain.conf.sample +++ b/ntfy.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2021/05/18 -# make sure that your dns has a cname set for ntfy and that your ntfy container is not using a base url +## Version 2023/02/05 +# make sure that your ntfy container is named ntfy +# make sure that your dns has a cname set for ntfy server { listen 443 ssl; @@ -11,24 +12,29 @@ server { client_max_body_size 0; - # enable for ldap auth, fill in ldap details in ldap.conf - #include /config/nginx/ldap.conf; + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; - # enable for Authelia + # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; - # enable the next two lines for ldap auth - #auth_request /auth; - #error_page 401 =200 /ldaplogin; + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; - # enable for Authelia + # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app ntfy; diff --git a/nzbget.subdomain.conf.sample b/nzbget.subdomain.conf.sample index 0676d51..578e25d 100644 --- a/nzbget.subdomain.conf.sample +++ b/nzbget.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your nzbget container is named nzbget # make sure that your dns has a cname set for nzbget server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app nzbget; diff --git a/nzbget.subfolder.conf.sample b/nzbget.subfolder.conf.sample index 5134ef1..2daf488 100644 --- a/nzbget.subfolder.conf.sample +++ b/nzbget.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your nzbget container is named nzbget +# make sure that nzbget is set to work with the base url /nzbget/ # nzbget does not require a base url setting location /nzbget { @@ -12,6 +14,9 @@ location /nzbget { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app nzbget; diff --git a/nzbhydra.subdomain.conf.sample b/nzbhydra.subdomain.conf.sample index 6d232ed..aee62eb 100644 --- a/nzbhydra.subdomain.conf.sample +++ b/nzbhydra.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for nzbhydra and that your nzbhydra container is not using a base url +## Version 2023/02/05 +# make sure that your nzbhydra container is named nzbhydra2 +# make sure that your dns has a cname set for nzbhydra server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app nzbhydra2; diff --git a/nzbhydra.subfolder.conf.sample b/nzbhydra.subfolder.conf.sample index bdcdc05..22a721d 100644 --- a/nzbhydra.subfolder.conf.sample +++ b/nzbhydra.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your nzbhydra container is named nzbhydra2 +# make sure that nzbhydra is set to work with the base url /nzbhydra/ # first go into nzbhydra settings, set the URL Base to /nzbhydra, then disable CSRF protection on the same page and restart the nzbhydra container location ^~ /nzbhydra { @@ -12,6 +14,9 @@ location ^~ /nzbhydra { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app nzbhydra2; diff --git a/octoprint.subdomain.conf.sample b/octoprint.subdomain.conf.sample index 77fd0f3..5da4321 100644 --- a/octoprint.subdomain.conf.sample +++ b/octoprint.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for octoprint and that your octoprint container is not using a base url +## Version 2023/02/05 +# make sure that your octoprint container is named octoprint +# make sure that your dns has a cname set for octoprint server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app octoprint; diff --git a/ombi.subdomain.conf.sample b/ombi.subdomain.conf.sample index e0d598c..ac9b40f 100644 --- a/ombi.subdomain.conf.sample +++ b/ombi.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for ombi and that your ombi container is not using a base url +## Version 2023/02/05 +# make sure that your ombi container is named ombi +# make sure that your dns has a cname set for ombi server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app ombi; @@ -46,7 +53,7 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } + } # This allows access to the documentation for the api location ~ (/ombi)?/swagger { @@ -57,9 +64,9 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } + } - if ($http_referer ~* /ombi) { - rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect; - } + if ($http_referer ~* /ombi) { + rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect; + } } diff --git a/ombi.subfolder.conf.sample b/ombi.subfolder.conf.sample index d0e5482..a72188a 100644 --- a/ombi.subfolder.conf.sample +++ b/ombi.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your ombi container is named ombi +# make sure that ombi is set to work with the base url /ombi/ # first go into ombi settings, under the menu "Ombi" set the base url to /ombi and restart the ombi container location /ombi { @@ -16,6 +18,9 @@ location ^~ /ombi/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app ombi; diff --git a/openhab.subdomain.conf.sample b/openhab.subdomain.conf.sample index cc0a1c9..39d98c4 100644 --- a/openhab.subdomain.conf.sample +++ b/openhab.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for openhab and that your openhab container is named openhab +## Version 2023/02/05 +# make sure that your openhab container is named openhab +# make sure that your dns has a cname set for openhab server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app openhab; diff --git a/openvpn-as.subdomain.conf.sample b/openvpn-as.subdomain.conf.sample index c42b2e4..41bd06e 100644 --- a/openvpn-as.subdomain.conf.sample +++ b/openvpn-as.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for openvpn-as and that your openvpn-as container is not using a base url +## Version 2023/02/05 +# make sure that your openvpn-as container is named openvpn-as +# make sure that your dns has a cname set for openvpn-as server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app openvpn-as; @@ -48,6 +55,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app openvpn-as; diff --git a/openvscode-server.subdomain.conf.sample b/openvscode-server.subdomain.conf.sample index dd575dc..f7b5b0c 100644 --- a/openvscode-server.subdomain.conf.sample +++ b/openvscode-server.subdomain.conf.sample @@ -1,5 +1,9 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your openvscode-server container is named openvscode-server # make sure that your dns has a cname set for openvscode-server +# This conf allows accessing internal ports at `PORT` (http) or `PORTs` (https) as subdomain +# Access http port 8080 at `https://8080.openvscode-server.domain.url` +# Access https port 8080 at `https://8080s.openvscode-server.domain.url` server { listen 443 ssl; @@ -17,6 +21,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +35,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app openvscode-server; @@ -54,6 +64,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -65,6 +78,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app openvscode-server; @@ -73,3 +89,45 @@ server { } } + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name "~^(?<upstream_port>[0-9]{1,10})s\.openvscode-server\..*$"; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app openvscode-server; + set $upstream_proto https; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/organizr-auth.subfolder.conf.sample b/organizr-auth.subfolder.conf.sample index 9d46e6a..cb55d38 100644 --- a/organizr-auth.subfolder.conf.sample +++ b/organizr-auth.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2021/10/05 +## Version 2023/02/05 +# make sure that your organizr container is named organizr # To use config this with subfolder proxies: # Rename this file to organizr-auth.subfolder.conf # Add one of the auth_request lines from the comments below diff --git a/organizr.subdomain.conf.sample b/organizr.subdomain.conf.sample index 8f60ed1..82cb48b 100644 --- a/organizr.subdomain.conf.sample +++ b/organizr.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your organizr container is named organizr # make sure that your dns has a cname set for organizr server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app organizr; diff --git a/organizr.subfolder.conf.sample b/organizr.subfolder.conf.sample index fece123..aed65c3 100644 --- a/organizr.subfolder.conf.sample +++ b/organizr.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your organizr container is named organizr # In order to use this location block you need to edit the default file one folder up and comment out the / and ~ \.php$ locations location / { @@ -12,6 +13,9 @@ location / { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app organizr; diff --git a/osticket.subdomain.conf.sample b/osticket.subdomain.conf.sample index e5ba0cc..6375436 100644 --- a/osticket.subdomain.conf.sample +++ b/osticket.