Merge branch 'linuxserver:master' into develop

.editorconfig

@@ -11,3 +11,4 @@ trim_trailing_whitespace = false
 [{*.conf,*.conf.sample}]
 indent_style = space
 indent_size = 4
+trim_trailing_whitespace = true

.github/CONTRIBUTING.md

@@ -0,0 +1,25 @@
+# Contributing to reverse-proxy-confs
+
+## Gotchas
+
+* While contributing make sure to make all your changes before creating a Pull Request
+* Read, and fill the Pull Request template
+  * If the PR is addressing an existing issue include, closes #\<issue number>, in the body of the PR commit message
+* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://discord.gg/YWrKVTn)
+
+### Styling
+
+* Indentation: 4 spaces
+* Line-endings: LF
+* Trailing newline: yes
+
+### Requirements
+
+* Must have the date on the first line, in YYYY/MM/DD format
+* For subdomains, add a comment for a needed CNAME
+* If the application needs further configuration, specify this in a comment
+
+* In most cases we want the comments for Authelia, ldap and basic auth to be present
+* If the application has known API endpoints, we prefer these to be exempt from auth trough a location block (provided the application has security on the endpoint)
+
+* Files must not be executeable

.github/FUNDING.yml

@@ -0,0 +1,2 @@
+github: linuxserver
+open_collective: linuxserver

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,13 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Discord chat support
+    url: https://discord.gg/YWrKVTn
+    about: Realtime support / chat with the community and the team.
+
+  - name: Discourse discussion forum
+    url: https://discourse.linuxserver.io
+    about: Post on our community forum.
+
+  - name: Documentation
+    url: https://docs.linuxserver.io/general/swag#preset-proxy-confs
+    about: Documentation - information about how this repository works with SWAG.

.github/ISSUE_TEMPLATE/issue.bug.yml

@@ -0,0 +1,36 @@
+# Based on the issue template
+name: Bug report
+description: Create a report to help us improve. NOT TEMPLATE REQUESTS
+title: "[BUG] <title>"
+labels: [Bug]
+body:
+  - type: checkboxes
+    attributes:
+      label: Is there an existing issue for this?
+      description: Please search to see if an issue already exists for the bug you encountered.
+      options:
+        - label: I have searched the existing issues
+          required: true
+  - type: textarea
+    attributes:
+      label: Current Behavior
+      description: Tell us what happens instead of the expected behavior.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: Tell us what should happen.
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Steps To Reproduce
+      description: Steps to reproduce the behavior.
+      placeholder: |
+        1. In this environment...
+        2. With this config...
+        3. Run '...'
+        4. See error...
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/issue.feature.yml

@@ -0,0 +1,31 @@
+# Based on the issue template
+name: Feature request
+description: Suggest an idea for this project. NOT TEMPLATE REQUESTS
+title: "[FEAT] <title>"
+labels: [enhancement]
+body:
+  - type: checkboxes
+    attributes:
+      label: Is this a new feature request?
+      description: Please search to see if a feature request already exists.
+      options:
+        - label: I have searched the existing issues
+          required: true
+  - type: textarea
+    attributes:
+      label: Wanted change
+      description: Tell us what you want to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Reason for change
+      description: Justify your request, why do you want it, what is the benefit.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Proposed code change
+      description: Do you have a potential code change in mind?
+    validations:
+      required: false

.github/PULL_REQUEST_TEMPLATE.md

@@ -3,13 +3,24 @@
 [linuxserverurl]: https://linuxserver.io
 [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
 
+------------------------------
 
-<!--- Before submitting a pull request please check the following -->
+ - [ ] I have read the [contributing](https://github.com/linuxserver/reverse-proxy-confs/blob/master/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications
 
-<!---  That you have made a branch in your fork, we'd rather not merge from your master -->
-<!---  That if the PR is addressing an existing issue include, closes #<issue number> , in the body of the PR commit message   -->
-<!---  You have included links to any files / patches etc your PR may be using in the body of the PR commit message -->
-<!---  -->
+------------------------------
 
-##  Thanks, team linuxserver.io
+<!--- We welcome all PR’s though this doesn’t guarantee it will be accepted. -->
 
+## Description
+<!--- Describe your changes in detail -->
+
+## Benefits of this PR and context
+<!--- Please explain why we should accept this PR. If this fixes an outstanding bug, please reference the issue # -->
+
+## How Has This Been Tested?
+<!--- Please describe in detail how you tested your changes. -->
+<!--- Include details of your testing environment, and the tests you ran to -->
+<!--- see how your change affects other areas of the code, etc. -->
+
+## Source / References
+<!--- Please include any forum posts/github links relevant to the PR -->

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/call-invalid-issues-cron.yml

@@ -0,0 +1,13 @@
+name: Mark stale issues and pull requests
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "30 1 * * *"
+
+jobs:
+  stale:
+    permissions:
+      issues: write
+      pull-requests: write
+    uses: linuxserver/github-workflows/.github/workflows/issues-cron.yml@v1
+    secrets: inherit

.github/workflows/call_invalid_helper.yml

@@ -0,0 +1,12 @@
+name: Comment on invalid interaction
+on:
+  issues:
+    types:
+      - labeled
+jobs:
+  add-comment-on-invalid:
+    if: github.event.label.name == 'invalid'
+    permissions:
+      issues: write
+    uses: linuxserver/github-workflows/.github/workflows/invalid-interaction-helper.yml@v1
+    secrets: inherit

