From 6f763726c031d1d7684f489b5bee46c3e89df8ff Mon Sep 17 00:00:00 2001 From: shmick Date: Fri, 24 Sep 2021 14:42:24 +0300 Subject: [PATCH] Adding auto-reload; updating subdomains; add proxy configuration files --- .gitignore | 1 + .../proxy-confs/bitwarden.subdomain.conf | 82 ++++++++++ .../proxy-confs/bitwarden.subfolder.conf | 47 ++++++ .../proxy-confs/code-server.subdomain.conf | 40 +++++ .../proxy-confs/dillinger.subdomain.conf | 40 +++++ .../proxy-confs/filebrowser.subdomain.conf | 66 ++++++++ .../nginx/proxy-confs/freshrss.subdomain.conf | 55 +++++++ config/nginx/proxy-confs/gitea.subdomain.conf | 43 ++++++ config/nginx/proxy-confs/gitea.subfolder.conf | 20 +++ config/nginx/proxy-confs/grocy.subdomain.conf | 39 +++++ config/nginx/proxy-confs/homer.subfolder.conf | 23 +++ .../nginx/proxy-confs/jackett.subfolder.conf | 43 ++++++ .../nginx/proxy-confs/jekyll.subdomain.conf | 40 +++++ .../nginx/proxy-confs/jellyfin.subdomain.conf | 145 ++++++++++++++++++ .../nginx/proxy-confs/joplin.subdomain.conf | 58 +++++++ .../proxy-confs/nextcloud.subdomain.conf | 36 +++++ .../proxy-confs/photoprism.subdomain.conf | 42 +++++ .../nginx/proxy-confs/pihole.subfolder.conf | 55 +++++++ .../nginx/proxy-confs/podgrab.subdomain.conf | 41 +++++ .../proxy-confs/portainer.subdomain.conf | 62 ++++++++ .../proxy-confs/portainer.subfolder.conf | 40 +++++ .../nginx/proxy-confs/pyload.subdomain.conf | 40 +++++ .../proxy-confs/qbittorrent.subdomain.conf | 112 ++++++++++++++ .../proxy-confs/syncthing.subdomain.conf | 39 +++++ config/nginx/proxy-confs/wekan.subdomain.conf | 57 +++++++ .../nginx/proxy-confs/wikijs.subdomain.conf | 41 +++++ .../proxy-confs/wireguard.subdomain.conf | 39 +++++ docker-compose.yml | 3 +- 28 files changed, 1348 insertions(+), 1 deletion(-) create mode 100644 config/nginx/proxy-confs/bitwarden.subdomain.conf create mode 100644 config/nginx/proxy-confs/bitwarden.subfolder.conf create mode 100644 config/nginx/proxy-confs/code-server.subdomain.conf create mode 100644 config/nginx/proxy-confs/dillinger.subdomain.conf create mode 100644 config/nginx/proxy-confs/filebrowser.subdomain.conf create mode 100644 config/nginx/proxy-confs/freshrss.subdomain.conf create mode 100644 config/nginx/proxy-confs/gitea.subdomain.conf create mode 100644 config/nginx/proxy-confs/gitea.subfolder.conf create mode 100644 config/nginx/proxy-confs/grocy.subdomain.conf create mode 100644 config/nginx/proxy-confs/homer.subfolder.conf create mode 100644 config/nginx/proxy-confs/jackett.subfolder.conf create mode 100644 config/nginx/proxy-confs/jekyll.subdomain.conf create mode 100644 config/nginx/proxy-confs/jellyfin.subdomain.conf create mode 100644 config/nginx/proxy-confs/joplin.subdomain.conf create mode 100644 config/nginx/proxy-confs/nextcloud.subdomain.conf create mode 100644 config/nginx/proxy-confs/photoprism.subdomain.conf create mode 100644 config/nginx/proxy-confs/pihole.subfolder.conf create mode 100644 config/nginx/proxy-confs/podgrab.subdomain.conf create mode 100644 config/nginx/proxy-confs/portainer.subdomain.conf create mode 100644 config/nginx/proxy-confs/portainer.subfolder.conf create mode 100644 config/nginx/proxy-confs/pyload.subdomain.conf create mode 100644 config/nginx/proxy-confs/qbittorrent.subdomain.conf create mode 100644 config/nginx/proxy-confs/syncthing.subdomain.conf create mode 100644 config/nginx/proxy-confs/wekan.subdomain.conf create mode 100644 config/nginx/proxy-confs/wikijs.subdomain.conf create mode 100644 config/nginx/proxy-confs/wireguard.subdomain.conf diff --git a/.gitignore b/.gitignore index c896de9..31733b8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ * !docker-compose.yml +!config/nginx/proxy-confs/*.conf diff --git a/config/nginx/proxy-confs/bitwarden.subdomain.conf b/config/nginx/proxy-confs/bitwarden.subdomain.conf new file mode 100644 index 0000000..89a7306 --- /dev/null +++ b/config/nginx/proxy-confs/bitwarden.subdomain.conf @@ -0,0 +1,82 @@ +# make sure that your dns has a cname set for bitwarden and that your bitwarden container is not using a base url +# make sure your bitwarden container is named "bitwarden" +# set the environment variable WEBSOCKET_ENABLED=true on your bitwarden container + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name vault.