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for osticket and that your osticket container is named osticket. +## Version 2023/02/05 +# make sure that your osticket container is named osticket +# make sure that your dns has a cname set for osticket server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app osticket; diff --git a/overseerr.subdomain.conf.sample b/overseerr.subdomain.conf.sample index f47d168..5cb0e29 100644 --- a/overseerr.subdomain.conf.sample +++ b/overseerr.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for overseerr and that your overseerr container is not using a base url +## Version 2023/02/12 +# make sure that your overseerr container is named overseerr +# make sure that your dns has a cname set for overseerr server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,19 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app overseerr; + set $upstream_port 5055; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/overseerr)?/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app overseerr; diff --git a/papermerge.subdomain.conf.sample b/papermerge.subdomain.conf.sample index 9d36808..6aff9fe 100644 --- a/papermerge.subdomain.conf.sample +++ b/papermerge.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your papermerge container is named papermerge # make sure that your dns has a cname set for papermerge server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app papermerge; diff --git a/petio.subdomain.conf.sample b/petio.subdomain.conf.sample index a05f0ea..e317e5f 100644 --- a/petio.subdomain.conf.sample +++ b/petio.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for petio and that your petio container is not using a base url +## Version 2023/02/05 +# make sure that your petio container is named petio +# make sure that your dns has a cname set for petio server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app petio; diff --git a/petio.subfolder.conf.sample b/petio.subfolder.conf.sample index 3f470bc..ec382dc 100644 --- a/petio.subfolder.conf.sample +++ b/petio.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# first go into petio settings, under "Base path" set the URL Base to /petio and restart the petio container +## Version 2023/02/05 +# make sure that your petio container is named petio +# make sure that petio is set to work with the base url /petio/ location /petio { return 301 $scheme://$host/petio/; @@ -16,6 +17,9 @@ location ^~ /petio/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app petio; diff --git a/pgadmin.subdomain.conf.sample b/pgadmin.subdomain.conf.sample index 50345d2..d9ad3fc 100644 --- a/pgadmin.subdomain.conf.sample +++ b/pgadmin.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for pgadmin and that your pgadmin container is not using a base url +## Version 2023/02/10 +# make sure that your pgadmin container is named pgadmin +# make sure that your dns has a cname set for pgadmin server { listen 443 ssl; @@ -17,8 +18,11 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { - #enable the next two lines for http auth + # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pgadmin; @@ -35,6 +42,9 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # Hide proxy port to prevent CSRF errors + proxy_hide_header X-Forwarded-Port; + # Uncomment to allow loading in an iframe (i.e. Organizr) #proxy_hide_header X-Frame-Options; } diff --git a/photoprism.subdomain.conf.sample b/photoprism.subdomain.conf.sample index 17127f9..a0dbf5a 100644 --- a/photoprism.subdomain.conf.sample +++ b/photoprism.subdomain.conf.sample @@ -1,5 +1,5 @@ -## Version 2022/09/08 -# Ensure your DNS has a CNAME set for Photoprism and that Photoprism container is not using a base URL. +## Version 2023/02/05 +# Ensure your DNS has a CNAME set for Photoprism and that Photoprism container is named. server { listen 443 ssl; @@ -17,6 +17,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +31,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app photoprism; diff --git a/phpmyadmin.subdomain.conf.sample b/phpmyadmin.subdomain.conf.sample index bd9533a..d1d00d2 100644 --- a/phpmyadmin.subdomain.conf.sample +++ b/phpmyadmin.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for phpmyadmin and that your phpmyadmin container is not using a base url +## Version 2023/02/05 +# make sure that your phpmyadmin container is named phpmyadmin +# make sure that your dns has a cname set for phpmyadmin server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app phpmyadmin; diff --git a/phpmyadmin.subfolder.conf.sample b/phpmyadmin.subfolder.conf.sample index 3c48d20..046528f 100644 --- a/phpmyadmin.subfolder.conf.sample +++ b/phpmyadmin.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your phpmyadmin container is named phpmyadmin # phpmyadmin does not require a base url setting location /phpmyadmin { @@ -16,6 +17,9 @@ location ^~ /phpmyadmin/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app phpmyadmin; diff --git a/picard.subfolder.conf.sample b/picard.subfolder.conf.sample index ec6ba79..ca81971 100644 --- a/picard.subfolder.conf.sample +++ b/picard.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your picard container is named picard # picard does not require a base url setting location /picard { @@ -16,6 +17,9 @@ location ^~ /picard/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app picard; diff --git a/pihole.subdomain.conf.sample b/pihole.subdomain.conf.sample index a586dd4..6c4e2df 100644 --- a/pihole.subdomain.conf.sample +++ b/pihole.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for pihole and that your pihole container is not using a base url +## Version 2023/02/05 +# make sure that your pihole container is named pihole +# make sure that your dns has a cname set for pihole server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pihole; @@ -49,6 +56,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pihole; diff --git a/pihole.subfolder.conf.sample b/pihole.subfolder.conf.sample index dbd156d..dbc330e 100644 --- a/pihole.subfolder.conf.sample +++ b/pihole.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your pihole container is named pihole # pihole does not require a base url setting location /pihole { @@ -16,6 +17,9 @@ location ^~ /pihole/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pihole; @@ -42,6 +46,9 @@ location ^~ /pihole/admin/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pihole; diff --git a/pinry.subdomain.conf.sample b/pinry.subdomain.conf.sample index 453511f..8c04401 100644 --- a/pinry.subdomain.conf.sample +++ b/pinry.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for pinry and that your pinry container is named pinry +## Version 2023/02/05 +# make sure that your pinry container is named pinry +# make sure that your dns has a cname set for pinry server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pinry; diff --git a/piwigo.subdomain.conf.sample b/piwigo.subdomain.conf.sample index a5a088a..606e73b 100644 --- a/piwigo.subdomain.conf.sample +++ b/piwigo.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your piwigo container is named piwigo # make sure that your dns has a cname set for piwigo server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app piwigo; diff --git a/pixelfed.subdomain.conf.sample b/pixelfed.subdomain.conf.sample index 46150c6..46f71dc 100644 --- a/pixelfed.subdomain.conf.sample +++ b/pixelfed.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for pixelfed and the container is named pixelfed +## Version 2023/02/05 +# make sure that your pixelfed container is named pixelfed +# make sure that your dns has a cname set for pixelfed server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pixelfed; diff --git a/planka.subdomain.conf.sample b/planka.subdomain.conf.sample new file mode 100644 index 0000000..fd0c3c2 --- /dev/null +++ b/planka.subdomain.conf.sample @@ -0,0 +1,46 @@ +## Version 2023/02/05 +# make sure that your planka container is named planka +# make sure that your dns has a cname set for planka +# make sure that the BASE_URL env variable in planka container is set to: BASE_URL="https://planka.example.com" + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name planka.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app planka; + set $upstream_port 1337; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/planka.subfolder.conf.sample b/planka.subfolder.conf.sample new file mode 100644 index 0000000..b0d3d51 --- /dev/null +++ b/planka.subfolder.conf.sample @@ -0,0 +1,30 @@ +## Version 2023/02/05 +# make sure that your planka container is named planka +# make sure that the BASE_URL env variable in planka container is set to: BASE_URL="https://example.com/planka/" + + +location /planka { + return 301 $scheme://$host/planka/; +} + +location ^~ /planka/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app planka; + set $upstream_port 1337; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; +} diff --git a/plex.subdomain.conf.sample b/plex.subdomain.conf.sample index abc304f..3caf260 100644 --- a/plex.subdomain.conf.sample +++ b/plex.