.github/workflows/check_samples.yml

@@ -11,7 +11,8 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v3.3.0
 
       - name: Check Allowed File Names
         run: |

README.md

@@ -23,8 +23,8 @@ Conversely subdomain reverse proxying does not require special accommodation by
 
 Make sure that your default site config contains the following lines in the appropriate spots as seen in the default version:
 
-1) For subfolder methods: `include /config/nginx/proxy-confs/*.subfolder.conf;`
-2) For subdomain methods: `include /config/nginx/proxy-confs/*.subdomain.conf;`
+1. For subfolder methods: `include /config/nginx/proxy-confs/*.subfolder.conf;`
+2. For subdomain methods: `include /config/nginx/proxy-confs/*.subdomain.conf;`
 
 ### Ensure you have a custom docker network
 
@@ -36,14 +36,14 @@ These confs assume that the swag container can reach other containers via their
 
 - If you are using a gui manager like portainer, you can create a custom bridge network in the gui, and select it when creating a new container.
 
-- If you are using unraid, create a custom network in command line via `docker network create [networkname]`, then go to docker service settings (under advanced) and set the option `Preserve user defined networks:` to `Yes`. Then in each container setting, including the swag container, in the network type dropdown, select `Custom : [networkname]`.  This is a necessary step as the bridge network that unraid uses by default does not allow container to container communication.
+- If you are using unraid, create a custom network in command line via `docker network create [networkname]`, then go to docker service settings (under advanced) and set the option `Preserve user defined networks:` to `Yes`. Then in each container setting, including the swag container, in the network type dropdown, select `Custom : [networkname]`. This is a necessary step as the bridge network that unraid uses by default does not allow container to container communication.
 
 If the reverse proxied containers are not reachable via dns or they are running on a different machine, you will have to modify these confs to fit your needs.
 
 ### Rename the required proxy configs
 
-1) Rename the conf files and remove the `.sample` at the end (ie. `sonarr.subfolder.conf`)
-2) Restart the swag container
+1. Rename the conf files and remove the `.sample` at the end (ie. `sonarr.subfolder.conf`)
+2. Restart the swag container
 
 ### Make any necessary changes detailed in the config
 

_template.subdomain.conf.sample

@@ -1,8 +1,9 @@
-## Version 2022/09/08
+## Version 2023/02/05
 # REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template.
 # REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done.
 # REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings.
-# make sure that your dns has a cname set for <container_name> and that your <container_name> container is not using a base url
+# make sure that your <container_name> container is named <container_name>
+# make sure that your dns has a cname set for <container_name>
 
 server {
     listen 443 ssl;
@@ -20,6 +21,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -31,6 +35,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app <container_name>;

_template.subfolder.conf.sample

@@ -1,8 +1,10 @@
-## Version 2022/09/08
+## Version 2023/02/05
 # REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template.
 # REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done.
 # REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings.
-# first go into <container_name> settings, under "General" set the URL Base to /<container_name>/ and restart the <container_name> container
+# make sure that your <container_name> container is named <container_name>
+# make sure that <container_name> is set to work with the base url /<container_name>/
+
 
 location /<container_name> {
     return 301 $scheme://$host/<container_name>/;
@@ -19,6 +21,9 @@ location ^~ /<container_name>/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app <container_name>;

adguard.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for adguard and that your adguard container is named adguard
+## Version 2023/02/05
+# make sure that your adguard container is named adguard
+# make sure that your dns has a cname set for adguard
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app adguard;

adminer.subdomain.conf.sample

@@ -0,0 +1,47 @@
+## Version 2023/02/17
+# make sure that your adminer container is named adminer
+# make sure that your dns has a cname set for adminer
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name adminer.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
+    location / {
+
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app adminer;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}

adminer.subfolder.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# adminer does not require a base url setting, but the container needs to be named adminer
+## Version 2023/02/05
+# make sure that your adminer container is named adminer
+# adminer does not require a base url setting
 
 location /adminer {
     return 301 $scheme://$host/adminer/;
@@ -16,6 +17,9 @@ location ^~ /adminer/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app adminer;

adminmongo.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for adminmongo and that your adminmongo container is not using a base url
+## Version 2023/02/05
+# make sure that your adminmongo container is named adminmongo
+# make sure that your dns has a cname set for adminmongo
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app adminmongo;

airsonic.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for airsonic and that your airsonic container is not using a base url
+## Version 2023/02/05
+# make sure that your airsonic container is named airsonic
+# make sure that your dns has a cname set for airsonic
 # add `server.use-forward-headers=true` to `/config/application.properties` to ensure logs contain real source IP
 
 server {
@@ -18,6 +19,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -29,6 +33,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app airsonic;

airsonic.subfolder.conf.sample

@@ -1,4 +1,6 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your airsonic container is named airsonic
+# make sure that airsonic is set to work with the base url /airsonic/
 # set the CONTEXT_PATH variable to /airsonic in airsonic container.
 