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 128M; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app vaultwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location /admin { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app vaultwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location /notifications/hub { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app vaultwarden; + set $upstream_port 3012; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location /notifications/hub/negotiate { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app vaultwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/config/nginx/proxy-confs/bitwarden.subfolder.conf b/config/nginx/proxy-confs/bitwarden.subfolder.conf new file mode 100644 index 0000000..0c12258 --- /dev/null +++ b/config/nginx/proxy-confs/bitwarden.subfolder.conf @@ -0,0 +1,47 @@ +## Version 2021/02/05 +## Environmental Variable DOMAIN=https:///bitwarden must be set in bitwarden container including subfolder. +## This is using ports 80 and 3012 +location /bitwarden { + return 301 $scheme://$host/bitwarden/; +} + +location ^~ /bitwarden/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app bitwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location /notifications/hub { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app bitwarden; + set $upstream_port 3012; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location /notifications/hub/negotiate { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app bitwarden; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/config/nginx/proxy-confs/code-server.subdomain.conf b/config/nginx/proxy-confs/code-server.subdomain.conf new file mode 100644 index 0000000..1b2b8fc --- /dev/null +++ b/config/nginx/proxy-confs/code-server.subdomain.conf @@ -0,0 +1,40 @@ +## Version 2021/05/18 +# make sure that your dns has a cname set for code-server + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name code.* "~^[0-9]{1,10}\.code-server\..*$"; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app code; + set $upstream_port 8443; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/config/nginx/proxy-confs/dillinger.subdomain.conf b/config/nginx/proxy-confs/dillinger.subdomain.conf new file mode 100644 index 0000000..47555e5 --- /dev/null +++ b/config/nginx/proxy-confs/dillinger.subdomain.conf @@ -0,0 +1,40 @@ +## Version 2021/05/18 +# make sure that your dns has a cname set for dillinger + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name notes.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app dillinger; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/config/nginx/proxy-confs/filebrowser.subdomain.conf b/config/nginx/proxy-confs/filebrowser.subdomain.conf new file mode 100644 index 0000000..1ca05bf --- /dev/null +++ b/config/nginx/proxy-confs/filebrowser.subdomain.conf @@ -0,0 +1,66 @@ +## Version 2021/05/18 +# make sure that your dns has a cname set for filebrowser and that your filebrowser container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name files.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app filebrowser; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } + + location ~ (/filebrowser)?/api/public { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app filebrowser; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } + + location ~ (/filebrowser)?/share { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app filebrowser; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } + + location ~ (/filebrowser)?/static { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app filebrowser; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/config/nginx/proxy-confs/freshrss.subdomain.conf b/config/nginx/proxy-confs/freshrss.subdomain.conf new file mode 100644 index 0000000..94e71e3 --- /dev/null +++ b/config/nginx/proxy-confs/freshrss.subdomain.conf @@ -0,0 +1,55 @@ +## Version 2021/07/08 +# make sure that your dns has a cname set for freshrss + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name news.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app freshrss; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_buffering off; + proxy_set_header X-Forwarded-Port $server_port; + proxy_cookie_path / "/; HTTPOnly; Secure"; + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + } + location ~ (/freshrss)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app freshrss; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + +} diff --git a/config/nginx/proxy-confs/gitea.subdomain.conf b/config/nginx/proxy-confs/gitea.subdomain.conf new file mode 100644 index 0000000..d1e2896 --- /dev/null +++ b/config/nginx/proxy-confs/gitea.subdomain.conf @@ -0,0 +1,43 @@ +# make sure that your dns has a cname set for gitea and the following parameters in /data/gitea/conf/app.ini are edited +# [server] +# SSH_DOMAIN = gitea.server.com +# ROOT_URL = https://gitea.server.com/ +# DOMAIN = gitea.server.com + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name git.