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your plex container is named plex # make sure that your dns has a cname set for plex # if plex is running in bridge mode and the container is named "plex", the below config should work as is # if not, replace the line "set $upstream_app plex;" with "set $upstream_app <containername>;" @@ -22,6 +23,10 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -33,6 +38,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app plex; diff --git a/plex.subfolder.conf.sample b/plex.subfolder.conf.sample index b8bb526..d1e2ef1 100644 --- a/plex.subfolder.conf.sample +++ b/plex.subfolder.conf.sample @@ -1,7 +1,8 @@ -## Version 2022/09/08 +## Version 2023/02/05 #******** This config no longer works as intended. The web app loads, but no direct connection to server is made. ********* #******** PRs welcome for anyone who figures out how to fix it. Use the subdomain config in the meantime. ******* +# make sure that your plex container is named plex # if plex is running in bridge mode and the container is named "plex", the below config should work as is # if not, replace the line "set $upstream_app plex;" with "set $upstream_app <containername>;" # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of plex @@ -22,6 +23,9 @@ location ^~ /plex/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app plex; diff --git a/plexwebtools.subdomain.conf.sample b/plexwebtools.subdomain.conf.sample index c38d199..4218d41 100644 --- a/plexwebtools.subdomain.conf.sample +++ b/plexwebtools.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for plexwebtools and that your plexwebtools container is not using a base url +## Version 2023/02/05 +# make sure that your plex container is named plex +# make sure that your dns has a cname set for plexwebtools server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app plex; diff --git a/plexwebtools.subfolder.conf.sample b/plexwebtools.subfolder.conf.sample index 65cf8e3..6175209 100644 --- a/plexwebtools.subfolder.conf.sample +++ b/plexwebtools.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# first go into plexwebtools settings, set the URL Base to /plexwebtools and restart the plex container +## Version 2023/02/05 +# make sure that your plex container is named plex +# make sure that plexwebtools is set to work with the base url /plexwebtools/ location /plexwebtools { return 301 $scheme://$host/plexwebtools/; @@ -16,6 +17,9 @@ location ^~ /plexwebtools/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app plex; diff --git a/podgrab.subdomain.conf.sample b/podgrab.subdomain.conf.sample index 8916ff3..1878734 100644 --- a/podgrab.subdomain.conf.sample +++ b/podgrab.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for podgrab and that your podgrab container is not using a base url +## Version 2023/02/05 +# make sure that your podgrab container is named podgrab +# make sure that your dns has a cname set for podgrab server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app podgrab; diff --git a/portainer.subdomain.conf.sample b/portainer.subdomain.conf.sample index 941fc0f..afe18dc 100644 --- a/portainer.subdomain.conf.sample +++ b/portainer.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/12 +# make sure that your portainer container is named portainer # make sure that your dns has a cname set for portainer server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app portainer; @@ -38,17 +45,7 @@ server { proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 } - location /api/websocket/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - + location ~ (/portainer)?/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app portainer; diff --git a/portainer.subfolder.conf.sample b/portainer.subfolder.conf.sample index 4f9e5d3..bf0f2e6 100644 --- a/portainer.subfolder.conf.sample +++ b/portainer.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/12 +# make sure that your portainer container is named portainer # portainer does not require a base url setting location /portainer { @@ -16,6 +17,9 @@ location ^~ /portainer/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app portainer; @@ -27,7 +31,7 @@ location ^~ /portainer/ { proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 } -location ^~ /portainer/api/websocket/ { +location ^~ /portainer/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app portainer; diff --git a/privatebin.subdomain.conf.sample b/privatebin.subdomain.conf.sample index 9d4d81d..d68ba0d 100644 --- a/privatebin.subdomain.conf.sample +++ b/privatebin.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your privatebin container is named privatebin # make sure that your dns has a cname set for privatebin server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app privatebin; diff --git a/prometheus.subdomain.conf.sample b/prometheus.subdomain.conf.sample index e85fe82..b937208 100644 --- a/prometheus.subdomain.conf.sample +++ b/prometheus.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for prometheus and that your prometheus container is not using a base url +## Version 2023/02/12 +# make sure that your prometheus container is named prometheus +# make sure that your dns has a cname set for prometheus server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,51 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app prometheus; + set $upstream_port 9090; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/prometheus)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app prometheus; + set $upstream_port 9090; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/prometheus)?/-/(healthy|ready|reload|quit) { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app prometheus; + set $upstream_port 9090; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/prometheus)?/metrics { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # block metrics access by default because it is unprotected + # you can comment out the next line to enable remote metrics + deny all; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app prometheus; diff --git a/prowlarr.subdomain.conf.sample b/prowlarr.subdomain.conf.sample index e3c2c0e..22afae3 100644 --- a/prowlarr.subdomain.conf.sample +++ b/prowlarr.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for prowlarr and that your prowlarr container is not using a base url +## Version 2023/02/05 +# make sure that your prowlarr container is named prowlarr +# make sure that your dns has a cname set for prowlarr server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app prowlarr; diff --git a/prowlarr.subfolder.conf.sample b/prowlarr.subfolder.conf.sample index 790d734..b67d44e 100644 --- a/prowlarr.subfolder.conf.sample +++ b/prowlarr.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# first go into prowlarr settings, under "General" set the URL Base to /prowlarr and restart the prowlarr container +## Version 2023/02/05 +# make sure that your prowlarr container is named prowlarr +# make sure that prowlarr is set to work with the base url /prowlarr/ location /prowlarr { # enable the next two lines for http auth @@ -12,6 +13,9 @@ location /prowlarr { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app prowlarr; diff --git a/pwndrop.subdomain.conf.sample b/pwndrop.subdomain.conf.sample index ecc10c6..e7d591c 100644 --- a/pwndrop.subdomain.conf.sample +++ b/pwndrop.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/11/06 +## Version 2023/02/05 +# make sure that your pwndrop container is named pwndrop # make sure that your dns has a cname set for pwndrop server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pwndrop; diff --git a/pydio-cells.subdomain.conf.sample b/pydio-cells.subdomain.conf.sample index f5b6cb4..7414da5 100644 --- a/pydio-cells.subdomain.conf.sample +++ b/pydio-cells.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your pydio-cells container is named pydio-cells # make sure that your dns has a cname set for pydio-cells server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pydio-cells; @@ -48,6 +55,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pydio-cells; diff --git a/pydio.subdomain.conf.sample b/pydio.subdomain.conf.sample index 0e5a4b8..699d2d5 100644 --- a/pydio.subdomain.conf.sample +++ b/pydio.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for pydio and that your pydio container is not using a base url +## Version 2023/02/05 +# make sure that your pydio container is named pydio +# make sure that your dns has a cname set for pydio server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pydio; diff --git a/pyload.subdomain.conf.sample b/pyload.subdomain.conf.sample index bcd5272..e5d88db 100644 --- a/pyload.subdomain.conf.sample +++ b/pyload.