 location ^~ /airsonic {
@@ -12,6 +14,9 @@ location ^~ /airsonic {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app airsonic;

apprise-api.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/08/16
-# make sure that your dns has a cname set for apprise-api and that your apprise-api container is not using a base url
+## Version 2023/02/05
+# make sure that your apprise-api container is named apprise-api
+# make sure that your dns has a cname set for apprise-api
 
 server {
     listen 443 ssl;
@@ -11,24 +12,29 @@ server {
 
     client_max_body_size 0;
 
-    # enable for ldap auth, fill in ldap details in ldap.conf
-    #include /config/nginx/ldap.conf;
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
 
-    # enable for Authelia
+    # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
         #auth_basic_user_file /config/nginx/.htpasswd;
 
-        # enable the next two lines for ldap auth
-        #auth_request /auth;
-        #error_page 401 =200 /ldaplogin;
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
 
-        # enable for Authelia
+        # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app apprise-api;

archisteamfarm.subdomain.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your archisteamfarm container is named archisteamfarm
 # make sure that your dns has a cname set for archisteamfarm
 
 server {
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app archisteamfarm;

aria2-with-webui.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# Make sure that your dns has a cname set for aria2 and that your aria2-with-webui container is not using a base url
+## Version 2023/02/05
+# make sure that your aria2 container is named aria2-with-webui
+# make sure that your dns has a cname set for aria2
 #
 # The RPC port will need to be changed to 443 in the AriaNg/WebUI-Aria2 settings or by using the AriaNg command api
 # e.g. https://aria2.example.com/#!/settings/rpc/set/https/aria2.example.com/443/jsonrpc
@@ -21,6 +22,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -32,6 +36,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app aria2-with-webui;

audiobookshelf.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for audiobookshelf and that your audiobookshelf container is not using a base url
+## Version 2023/02/05
+# make sure that your audiobookshelf container is named audiobookshelf
+# make sure that your dns has a cname set for audiobookshelf
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app audiobookshelf;

audiobookshelf.subfolder.conf.sample

@@ -1,4 +1,6 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your audiobookshelf container is named audiobookshelf
+# make sure that audiobookshelf is set to work with the base url /audiobookshelf/
 # set the CONTEXT_PATH variable to /audiobookshelf in audiobookshelf container.
 
 location ^~ /audiobookshelf {
@@ -12,6 +14,9 @@ location ^~ /audiobookshelf {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app audiobookshelf;

authelia.subdomain.conf.sample

@@ -1,9 +1,10 @@
-## Version 2021/05/18
+## Version 2023/02/12
+# make sure that your authelia container is named authelia
 # make sure that your dns has a cname set for authelia
-# the default authelia-server and authelia-location confs included with letsencrypt rely on
-# subfolder proxy at "/authelia" and enabling of this proxy conf is not necessary.
-# But if you'd like to use authelia via subdomain, you can enable this proxy and set up your own
-# authelia-server and authelia-location confs as described in authelia docs.
+# the default authelia-server and authelia-location confs included with swag rely on
+# a built-in subfolder proxy at "/authelia" and enabling this proxy conf is not necessary.
+# But if you'd like to use authelia via subdomain, you can enable this proxy and set
+# the $authelia_backed variable in the authelia-server.conf.
 
 server {
     listen 443 ssl;
@@ -25,4 +26,32 @@ server {
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
     }
+
+    location ~ (/authelia)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app authelia;
+        set $upstream_port 9091;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/authelia)?/metrics {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # block metrics access by default because it is unprotected
+        # you can comment out the next line to enable remote metrics
+        deny all;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app authelia;
+        set $upstream_port 9959;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
 }

authentik.subdomain.conf.sample

@@ -0,0 +1,53 @@
+## Version 2023/02/12
+# make sure that your authentik container is named authentik-server
+# make sure that your dns has a cname set for authentik
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name authentik.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app authentik-server;
+        set $upstream_port 9000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/authentik)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app authentik-server;
+        set $upstream_port 9000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/authentik)?/metrics {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # block metrics access by default because it is unprotected
+        # you can comment out the next line to enable remote metrics
+        deny all;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app authentik-server;
+        set $upstream_port 9300;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}

babybuddy.subdomain.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your babybuddy container is named babybuddy
 # make sure that your dns has a cname set for babybuddy
 
 server {
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app babybuddy;

bazarr.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for bazarr and that your bazarr container is not using a base url
+## Version 2023/02/05
+# make sure that your bazarr container is named bazarr
+# make sure that your dns has a cname set for bazarr
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app bazarr;

bazarr.subfolder.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# first go into bazarr settings, under "General" set the URL Base to /bazarr/ and restart the bazarr container
+## Version 2023/02/05
+# make sure that your bazarr container is named bazarr
+# make sure that bazarr is set to work with the base url /bazarr/
 
 location /bazarr {
     return 301 $scheme://$host/bazarr/;
@@ -16,6 +17,9 @@ location ^~ /bazarr/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app bazarr;

beets.subdomain.conf.sample

@@ -1,6 +1,7 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your beets container is named beets
+# make sure that your dns has a cname set for beets
 #First edit beets.yml and enable the reverse proxy settings, under "web" add "reverse_proxy: true" and restart the beets container.
-#Make sure that your dns has a cname set for beets and that your beets container is not using a base url
 
 server {
     listen 443 ssl;
@@ -18,8 +19,11 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
-        #enable the next two lines for http auth
+        # enable the next two lines for http auth
         #auth_basic "Restricted";
         #auth_basic_user_file /config/nginx/.htpasswd;
 