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for pyload and that your pyload container is not using a base url +## Version 2023/02/05 +# make sure that your pyload container is named pyload +# make sure that your dns has a cname set for pyload server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pyload; diff --git a/pyload.subfolder.conf.sample b/pyload.subfolder.conf.sample index 39de085..ba0bec7 100644 --- a/pyload.subfolder.conf.sample +++ b/pyload.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your pyload container is named pyload +# make sure that pyload is set to work with the base url /pyload/ # First go into pyload settings, under "Web Interface" set the "Path Prefix" to /pyload and restart the pyload container # Only works with pyload-ng @@ -13,6 +15,9 @@ location ^~ /pyload { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pyload; diff --git a/qbittorrent.subdomain.conf.sample b/qbittorrent.subdomain.conf.sample index 29fe2e7..520d041 100644 --- a/qbittorrent.subdomain.conf.sample +++ b/qbittorrent.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/10/25 -# make sure that your dns has a cname set for qbittorrent and that your qbittorrent container is not using a base url +## Version 2023/02/05 +# make sure that your qbittorrent container is named qbittorrent +# make sure that your dns has a cname set for qbittorrent server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app qbittorrent; @@ -114,7 +121,7 @@ server { proxy_set_header Host $upstream_app:$upstream_port; proxy_set_header X-Forwarded-Host $host; } - + location ~ (/qbittorrent)?/scripts { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; diff --git a/qbittorrent.subfolder.conf.sample b/qbittorrent.subfolder.conf.sample index dee1cc3..bd56047 100644 --- a/qbittorrent.subfolder.conf.sample +++ b/qbittorrent.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/10/25 +## Version 2023/02/05 +# make sure that your qbittorrent container is named qbittorrent # qbittorrent does not require a base url setting location /qbittorrent { @@ -16,6 +17,9 @@ location ^~ /qbittorrent/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app qbittorrent; diff --git a/quassel-web.subdomain.conf.sample b/quassel-web.subdomain.conf.sample index 23b23a4..2ffe5e4 100644 --- a/quassel-web.subdomain.conf.sample +++ b/quassel-web.subdomain.conf.sample @@ -1,6 +1,7 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for quassel and make sure Quassel-Web is running on http -# with -e 'HTTPS'='false' or if you're using -e 'ADVANCED'='true' by editing config.json appropriately +## Version 2023/02/05 +# make sure that your quassel container is named quassel-web +# make sure that your dns has a cname set for quassel +# make sure Quassel-Web is running on http with -e 'HTTPS'='false' or if you're using -e 'ADVANCED'='true' by editing config.json appropriately server { listen 443 ssl; @@ -18,6 +19,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -29,6 +33,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app quassel-web; diff --git a/quassel-web.subfolder.conf.sample b/quassel-web.subfolder.conf.sample index c17e4a1..59de63e 100644 --- a/quassel-web.subfolder.conf.sample +++ b/quassel-web.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your quassel-web container is named quassel-web +# make sure that quassel-web is set to work with the base url /quassel/ # Set base-url with docker run command env variable -e 'URL_BASE'='/quassel' and make sure Quassel-Web is running on http # with -e 'HTTPS'='false' or if you're using -e 'ADVANCED'='true' by editing config.json appropriately @@ -13,6 +15,9 @@ location ^~ /quassel { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app quassel-web; diff --git a/radarr.subdomain.conf.sample b/radarr.subdomain.conf.sample index b7ef96c..e0dcfe1 100644 --- a/radarr.subdomain.conf.sample +++ b/radarr.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for radarr and that your radarr container is not using a base url +## Version 2023/02/05 +# make sure that your radarr container is named radarr +# make sure that your dns has a cname set for radarr server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app radarr; diff --git a/radarr.subfolder.conf.sample b/radarr.subfolder.conf.sample index 4acfb60..eab06de 100644 --- a/radarr.subfolder.conf.sample +++ b/radarr.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# first go into radarr settings, under "General" set the URL Base to /radarr and restart the radarr container +## Version 2023/02/05 +# make sure that your radarr container is named radarr +# make sure that radarr is set to work with the base url /radarr/ location ^~ /radarr { # enable the next two lines for http auth @@ -12,6 +13,9 @@ location ^~ /radarr { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app radarr; diff --git a/raneto.subdomain.conf.sample b/raneto.subdomain.conf.sample index cbbdaa0..b0038b1 100644 --- a/raneto.subdomain.conf.sample +++ b/raneto.subdomain.conf.sample @@ -1,5 +1,7 @@ -## Version 2022/09/08 -# Make sure that your dns has a cname set for raneto +## Version 2023/02/05 +# make sure that your raneto container is named raneto +# make sure that your dns has a cname set for raneto + server { listen 443 ssl; listen [::]:443 ssl; @@ -16,8 +18,11 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { - #enable the next two lines for http auth + # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; @@ -27,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app raneto; diff --git a/rclone.subfolder.conf.sample b/rclone.subfolder.conf.sample index 5e7db7b..ce1bacc 100644 --- a/rclone.subfolder.conf.sample +++ b/rclone.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# rclone does not require a base url +## Version 2023/02/05 +# make sure that your rclone container is named rclone +# rclone does not require a base url setting location /rclone { return 301 $scheme://$host/rclone/; @@ -16,6 +17,9 @@ location ^~ /rclone/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app rclone; @@ -26,13 +30,13 @@ location ^~ /rclone/ { rewrite /rclone(.*) $1 break; } - location ^~ /rclone/websockify { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app rclone; - set $upstream_port 5800; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port/websockify/; +location ^~ /rclone/websockify { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app rclone; + set $upstream_port 5800; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port/websockify/; rewrite /rclone(.*) $1 break; - } +} diff --git a/readarr.subdomain.conf.sample b/readarr.subdomain.conf.sample index 8ed1a62..6bdd663 100644 --- a/readarr.subdomain.conf.sample +++ b/readarr.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for readarr and that your readarr container is not using a base url +## Version 2023/02/05 +# make sure that your readarr container is named readarr +# make sure that your dns has a cname set for readarr server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app readarr; diff --git a/readarr.subfolder.conf.sample b/readarr.subfolder.conf.sample index 6463d24..1c25152 100644 --- a/readarr.subfolder.conf.sample +++ b/readarr.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# first go into readarr settings, under "General" set the URL Base to /readarr and restart the readarr container +## Version 2023/02/05 +# make sure that your readarr container is named readarr +# make sure that readarr is set to work with the base url /readarr/ location ^~ /readarr { # enable the next two lines for http auth @@ -12,6 +13,9 @@ location ^~ /readarr { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app readarr; diff --git a/recipes.subdomain.conf.sample b/recipes.subdomain.conf.sample index 5de66f8..1789acf 100644 --- a/recipes.subdomain.conf.sample +++ b/recipes.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your recipes container is named recipes # make sure that your dns has a cname set for recipes # make sure to mount /media/ in your swag container to point to your Recipes Media directory @@ -21,6 +22,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + # serve media files location /media/ { alias /media/; @@ -37,6 +41,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app recipes; diff --git a/requestrr.subdomain.conf.sample b/requestrr.subdomain.conf.sample index 080deb7..8495f00 100644 --- a/requestrr.subdomain.conf.sample +++ b/requestrr.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your requestrr container is named requestrr # make sure that your dns has a cname set for requestrr server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app requestrr; diff --git a/resilio-sync.subdomain.conf.sample b/resilio-sync.subdomain.conf.sample index 835f639..e658a74 100644 --- a/resilio-sync.subdomain.conf.sample +++ b/resilio-sync.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for resilio-sync and that your resilio-sync container is not using a base url +## Version 2023/02/05 +# make sure that your resilio-sync container is named resilio-sync +# make sure that your dns has a cname set for resilio-sync server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app resilio-sync; diff --git a/rutorrent.subdomain.conf.sample b/rutorrent.subdomain.conf.sample index e9cc83c..5a67f72 100644 --- a/rutorrent.subdomain.conf.sample +++ b/rutorrent.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your rutorrent container is named rutorrent # make sure that your dns has a cname set for rutorrent server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app rutorrent; @@ -48,6 +55,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + # block rpc access by default because it is unprotected # you can comment out the next line to enable remote rpc calls deny all; diff --git a/rutorrent.subfolder.conf.sample b/rutorrent.subfolder.conf.sample index bc64a1f..bd45a7a 100644 --- a/rutorrent.subfolder.conf.sample +++ b/rutorrent.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your rutorrent container is named rutorrent # rutorrent does not require a base url setting location /rutorrent { @@ -16,6 +17,9 @@ location ^~ /rutorrent/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app rutorrent; @@ -37,6 +41,9 @@ location ^~ /rutorrent/RPC2 { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + # block rpc access by default because it is unprotected # you can comment out the next line to enable remote rpc calls deny all; diff --git a/sabnzbd.subdomain.conf.sample b/sabnzbd.subdomain.conf.sample index 5038cda..4626825 100644 --- a/sabnzbd.subdomain.conf.sample +++ b/sabnzbd.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your sabnzbd container is named sabnzbd # make sure that your dns has a cname set for sabnzbd # edit the sabnzbd.ini host_whitelist to avoid hostname verification issues. This format: # host_whitelist = sabnzbd.domain.com, www.sabnzbd.domain.com @@ -19,6 +20,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -30,6 +34,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app sabnzbd; diff --git a/sabnzbd.subfolder.conf.sample b/sabnzbd.subfolder.conf.sample index 59e1802..f1f79ce 100644 --- a/sabnzbd.subfolder.conf.sample +++ b/sabnzbd.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your sabnzbd container is named sabnzbd +# make sure that sabnzbd is set to work with the base url /sabnzbd/ # sabnzbd already uses the base url /sabnzbd by default so you don't need to do anything extra location ^~ /sabnzbd { @@ -12,6 +14,9 @@ location ^~ /sabnzbd { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app sabnzbd; diff --git a/scope.subfolder.conf.sample b/scope.subfolder.conf.sample index a0e8a6d..0a86c3c 100644 --- a/scope.subfolder.conf.sample +++ b/scope.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# Scope does not require a base url setting +## Version 2023/02/05 +# make sure that your scope container is named scope +# scope does not require a base url setting location /scope { return 301 $scheme://$host/scope/; @@ -16,6 +17,9 @@ location ^~ /scope/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app scope; diff --git a/scrutiny.subdomain.conf.sample b/scrutiny.subdomain.conf.sample index 8dd334e..d03f031 100644 --- a/scrutiny.subdomain.conf.sample +++ b/scrutiny.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for scrutiny and that your scrutiny container is not using a base url +## Version 2023/02/05 +# make sure that your scrutiny container is named scrutiny +# make sure that your dns has a cname set for scrutiny server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app scrutiny; diff --git a/shinobi.subdomain.conf.sample b/shinobi.subdomain.conf.sample index 92170e5..9e81b1c 100644 --- a/shinobi.subdomain.conf.sample +++ b/shinobi.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for shinobi and that your shinobi config.json is not using a base url +## Version 2023/02/05 +# make sure that your shinobi container is named shinobi +# make sure that your dns has a cname set for shinobi server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app shinobi; diff --git a/shinobi.subfolder.conf.sample b/shinobi.subfolder.conf.sample index 13a79e6..9bf1618 100644 --- a/shinobi.subfolder.conf.sample +++ b/shinobi.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your shinobi container is named shinobi +# make sure that shinobi is set to work with the base url /shinobi/ # ensure your config.json file has an entry for the base url set to /shinobi, i.e. # "baseurl":"/shinobi" @@ -17,6 +19,9 @@ location ^~ /shinobi/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app shinobi; diff --git a/sickchill.subdomain.conf.sample b/sickchill.subdomain.conf.sample index cc09e2f..8e01a87 100644 --- a/sickchill.subdomain.conf.sample +++ b/sickchill.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your sickchill container is named sickchill # make sure that your dns has a cname set for sickchill server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app sickchill; diff --git a/sickchill.subfolder.conf.sample b/sickchill.subfolder.conf.sample index 1e2a9a6..f862273 100644 --- a/sickchill.subfolder.conf.sample +++ b/sickchill.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your sickchill container is named sickchill +# make sure that sickchill is set to work with the base url /sickchill/ # first stop the sickchill container and edit the config.ini for sickchill and set web_root to /sickchill and then start the sickchill container location ^~ /sickchill { @@ -12,6 +14,9 @@ location ^~ /sickchill { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app sickchill; diff --git a/sickrage.subdomain.conf.sample b/sickrage.subdomain.conf.sample index ea1b48d..7edb935 100644 --- a/sickrage.subdomain.conf.sample +++ b/sickrage.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your sickrage container is named sickrage # make sure that your dns has a cname set for sickrage server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app sickrage; diff --git a/sickrage.subfolder.conf.sample b/sickrage.subfolder.conf.sample index 2fd9aca..72afa68 100644 --- a/sickrage.subfolder.conf.sample +++ b/sickrage.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your sickrage container is named sickrage +# make sure that sickrage is set to work with the base url /sickrage/ # first stop the sickrage container and edit the config.ini for sickrage and set web_root to /sickrage and then start the sickrage container location ^~ /sickrage { @@ -12,6 +14,9 @@ location ^~ /sickrage { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app sickrage; diff --git a/skyhook.subdomain.conf.sample b/skyhook.subdomain.conf.sample index 9419369..a26497e 100644 --- a/skyhook.subdomain.conf.sample +++ b/skyhook.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for skyhook and that your skyhook container is not using a base url +## Version 2023/02/05 +# make sure that your skyhook container is named skyhook +# make sure that your dns has a cname set for skyhook server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app skyhook; diff --git a/slskd.subdomain.conf.sample b/slskd.subfolder.conf.sample similarity index 72% rename from slskd.subdomain.conf.sample rename to slskd.subfolder.conf.sample index 832f655..04159c7 100644 --- a/slskd.subdomain.conf.sample +++ b/slskd.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/10/24 +## Version 2023/02/05 +# make sure that your slskd container is named slskd +# make sure that slskd is set to work with the base url /slskd/ # first edit the slskd.yml and set 'url_base: /slskd' and restart the slskd container location ^~ /slskd { @@ -12,6 +14,9 @@ location ^~ /slskd { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app slskd; diff --git a/smokeping.subdomain.conf.sample b/smokeping.subdomain.conf.sample index 8cc1db5..6677e4f 100644 --- a/smokeping.subdomain.conf.sample +++ b/smokeping.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your smokeping container is named smokeping # make sure that your dns has a cname set for smokeping server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app smokeping; diff --git a/smokeping.subfolder.conf.sample b/smokeping.subfolder.conf.sample index 206673e..bfdba80 100644 --- a/smokeping.subfolder.conf.sample +++ b/smokeping.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your smokeping container is named smokeping +# make sure that smokeping is set to work with the base url /smokeping/ # smokeping already uses the base url /smokeping by default so you don't need to do anything extra location ^~ /smokeping { @@ -12,6 +14,9 @@ location ^~ /smokeping { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app smokeping; diff --git a/sonarr.subdomain.conf.sample b/sonarr.subdomain.conf.sample index e583eb1..05b1f61 100644 --- a/sonarr.subdomain.conf.sample +++ b/sonarr.