@@ -29,6 +33,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app beets;

beets.subfolder.conf.sample

@@ -1,5 +1,7 @@
-## Version 2022/09/08
-#first edit beets.yml and enable the reverse proxy settings, under "web" add "reverse_proxy: true" and restart the beets container
+## Version 2023/02/05
+# make sure that your beets container is named beets
+# make sure that beets is set to work with the base url /beets/
+# first edit beets.yml and enable the reverse proxy settings, under "web" add "reverse_proxy: true" and restart the beets container
 
 location /beets {
     # enable the next two lines for http auth
@@ -12,6 +14,9 @@ location /beets {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app beets;

bitwarden.subdomain.conf.sample

@@ -1,6 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for bitwarden and that your bitwarden container is not using a base url
-# make sure your bitwarden container is named "bitwarden"
+## Version 2023/02/13
+# make sure that your bitwarden container is named bitwarden
+# make sure that your dns has a cname set for bitwarden
 # set the environment variable WEBSOCKET_ENABLED=true on your bitwarden container
 
 server {
@@ -19,6 +19,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -30,6 +33,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app bitwarden;
@@ -50,6 +56,19 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app bitwarden;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/bitwarden)?/api {
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app bitwarden;

bitwarden.subfolder.conf.sample

@@ -1,6 +1,9 @@
-## Version 2022/09/08
+## Version 2023/02/13
+# make sure that your bitwarden container is named bitwarden
+# make sure that bitwarden is set to work with the base url /bitwarden/
 ## Environmental Variable DOMAIN=https://<DOMAIN>/bitwarden must be set in bitwarden container including subfolder.
 ## This is using ports 80 and 3012
+
 location /bitwarden {
     return 301 $scheme://$host/bitwarden/;
 }
@@ -16,6 +19,9 @@ location ^~ /bitwarden/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app bitwarden;
@@ -36,6 +42,19 @@ location ~ (/bitwarden)?/admin {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app bitwarden;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ~ (/bitwarden)?/api {
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app bitwarden;

boinc.subdomain.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your boinc container is named boinc
 # make sure that your dns has a cname set for boinc
 
 server {
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app boinc;

boinc.subfolder.conf.sample

@@ -1,4 +1,6 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your bionc container is named bionc
+# make sure that bionc is set to work with the base url /bionc/
 # In boinc docker arguments, set an env variable for SUBFOLDER=/boinc/
 
 location /boinc {
@@ -16,6 +18,9 @@ location ^~ /boinc/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app boinc;

booksonic.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for booksonic and that your booksonic container is not using a base url
+## Version 2023/02/05
+# make sure that your booksonic container is named booksonic
+# make sure that your dns has a cname set for booksonic
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app booksonic;

booksonic.subfolder.conf.sample

@@ -1,4 +1,6 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your booksonic container is named booksonic
+# make sure that booksonic is set to work with the base url /booksonic/
 # set the CONTEXT_PATH variable to /booksonic in booksonic container.
 
 location ^~ /booksonic {
@@ -12,6 +14,9 @@ location ^~ /booksonic {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app booksonic;

bookstack.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for bookstack and that your bookstack container is named bookstack
+## Version 2023/02/05
+# make sure that your bookstack container is named bookstack
+# make sure that your dns has a cname set for bookstack
 # Ensure you have the APP_URL Environment Variable set correctly in your Docker Run/Compose or in BookStack Env File (/www/.env)
 # https://github.com/linuxserver/docker-bookstack#docker
 
@@ -19,8 +20,11 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
-        #enable the next two lines for http auth
+        # enable the next two lines for http auth
         #auth_basic "Restricted";
         #auth_basic_user_file /config/nginx/.htpasswd;
 
@@ -30,6 +34,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app bookstack;

budge.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2021/05/18
-# make sure that your dns has a cname set for budge and that your budge container is not using a base url
+## Version 2023/02/05
+# make sure that your budge container is named budge
+# make sure that your dns has a cname set for budge
 
 server {
     listen 443 ssl;
@@ -11,24 +12,29 @@ server {
 
     client_max_body_size 0;
 
-    # enable for ldap auth, fill in ldap details in ldap.conf
-    #include /config/nginx/ldap.conf;
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
 
-    # enable for Authelia
+    # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
         #auth_basic_user_file /config/nginx/.htpasswd;
 
-        # enable the next two lines for ldap auth
-        #auth_request /auth;
-        #error_page 401 =200 /ldaplogin;
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
 
-        # enable for Authelia
+        # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app budge;

calibre-web.subdomain.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your calibre-web container is named calibre-web
 # make sure that your dns has a cname set for calibre-web
 
 server {
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -27,6 +31,9 @@ server {
 
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
+
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
         # To use Authelia to log in to Calibre-Web, make sure "Reverse Proxy Login" is
         # enabled, "Reverse Proxy Header Name" is set to Remote-User, and each Authelia
         # user also has a corresponding user manually created in Calibre-Web.
@@ -41,10 +48,10 @@ server {
         proxy_set_header X-Scheme $scheme;
     }
 