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url +## Version 2023/02/05 +# make sure that your sonarr container is named sonarr +# make sure that your dns has a cname set for sonarr server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app sonarr; @@ -45,5 +52,5 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } + } } diff --git a/sonarr.subfolder.conf.sample b/sonarr.subfolder.conf.sample index 8cb065c..54fa3ea 100644 --- a/sonarr.subfolder.conf.sample +++ b/sonarr.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# first go into sonarr settings, under "General" set the URL Base to /sonarr and restart the sonarr container +## Version 2023/02/05 +# make sure that your sonarr container is named sonarr +# make sure that sonarr is set to work with the base url /sonarr/ location ^~ /sonarr { # enable the next two lines for http auth @@ -12,6 +13,9 @@ location ^~ /sonarr { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app sonarr; diff --git a/statping.subdomain.conf.sample b/statping.subdomain.conf.sample index 68f89a8..f5bc18a 100644 --- a/statping.subdomain.conf.sample +++ b/statping.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for statping and that your statping container is not using a base url +## Version 2023/02/05 +# make sure that your statping container is named statup +# make sure that your dns has a cname set for statping # If you are using the SSL docker-compose.yml on the statping repo, then the container name will be set to statup. # On other compose examples, it might be named statping. In that case, change $upstream_app statup to $upstream_app statping @@ -19,6 +20,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -30,6 +34,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app statup; diff --git a/synapse.subdomain.conf.sample b/synapse.subdomain.conf.sample index 1b437e2..9bf06ce 100644 --- a/synapse.subdomain.conf.sample +++ b/synapse.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2022/10/04 +## Version 2023/02/05 server { listen 443 ssl; @@ -20,6 +20,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -31,6 +34,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app synapse; diff --git a/synclounge.subdomain.conf.sample b/synclounge.subdomain.conf.sample index e1175aa..1455c92 100644 --- a/synclounge.subdomain.conf.sample +++ b/synclounge.subdomain.conf.sample @@ -1,7 +1,8 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your synclounge container is named synclounge +# make sure that your dns has a cname set for synclounge # Use this with SyncLounge v3 and up. # Make sure that you do not have HSTS enabled, otherwise http access won't work -# Make sure that your dns has a cname set for synclounge server { listen 443 ssl; @@ -21,6 +22,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -32,6 +36,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app synclounge; diff --git a/synclounge.subfolder.conf.sample b/synclounge.subfolder.conf.sample index 10d47b5..dc98fb6 100644 --- a/synclounge.subfolder.conf.sample +++ b/synclounge.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your synclounge container is named synclounge +# make sure that synclounge is set to work with the base url /synclounge/ # Use this with SyncLounge v3 or up # # To allow non-secure connections (http), which is required by some Plex clients, modify the first block in site-confs/default to look something like this: @@ -35,6 +37,9 @@ location /synclounge/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app synclounge; diff --git a/syncthing.subdomain.conf.sample b/syncthing.subdomain.conf.sample index 98e2351..9f49bc2 100644 --- a/syncthing.subdomain.conf.sample +++ b/syncthing.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for syncthing and that your syncthing container is not using a base url +## Version 2023/02/12 +# make sure that your syncthing container is named syncthing +# make sure that your dns has a cname set for syncthing server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app syncthing; @@ -35,5 +42,17 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; + proxy_hide_header Authorization; + } + + location ~ (/syncthing)?/rest { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app syncthing; + set $upstream_port 8384; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_hide_header Authorization; } } diff --git a/syncthing.subfolder.conf.sample b/syncthing.subfolder.conf.sample index d58702d..17f719e 100644 --- a/syncthing.subfolder.conf.sample +++ b/syncthing.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/12 +# make sure that your syncthing container is named syncthing # syncthing does not require a base url setting location /syncthing { @@ -16,6 +17,9 @@ location ^~ /syncthing/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app syncthing; @@ -24,4 +28,17 @@ location ^~ /syncthing/ { proxy_pass $upstream_proto://$upstream_app:$upstream_port; rewrite /syncthing(.*) $1 break; + proxy_hide_header Authorization; +} + +location ^~ /syncthing/rest { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app syncthing; + set $upstream_port 8384; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /syncthing(.*) $1 break; + proxy_hide_header Authorization; } diff --git a/taisun.subdomain.conf.sample b/taisun.subdomain.conf.sample index c435b41..86c15a7 100644 --- a/taisun.subdomain.conf.sample +++ b/taisun.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your taisun container is named taisun # make sure that your dns has a cname set for taisun server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app taisun; diff --git a/tasmobackup.subdomain.conf.sample b/tasmobackup.subdomain.conf.sample index b8bd110..177121c 100644 --- a/tasmobackup.subdomain.conf.sample +++ b/tasmobackup.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your tasmobackup container is named tasmobackup # make sure that your dns has a cname set for tasmobackup server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app tasmobackup; diff --git a/tautulli.subdomain.conf.sample b/tautulli.subdomain.conf.sample index 7df7032..9f52785 100644 --- a/tautulli.subdomain.conf.sample +++ b/tautulli.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for tautulli and that your tautulli container is not using a base url +## Version 2023/02/05 +# make sure that your tautulli container is named tautulli +# make sure that your dns has a cname set for tautulli server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app tautulli; diff --git a/tautulli.subfolder.conf.sample b/tautulli.subfolder.conf.sample index e213871..55e9eed 100644 --- a/tautulli.subfolder.conf.sample +++ b/tautulli.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your tautulli container is named tautulli +# make sure that tautulli is set to work with the base url /tautulli/ # first go into tautulli settings, under "Web Interface", click on show advanced, set the HTTP root to /tautulli and restart the tautulli container location ^~ /tautulli { @@ -12,6 +14,9 @@ location ^~ /tautulli { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app tautulli; diff --git a/tdarr.subdomain.conf.sample b/tdarr.subdomain.conf.sample index 3c83664..5060d5a 100644 --- a/tdarr.subdomain.conf.sample +++ b/tdarr.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for tdarr and that your tdarr container is not using a base url +## Version 2023/02/05 +# make sure that your tdarr container is named tdarr +# make sure that your dns has a cname set for tdarr server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app tdarr; diff --git a/thelounge.subdomain.conf.sample b/thelounge.subdomain.conf.sample index c80d5a6..eb53700 100644 --- a/thelounge.subdomain.conf.sample +++ b/thelounge.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your thelounge container is named thelounge # make sure that your dns has a cname set for thelounge server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app thelounge; diff --git a/thelounge.subfolder.conf.sample b/thelounge.subfolder.conf.sample index 5082d92..dfd5924 100644 --- a/thelounge.subfolder.conf.sample +++ b/thelounge.subfolder.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your thelounge container is named thelounge # thelounge does not require a base url setting location /thelounge { @@ -16,6 +17,9 @@ location ^~ /thelounge/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app thelounge; diff --git a/themepark.subdomain.conf.sample b/themepark.subdomain.conf.sample index 3a2ba57..737bf13 100644 --- a/themepark.subdomain.conf.sample +++ b/themepark.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for theme-park. +## Version 2023/02/05 +# make sure that your theme-park. container is named theme-park. +# make sure that your dns has a cname set for themepark. server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + # If you don't want to cache the CSS files you can uncomment the lines below. # add_header Last-Modified $date_gmt; # add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; diff --git a/themepark.subfolder.conf.sample b/themepark.subfolder.conf.sample index 78cebec..6fff1b3 100644 --- a/themepark.subfolder.conf.sample +++ b/themepark.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your theme-park container is named theme-park +# make sure that theme-park is set to work with the base url /theme-park/ # If you want to change the urlbase update the TP_URLBASE env on the theme-park container. location /themepark { @@ -16,6 +18,9 @@ location ^~ /themepark/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + # If you don't want to cache the CSS files you can uncomment the lines below. # add_header Last-Modified $date_gmt; # add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; diff --git a/transmission.subdomain.conf.sample b/transmission.subdomain.conf.sample index d35fabb..7324235 100644 --- a/transmission.subdomain.conf.sample +++ b/transmission.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2022/09/08 +## Version 2023/02/05 # Make sure that DNS has a cname set for transmission # # Some Transmission Chrome extensions cannot handle HTTP/2 proxies as they @@ -27,6 +27,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -38,6 +41,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app transmission; @@ -45,7 +51,7 @@ server { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_pass_header X-Transmission-Session-Id; + proxy_pass_header X-Transmission-Session-Id; } location ~ (/transmission)?/rpc { diff --git a/transmission.subfolder.conf.sample b/transmission.subfolder.conf.sample index 8e80ecc..059eb32 100644 --- a/transmission.subfolder.conf.sample +++ b/transmission.subfolder.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# Transmission does not require a base url setting +## Version 2023/02/05 +# make sure that your transmission container is named transmission +# transmission does not require a base url setting # # Some Transmission Chrome extensions cannot handle HTTP/2 proxies as they # rely on the HTTP Status Text to determine if they should add the @@ -22,6 +23,9 @@ location ^~ /transmission { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app transmission; @@ -29,7 +33,7 @@ location ^~ /transmission { set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - proxy_pass_header X-Transmission-Session-Id; + proxy_pass_header X-Transmission-Session-Id; } location ^~ /transmission/rpc { diff --git a/tvheadend.subfolder.conf.sample b/tvheadend.subfolder.conf.sample index 347d09a..3b76946 100644 --- a/tvheadend.subfolder.conf.sample +++ b/tvheadend.subfolder.conf.sample @@ -1,16 +1,18 @@ -## Version 2022/10/01 +## Version 2023/02/05 +# make sure that your tvheadend container is named tvheadend +# make sure that tvheadend is set to work with the base url /tvheadend/ # Before activating this config you need to do two things: -# - enable a setting in the tvheadend web interface -# - change your RUN_OPTS for tvheadend. +# - enable a setting in the tvheadend web interface +# - change your RUN_OPTS for tvheadend. # # You need to enable the setting "PROXY protocol & X-Forwarded For" -# in the tvheadend web interface. This setting can be found in -# "Configuration" -> "General" -> "Base" in the "HTTP Server Settings" Group. -# You need to set the View level to Expert to see it. Once activated, you may need to -# restart your tvheadend container. When testing this config, please be reminded -# that the tvheadend docker can take a very long time to start (>10mins). -# -# For the subfolder to work you also need to edit your tvheadend docker compose / cli config +# in the tvheadend web interface. This setting can be found in +# "Configuration" -> "General" -> "Base" in the "HTTP Server Settings" Group. +# You need to set the View level to Expert to see it. Once activated, you may need to +# restart your tvheadend container. When testing this config, please be reminded +# that the tvheadend docker can take a very long time to start (>10mins). +# +# For the subfolder to work you also need to edit your tvheadend docker compose / cli config # and set http_root in RUN_OPTS to tvheadend, e.g. in docker compose: # - RUN_OPTS= --http_root /tvheadend @@ -28,6 +30,10 @@ location /tvheadend/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; diff --git a/ubooquity.subdomain.conf.sample b/ubooquity.subdomain.conf.sample index f54c660..0645993 100644 --- a/ubooquity.subdomain.conf.sample +++ b/ubooquity.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# Make sure that your dns has a cname set for ubooquity and that your ubooquity container is not using a base url +## Version 2023/02/05 +# make sure that your ubooquity container is named ubooquity +# make sure that your dns has a cname set for ubooquity server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app ubooquity; diff --git a/ubooquity.subfolder.conf.sample b/ubooquity.subfolder.conf.sample index 335bb80..b1a6a5b 100644 --- a/ubooquity.subfolder.conf.sample +++ b/ubooquity.subfolder.conf.sample @@ -1,10 +1,12 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your ubooquity container is named ubooquity +# make sure that ubooquity is set to work with the base url /ubooquity/ # set the reverse proxy prefix in the admin gui to ubooquity. - location ^~ /ubooquity { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; +location ^~ /ubooquity { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; # enable for ldap auth (requires ldap-server.conf in the server block) #include /config/nginx/ldap-location.conf; @@ -12,21 +14,24 @@ # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app ubooquity; - set $upstream_port 2202; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; - } + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ubooquity; + set $upstream_port 2202; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; - location ^~ /ubooquity/admin { - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app ubooquity; - set $upstream_port 2203; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; +} - } +location ^~ /ubooquity/admin { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ubooquity; + set $upstream_port 2203; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/unifi-controller.subdomain.conf.sample b/unifi-controller.subdomain.conf.sample index 87a6103..a4f27b4 100644 --- a/unifi-controller.subdomain.conf.sample +++ b/unifi-controller.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for unifi and that your unifi-controller container is not using a base url +## Version 2023/02/05 +# make sure that your unifi-controller container is named unifi-controller +# make sure that your dns has a cname set for unifi # NOTE: If you use the proxy_cookie_path setting in proxy.conf you need to remove HTTPOnly; # ex: proxy_cookie_path / "/; Secure"; @@ -19,6 +20,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -30,6 +34,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app unifi-controller; diff --git a/uptime-kuma.subdomain.conf.sample b/uptime-kuma.subdomain.conf.sample index fc4b91e..cb59422 100644 --- a/uptime-kuma.subdomain.conf.sample +++ b/uptime-kuma.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for uptime-kuma and that your uptime-kuma container is not using a base url +## Version 2023/02/05 +# make sure that your uptime-kuma container is named uptime-kuma +# make sure that your dns has a cname set for uptime-kuma server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app uptime-kuma; diff --git a/vaultwarden.subdomain.conf.sample b/vaultwarden.subdomain.conf.sample index 12198b4..a96678d 100644 --- a/vaultwarden.subdomain.conf.sample +++ b/vaultwarden.subdomain.conf.sample @@ -1,6 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for vaultwarden and that your vaultwarden container is not using a base url -# make sure your vaultwarden container is named "vaultwarden" +## Version 2023/02/13 +# make sure that your vaultwarden container is named vaultwarden +# make sure that your dns has a cname set for vaultwarden # set the environment variable WEBSOCKET_ENABLED=true on your vaultwarden container server { @@ -19,6 +19,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -30,6 +33,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; @@ -50,6 +56,19 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app vaultwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/vaultwarden)?