-	# OPDS feed for eBook reader apps
-	# Even if you use Authelia, the OPDS feed requires a password to be set for
-	# the user directly in Calibre-Web, as eBook reader apps don't support
-	# form-based logins, only HTTP Basic auth.
+    # OPDS feed for eBook reader apps
+    # Even if you use Authelia, the OPDS feed requires a password to be set for
+    # the user directly in Calibre-Web, as eBook reader apps don't support
+    # form-based logins, only HTTP Basic auth.
     location /opds/ {
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;

calibre-web.subfolder.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your calibre-web container is named calibre-web
 # calibre-web does not require a base url setting
 
 location /calibre-web {
@@ -15,6 +16,9 @@ location ^~ /calibre-web/ {
 
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
+
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
     # To use Authelia to log in to Calibre-Web, make sure "Reverse Proxy Login" is
     # enabled, "Reverse Proxy Header Name" is set to Remote-User, and each Authelia
     # user also has a corresponding user manually created in Calibre-Web.

calibre.subdomain.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your calibre container is named calibre
 # make sure that your dns has a cname set for calibre
 # for the content server, go into calibre preferences / sharing over the net / advanced and
 # set the first option for prefix url to '/content-server', save and restart the container
@@ -20,6 +21,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -31,6 +35,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app calibre;
@@ -56,6 +63,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app calibre;

calibre.subfolder.conf.sample

@@ -1,4 +1,6 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your calibre container is named calibre
+# make sure that calibre is set to work with the base url /calibre/
 # In calibre docker arguments, set an env variable for SUBFOLDER=/calibre/
 # for the content server, go into calibre preferences / sharing over the net / advanced and
 # set the first option for prefix url to '/content-server', save and restart the container
@@ -19,6 +21,9 @@ location ^~ /calibre/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app calibre;
@@ -43,6 +48,9 @@ location ^~ /content-server/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app calibre;

castopod.subdomain.conf.sample

@@ -1,5 +1,7 @@
-## Version 2022/10/06
-# make sure that your dns has a cname set for castopod and that your castopod container is not using a base url
+## Version 2023/02/05
+# make sure that your castopod container is named castopod
+# make sure that your dns has a cname set for castopod
+
 server {
     listen 443 ssl;
     listen [::]:443 ssl;
@@ -16,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -27,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app castopod;

changedetection.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for changedetection and that your changedetection container is named changedetection
+## Version 2023/02/05
+# make sure that your changedetection container is named changedetection
+# make sure that your dns has a cname set for changedetection
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app changedetection;

chevereto.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for chevereto and that your chevereto container is not using a base url
+## Version 2023/02/05
+# make sure that your chevereto container is named chevereto
+# make sure that your dns has a cname set for chevereto
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app chevereto;

chronograf.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# Make sure that your dns has a cname set for chronograf and that your chronograf container is not using a base url
+## Version 2023/02/05
+# make sure that your chronograf container is named chronograf
+# make sure that your dns has a cname set for chronograf
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app chronograf;

chronograf.subfolder.conf.sample

@@ -1,4 +1,6 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your chronograf container is named chronograf
+# make sure that chronograf is set to work with the base url /chronograf/
 # add BASE_PATH=/chronograf environment variable to your docker compose/run
 
 location /chronograf {
@@ -16,6 +18,9 @@ location ^~ /chronograf/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app chronograf;

cloudbeaver.subdomain.conf.sample

@@ -1,6 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for cloudbeaver and that your cloudbeaver container is not using a base url
-# tested using dbeaver/cloudbeaver
+## Version 2023/02/05
+# make sure that your cloudbeaver container is named cloudbeaver
+# make sure that your dns has a cname set for cloudbeaver
 
 server {
     listen 443 ssl;
@@ -20,6 +20,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -31,6 +34,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app cloudbeaver;

code-server.subdomain.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your code-server container is named code-server
 # make sure that your dns has a cname set for code-server
 
 server {
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app code-server;

codimd.subdomain.conf.sample

@@ -1,4 +1,4 @@
-## Version 2022/09/08
+## Version 2023/02/05
 # make sure you have added the following environmental variables to your run command/compose file
 # CMD_DOMAIN=codimd.server.com
 # CMD_PROTOCOL_USESSL=true
@@ -19,6 +19,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -30,6 +33,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app codimd;

collabora.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for collabora and that your collabora container is named collabora
+## Version 2023/02/05
+# make sure that your collabora container is named collabora
+# make sure that your dns has a cname set for collabora
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app collabora;

commento.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for commento and that your commento config is not using a subdirectory.
+## Version 2023/02/05
+# make sure that your commento container is named commento
+# make sure that your dns has a cname set for commento
 
 server {
     listen 443 ssl;
@@ -17,8 +18,11 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
-        #enable the next two lines for http auth
+        # enable the next two lines for http auth
         #auth_basic "Restricted";
         #auth_basic_user_file /config/nginx/.htpasswd;
 