/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; diff --git a/vaultwarden.subfolder.conf.sample b/vaultwarden.subfolder.conf.sample index 8066902..cb41476 100644 --- a/vaultwarden.subfolder.conf.sample +++ b/vaultwarden.subfolder.conf.sample @@ -1,6 +1,9 @@ -## Version 2022/09/08 +## Version 2023/02/13 +# make sure that your vaultwarden container is named vaultwarden +# make sure that vaultwarden is set to work with the base url /vaultwarden/ ## Environmental Variable DOMAIN=https://<DOMAIN>/vaultwarden must be set in vaultwarden container including subfolder. ## This is using ports 80 and 3012 + location /vaultwarden { return 301 $scheme://$host/vaultwarden/; } @@ -16,6 +19,9 @@ location ^~ /vaultwarden/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; @@ -36,6 +42,19 @@ location ~ (/vaultwarden)?/admin { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app vaultwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ~ (/vaultwarden)?/api { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; diff --git a/viewtube.subdomain.conf.sample b/viewtube.subdomain.conf.sample index c3b5206..6753318 100644 --- a/viewtube.subdomain.conf.sample +++ b/viewtube.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2021/05/18 -# make sure that your dns has a cname set for viewtube and that your viewtube container is not using a base url +## Version 2023/02/05 +# make sure that your viewtube container is named viewtube +# make sure that your dns has a cname set for viewtube server { listen 443 ssl; @@ -11,24 +12,29 @@ server { client_max_body_size 0; - # enable for ldap auth, fill in ldap details in ldap.conf - #include /config/nginx/ldap.conf; + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; - # enable for Authelia + # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; - # enable the next two lines for ldap auth - #auth_request /auth; - #error_page 401 =200 /ldaplogin; + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; - # enable for Authelia + # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app viewtube; diff --git a/wallabag.subdomain.conf.sample b/wallabag.subdomain.conf.sample index de402d8..034b139 100644 --- a/wallabag.subdomain.conf.sample +++ b/wallabag.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for wallabag and that your wallabag container is not using a base url. +## Version 2023/02/05 +# make sure that your wallabag container is named wallabag +# make sure that your dns has a cname set for wallabag # also, make sure your env var in your docker run or compose match the full domain, incl. https:// # i.e. - SYMFONY__ENV__DOMAIN_NAME=https://wallabag.yourdomain.com @@ -19,6 +20,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -30,6 +34,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app wallabag; diff --git a/warpgate.subdomain.conf.sample b/warpgate.subdomain.conf.sample index 7ca5dbb..345ff55 100644 --- a/warpgate.subdomain.conf.sample +++ b/warpgate.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2021/05/18 -# make sure that your dns has a cname set for warpgate and that your warpgate container is not using a base url +## Version 2023/02/05 +# make sure that your warpgate container is named warpgate +# make sure that your dns has a cname set for warpgate server { listen 443 ssl; @@ -11,24 +12,29 @@ server { client_max_body_size 0; - # enable for ldap auth, fill in ldap details in ldap.conf - #include /config/nginx/ldap.conf; + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; - # enable for Authelia + # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; - # enable the next two lines for ldap auth - #auth_request /auth; - #error_page 401 =200 /ldaplogin; + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; - # enable for Authelia + # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app warpgate; diff --git a/webtop.subdomain.conf.sample b/webtop.subdomain.conf.sample index 133e77f..098edae 100644 --- a/webtop.subdomain.conf.sample +++ b/webtop.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2022/09/08 +## Version 2023/02/05 # make sure that you have a cname set for the webtop # set up authentication here, for better security @@ -18,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -29,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app webtop; diff --git a/wordpress.subfolder.conf.sample b/wordpress.subfolder.conf.sample index 6818bd0..6b47885 100644 --- a/wordpress.subfolder.conf.sample +++ b/wordpress.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your wordpress container is named wordpress +# make sure that wordpress is set to work with the base url /wordpress/ # In order to use this location block you need to edit the default file one folder up and comment out the / location as well as the "~ \.php$" location # tested with the official wordpress docker image @@ -13,6 +15,9 @@ location / { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app wordpress; diff --git a/yacht.subdomain.conf.sample b/yacht.subdomain.conf.sample index f77cc51..cfaaa5e 100644 --- a/yacht.subdomain.conf.sample +++ b/yacht.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your yacht container is named yacht # make sure that your dns has a cname set for yacht server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app yacht; diff --git a/youtube-dl-server.subdomain.conf.sample b/youtube-dl-server.subdomain.conf.sample index 9c610e3..9819392 100644 --- a/youtube-dl-server.subdomain.conf.sample +++ b/youtube-dl-server.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/08 -# make sure that your dns has a cname set for youtube-dl-server and that your youtube-dl-server container is not using a base url +## Version 2023/02/05 +# make sure that your youtube-dl-server container is named youtube-dl-server +# make sure that your dns has a cname set for youtube-dl-server server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app youtube-dl-server; diff --git a/youtube-dl.subfolder.conf.sample b/youtube-dl.subfolder.conf.sample index fe5278d..b07a58f 100644 --- a/youtube-dl.subfolder.conf.sample +++ b/youtube-dl.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your youtube-dl-server container is named youtube-dl-server +# youtube-dl-server does not require a base url setting # Works with this youtube-dl Fork: https://github.com/nbr23/youtube-dl-server location /youtube-dl { @@ -16,9 +18,12 @@ location ^~ /youtube-dl/ { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; - set $upstream_app youtube-dl-server; + set $upstream_app youtube-dl-server; set $upstream_port 8080; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; diff --git a/zigbee2mqtt.subdomain.conf.sample b/zigbee2mqtt.subdomain.conf.sample index 51f5ec3..41e5a04 100644 --- a/zigbee2mqtt.subdomain.conf.sample +++ b/zigbee2mqtt.subdomain.conf.sample @@ -1,5 +1,6 @@ -## Version 2022/09/30 -# make sure that your dns has a cname set for zigbee2mqtt and that your zigbee2mqtt container is not using a base url +## Version 2023/02/05 +# make sure that your zigbee2mqtt container is named zigbee2mqtt +# make sure that your dns has a cname set for zigbee2mqtt server { listen 443 ssl; @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app zigbee2mqtt; diff --git a/znc.subdomain.conf.sample b/znc.subdomain.conf.sample index cf1a138..6979297 100644 --- a/znc.subdomain.conf.sample +++ b/znc.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your znc container is named znc # make sure that your dns has a cname set for znc server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app znc; diff --git a/znc.subfolder.conf.sample b/znc.subfolder.conf.sample index a42d6f1..70d2610 100644 --- a/znc.subfolder.conf.sample +++ b/znc.subfolder.conf.sample @@ -1,4 +1,6 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your znc container is named znc +# make sure that znc is set to work with the base url /znc/ # edit /config/configs/znc.conf and add URIPrefix = /znc/ in the line above </Listener> and restart the znc container location /znc { @@ -12,6 +14,9 @@ location /znc { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app znc; diff --git a/zwavejs2mqtt.subdomain.conf.sample b/zwavejs2mqtt.subdomain.conf.sample index 77f0ef2..2aea2be 100644 --- a/zwavejs2mqtt.subdomain.conf.sample +++ b/zwavejs2mqtt.subdomain.conf.sample @@ -1,4 +1,5 @@ -## Version 2022/09/08 +## Version 2023/02/05 +# make sure that your zwavejs2mqtt container is named zwavejs2mqtt # make sure that your dns has a cname set for zwavejs2mqtt server { @@ -17,6 +18,9 @@ server { # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + location / { # enable the next two lines for http auth #auth_basic "Restricted"; @@ -28,6 +32,9 @@ server { # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app zwavejs2mqtt;