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app commento;

couchpotato.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for couchpotato and that your couchpotato container is not using a base url
+## Version 2023/02/05
+# make sure that your couchpotato container is named couchpotato
+# make sure that your dns has a cname set for couchpotato
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app couchpotato;

couchpotato.subfolder.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# first go into couchpotato settings, under "General" set the URL Base to /couchpotato and restart the couchpotato container
+## Version 2023/02/05
+# make sure that your couchpotato container is named couchpotato
+# make sure that couchpotato is set to work with the base url /couchpotato/
 
 location ^~ /couchpotato {
     # enable the next two lines for http auth
@@ -12,6 +13,9 @@ location ^~ /couchpotato {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app couchpotato;

crontabui.subfolder.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your crontabui container is named crontabui
 # crontabui does not require a base url setting
 
 location /crontabui {
@@ -16,6 +17,9 @@ location ^~ /crontabui/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app crontabui;

crowdsec-dashboard.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for crowdsec-dashboard and that your crowdsec-dashboard container is not using a base url
+## Version 2023/02/05
+# make sure that your crowdsec-dashboard container is named crowdsec-dashboard
+# make sure that your dns has a cname set for crowdsec-dashboard
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app crowdsec-dashboard;

crowdsec.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/08/26
-# make sure that your dns has a cname set for crowdsec and that your crowdsec container is not using a base url
+## Version 2023/02/05
+# make sure that your crowdsec container is named crowdsec
+# make sure that your dns has a cname set for crowdsec
 
 server {
     listen 443 ssl;
@@ -11,24 +12,29 @@ server {
 
     client_max_body_size 0;
 
-    # enable for ldap auth, fill in ldap details in ldap.conf
-    #include /config/nginx/ldap.conf;
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
 
-    # enable for Authelia
+    # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
         #auth_basic_user_file /config/nginx/.htpasswd;
 
-        # enable the next two lines for ldap auth
-        #auth_request /auth;
-        #error_page 401 =200 /ldaplogin;
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
 
-        # enable for Authelia
+        # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app crowdsec;

dashy.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for dashy and that your dashy container is not using a base url
+## Version 2023/02/05
+# make sure that your dashy container is named dashy
+# make sure that your dns has a cname set for dashy
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app dashy;

deluge.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for deluge and that your deluge container is not using a base url
+## Version 2023/02/05
+# make sure that your deluge container is named deluge
+# make sure that your dns has a cname set for deluge
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app deluge;

deluge.subfolder.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your deluge container is named deluge
 # deluge does not require a base url setting
 
 location /deluge {
@@ -16,6 +17,9 @@ location ^~ /deluge/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app deluge;

dillinger.subdomain.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your dillinger container is named dillinger
 # make sure that your dns has a cname set for dillinger
 
 server {
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app dillinger;

documentserver.subdomain.conf.sample

@@ -1,6 +1,6 @@
-## Version 2022/09/08
-# Make sure that your dns has a cname set for onlyoffice named "documentserver"
-# Make sure that the onlyoffice documentserver container is named "documentserver"
+## Version 2023/02/05
+# make sure that your onlyoffice documentserver container is named documentserver
+# make sure that your dns has a cname set for documentserver
 
 server {
     listen 443 ssl;
@@ -18,8 +18,11 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
-        #enable the next two lines for http auth
+        # enable the next two lines for http auth
         #auth_basic "Restricted";
         #auth_basic_user_file /config/nginx/.htpasswd;
 
@@ -29,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app documentserver;

dokuwiki.subdomain.conf.sample

@@ -1,6 +1,7 @@
-## Version 2022/09/08
-# First complete the setup by appending install.php to URL.
-# Make sure that your dns has a cname set for dokuwiki
+## Version 2023/02/05
+# make sure that your dokuwiki container is named dokuwiki
+# make sure that your dns has a cname set for dokuwiki
+# complete the setup by appending install.php to URL
 
 server {
     listen 443 ssl;
@@ -18,8 +19,11 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
-        #enable the next two lines for http auth
+        # enable the next two lines for http auth
         #auth_basic "Restricted";
         #auth_basic_user_file /config/nginx/.htpasswd;
 
@@ -29,6 +33,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app dokuwiki;

dokuwiki.subfolder.conf.sample

@@ -1,4 +1,6 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your dokuwiki container is named dokuwiki
+# make sure that dokuwiki is set to work with the base url /dokuwiki/
 # first go into dokuwiki settings (Admin on the top left when Logged in), under "Configuration Settings" set the "basedir" to /dokuwiki/ and restart the dokuwiki container
 
 location /dokuwiki {
@@ -16,6 +18,9 @@ location ^~ /dokuwiki/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app dokuwiki;

domoticz.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# Make sure that your dns has a cname set for domoticz and that your domoticz container is not using a base url
+## Version 2023/02/05
+# make sure that your domoticz container is named domoticz
+# make sure that your dns has a cname set for domoticz
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app domoticz;

domoticz.subfolder.conf.sample

@@ -1,4 +1,6 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your domoticz container is named domoticz
+# make sure that domoticz is set to work with the base url /domoticz/
 # set the WEBROOT variable to domoticz for the domoticz container.
 
 location ^~ /domoticz/ {
@@ -12,6 +14,9 @@ location ^~ /domoticz/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app domoticz;

dozzle.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for dozzle and that your dozzle container is named dozzle
+## Version 2023/02/05
+# make sure that your dozzle container is named dozzle
+# make sure that your dns has a cname set for dozzle
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app dozzle;

dozzle.subfolder.conf.sample

@@ -1,4 +1,6 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your dozzle container is named dozzle
+# make sure that dozzle is set to work with the base url /dozzle/
 # First either add "--base /dozzle" or "-e DOZZLE_BASE=/dozzle" to your docker run command, and restart the Dozzle container
 
 location /dozzle {
@@ -16,6 +18,9 @@ location ^~ /dozzle/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app dozzle;

drone.subdomain.conf.sample

@@ -1,4 +1,7 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your drone container is named drone
+# make sure that your dns has a cname set for drone
+
 server {
     listen 443 ssl;
     listen [::]:443 ssl;
@@ -15,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -26,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app drone;

duplicati.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for duplicati and that your duplicati container is not using a base url
+## Version 2023/02/05
+# make sure that your duplicati container is named duplicati
+# make sure that your dns has a cname set for duplicati
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app duplicati;

duplicati.subfolder.conf.sample

@@ -1,5 +1,7 @@
-## Version 2022/09/08
-# duplicati does not require a base url setting. DUPLICATI AUTH WILL NOT WORK WITH THIS CONFIG, use the auth options below
+## Version 2023/02/05
+# make sure that your duplicati container is named duplicati
+# duplicati does not require a base url setting
+# DUPLICATI AUTH WILL NOT WORK WITH THIS CONFIG, use the auth options below
 
 location /duplicati {
     return 301 $scheme://$host/duplicati/;
@@ -16,6 +18,9 @@ location ^~ /duplicati/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app duplicati;

emby.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2021/05/18
-# make sure that your dns has a cname set for emby and that your emby container is not using a base url
+## Version 2023/02/05
+# make sure that your emby container is named emby
+# make sure that your dns has a cname set for emby
 # if emby is running in bridge mode and the container is named "emby", the below config should work as is
 # if not, replace the line "set $upstream_app emby;" with "set $upstream_app <containername>;"
 # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of emby

emby.subfolder.conf.sample

@@ -1,5 +1,6 @@
-## Version 2021/05/18
-# make sure that your dns has a cname set for emby
+## Version 2023/02/05
+# make sure that your emby container is named emby
+# emby does not require a base url setting
 # if emby is running in bridge mode and the container is named "emby", the below config should work as is
 # if not, replace the line "set $upstream_app emby;" with "set $upstream_app <containername>;"
 # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of emby

embystat.subdomain.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your embystat container is named embystat
 # make sure that your dns has a cname set for embystat
 
 server {
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app embystat;

emulatorjs.subdomain.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your emulatorjs container is named emulatorjs
 # make sure that your dns has a cname set for emulatorjs
 # In emulatorjs docker arguments, set an env variable for SUBFOLDER=/backend/
 # The backend interface will be accessible at https://emulatorjs.yourdomain.com/backend/
@@ -20,6 +21,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -31,6 +35,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app emulatorjs;
@@ -54,6 +61,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app emulatorjs;

filebot.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for filebot and that your filebot container is not using a base url
+## Version 2023/02/05
+# make sure that your filebot container is named filebot
+# make sure that your dns has a cname set for filebot
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app filebot;

filebot.subfolder.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your filebot container is named filebot
 # filebot does not require a base url setting
 
 location /filebot {
@@ -16,6 +17,9 @@ location ^~ /filebot/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app filebot;

filebrowser.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for filebrowser and that your filebrowser container is not using a base url
+## Version 2023/02/05
+# make sure that your filebrowser container is named filebrowser
+# make sure that your dns has a cname set for filebrowser
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app filebrowser;

filebrowser.subfolder.conf.sample

@@ -1,5 +1,7 @@
-## Version 2022/09/08
-# set this environment variable on your filebrowser container FILEBROWSER_BASEURL=/filebrowser
+## Version 2023/02/05
+# make sure that your filebrowser container is named filebrowser
+# make sure that filebrowser is set to work with the base url /filebrowser/
+# set this environment variable on your filebrowser container FB_BASEURL=/filebrowser
 
 location /filebrowser {
     return 301 $scheme://$host/filebrowser/;
@@ -16,6 +18,9 @@ location ^~ /filebrowser/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app filebrowser;

firefly.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for firefly and that your firefly container is not using a base url
+## Version 2023/02/05
+# make sure that your firefly container is named firefly
+# make sure that your dns has a cname set for firefly
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app firefly;

firefox.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for firefox and that your firefox container is not using a base url
+## Version 2023/02/05
+# make sure that your firefox container is named firefox
+# make sure that your dns has a cname set for firefox
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app firefox;

flexget.subdomain.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your flexget container is named flexget
 # make sure that your dns has a cname set for flexget
 
 server {
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app flexget;

flexget.subfolder.conf.sample

@@ -1,34 +1,39 @@
-## Version 2022/09/08
+## Version 2023/02/12
+# make sure that your flexget container is named flexget
+# make sure that flexget is set to work with the base url /flexget/
 # make sure to set 'base_url: /flexget' under your flexget's config.yml web_server block
-#
+
 location /flexget {
     return 301 $scheme://$host/flexget/;
 }
 
-    location ^~ /flexget/ {
-        # enable the next two lines for http auth
-        #auth_basic "Restricted";
-        #auth_basic_user_file /config/nginx/.htpasswd;
+location ^~ /flexget/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
 
-        # enable for ldap auth (requires ldap-server.conf in the server block)
-        #include /config/nginx/ldap-location.conf;
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
 
-        # enable for Authelia (requires authelia-server.conf in the server block)
-        #include /config/nginx/authelia-location.conf;
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
 
-        include /config/nginx/proxy.conf;
-        include /config/nginx/resolver.conf;
-        set $upstream_app flexget;
-        set $upstream_port 5050;
-        set $upstream_proto http;
-        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
-    }
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
 
-    location ^~ /flexget/api/ {
-        include /config/nginx/proxy.conf;
-        include /config/nginx/resolver.conf;
-        set $upstream_app flexget;
-        set $upstream_port 5050;
-        set $upstream_proto http;
-        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
-    }
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app flexget;
+    set $upstream_port 5050;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+}
+
+location ^~ /flexget/api/ {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app flexget;
+    set $upstream_port 5050;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+}

flood.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for flood and that your flood container is not using a base url
+## Version 2023/02/05
+# make sure that your flood container is named flood
+# make sure that your dns has a cname set for flood
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app flood;

flood.subfolder.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your flood container is named flood
 # flood does not require a base url setting
 
 location /flood {
@@ -16,6 +17,9 @@ location ^~ /flood/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app flood;

foldingathome.subdomain.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your foldingathome container is named foldingathome
 # make sure that your dns has a cname set for foldingathome
 
 server {
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         proxy_buffering off;
         include /config/nginx/resolver.conf;

foundryvtt.subdomain.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your foundryvtt container is named foundryvtt
 # make sure that your dns has a cname set for foundryvtt
 # Ensure that your Foundry VTT's {userData}/Config/options.json file is configured as follows:
 # "hostname": "your.hostname.com",
@@ -26,6 +27,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -37,6 +41,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app foundryvtt;

freshrss.subdomain.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your freshrss container is named freshrss
 # make sure that your dns has a cname set for freshrss
 
 server {
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app freshrss;

freshrss.subfolder.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# freshrss does not have a base url setting
+## Version 2023/02/05
+# make sure that your freshrss container is named freshrss
+# freshrss does not require a base url setting
 
 location /freshrss {
     return 301 $scheme://$host/freshrss/;
@@ -16,6 +17,9 @@ location ^~ /freshrss/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app freshrss;

gaps.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for gaps and that your gaps container is not using a base url
+## Version 2023/02/05
+# make sure that your gaps container is named gaps
+# make sure that your dns has a cname set for gaps
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app gaps;

gaps.subfolder.conf.sample

@@ -1,4 +1,6 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your gaps container is named gaps
+# make sure that gaps is set to work with the base url /gaps/
 # In your Docker compose (or docker run) add: BASE_URL: /gaps
 
 location /gaps {
@@ -16,6 +18,9 @@ location ^~ /gaps/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app gaps;

get_iplayer.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for get_iplayer and that your get_iplayer container is named get_iplayer
+## Version 2023/02/05
+# make sure that your get_iplayer container is named get_iplayer
+# make sure that your dns has a cname set for get_iplayer
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app get_iplayer;

ghost.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for ghost and that your ghost config is not using a subdirectory.
+## Version 2023/02/05
+# make sure that your ghost container is named ghost
+# make sure that your dns has a cname set for ghost
 
 server {
     listen 443 ssl;
@@ -17,8 +18,11 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
-        #enable the next two lines for http auth
+        # enable the next two lines for http auth
         #auth_basic "Restricted";
         #auth_basic_user_file /config/nginx/.htpasswd;
 
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app ghost;

ghost.subfolder.conf.sample

@@ -1,4 +1,6 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your ghost container is named ghost
+# make sure that ghost is set to work with the base url /ghost/
 # Make sure you are using a subfolder in your ghost config file. https://ghost.org/docs/concepts/config/#url
 # Note: /ghost/ is by default used for the admin page. See https://ghost.org/docs/concepts/config/#admin-url
 
@@ -13,6 +15,9 @@ location /blog {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app ghost;

gitea.subdomain.conf.sample

@@ -1,5 +1,7 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for gitea and the following parameters in /data/gitea/conf/app.ini are edited
+## Version 2023/02/05
+# make sure that your gitea container is named gitea
+# make sure that your dns has a cname set for gitea
+# edit the following parameters in /data/gitea/conf/app.ini
 # [server]
 # SSH_DOMAIN       = gitea.server.com
 # ROOT_URL         = https://gitea.server.com/
@@ -21,6 +23,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -32,6 +37,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app gitea;

gitea.subfolder.conf.sample

@@ -1,4 +1,6 @@
-## Version 2021/05/18
+## Version 2023/02/05
+# make sure that your gitea container is named gitea
+# make sure that gitea is set to work with the base url /gitea/
 # The following parameters in /data/gitea/conf/app.ini should be edited to match your setup
 # [server]
 # SSH_DOMAIN       = example.com:2222

glances.subdomain.conf.sample

@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for glances and that your glances container is not using a base url
+## Version 2023/02/05
+# make sure that your glances container is named glances
+# make sure that your dns has a cname set for glances
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app glances;

glances.subfolder.conf.sample

@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your glances container is named glances
 # glances does not require a base url setting
 
 location /glances {
@@ -16,6 +17,9 @@ location ^~ /glances/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app glances;