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app gitea; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/config/nginx/proxy-confs/gitea.subfolder.conf b/config/nginx/proxy-confs/gitea.subfolder.conf new file mode 100644 index 0000000..8d37eab --- /dev/null +++ b/config/nginx/proxy-confs/gitea.subfolder.conf @@ -0,0 +1,20 @@ +# The following parameters in /data/gitea/conf/app.ini should be edited to match your setup +# [server] +# SSH_DOMAIN = example.com:2222 +# ROOT_URL = https://example.com/gitea/ +# DOMAIN = example.com + +location /gitea { + return 301 $scheme://$host/gitea/; +} + +location ^~ /gitea/ { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app gitea; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /gitea(.*) $1 break; +} diff --git a/config/nginx/proxy-confs/grocy.subdomain.conf b/config/nginx/proxy-confs/grocy.subdomain.conf new file mode 100644 index 0000000..2b8d299 --- /dev/null +++ b/config/nginx/proxy-confs/grocy.subdomain.conf @@ -0,0 +1,39 @@ +## Version 2020/12/09 +# make sure that your dns has a cname set for grocy + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name grocy.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app grocy; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; +} +} diff --git a/config/nginx/proxy-confs/homer.subfolder.conf b/config/nginx/proxy-confs/homer.subfolder.conf new file mode 100644 index 0000000..cd74299 --- /dev/null +++ b/config/nginx/proxy-confs/homer.subfolder.conf @@ -0,0 +1,23 @@ +## Version 2020/12/09 +# In order to use this location block you need to edit the default file one folder up and comment out the / location + +location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app homer; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/config/nginx/proxy-confs/jackett.subfolder.conf b/config/nginx/proxy-confs/jackett.subfolder.conf new file mode 100644 index 0000000..bf75693 --- /dev/null +++ b/config/nginx/proxy-confs/jackett.subfolder.conf @@ -0,0 +1,43 @@ +## Version 2020/12/09 +# first go into jackett settings, set the URL Base to /jackett and restart the jackett container + +location ^~ /jackett { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app jackett; + set $upstream_port 9117; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ^~ /jackett/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app jackett; + set $upstream_port 9117; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ^~ /jackett/dl { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app jackett; + set $upstream_port 9117; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} diff --git a/config/nginx/proxy-confs/jekyll.subdomain.conf b/config/nginx/proxy-confs/jekyll.subdomain.conf new file mode 100644 index 0000000..7b416c7 --- /dev/null +++ b/config/nginx/proxy-confs/jekyll.subdomain.conf @@ -0,0 +1,40 @@ +## Version 2021/05/18 + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name ler.*; + + include /config/nginx/ssl.conf; + + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Pukeko! Pukeko?"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app jekyll; + set $upstream_port 4000; + set $upstream_proto http; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/config/nginx/proxy-confs/jellyfin.subdomain.conf b/config/nginx/proxy-confs/jellyfin.subdomain.conf new file mode 100644 index 0000000..9916f33 --- /dev/null +++ b/config/nginx/proxy-confs/jellyfin.subdomain.conf @@ -0,0 +1,145 @@ +# make sure that your dns has a cname set for jellyfin +# if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is +# if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app ;" +# or "set $upstream_app ;" for host mode, HOSTIP being the IP address of jellyfin +# in jellyfin settings, under "Advanced/Networking" change the public https port to 443, leave the local ports as is, +# and set the "Secure connection mode" to "Handled by reverse proxy" + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name stream.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app jellyfin; + set $upstream_port 8096; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + } + + location ~ (/jellyfin)?/socket { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app jellyfin; + set $upstream_port 8096; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + ## Sonarr + ## Version 2020/12/09 +# first go into sonarr settings, under "General" set the URL Base to /sonarr and restart the sonarr container + +location ^~ /sonarr { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app sonarr; + set $upstream_port 8989; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ^~ /sonarr/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app sonarr; + set $upstream_port 8989; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} +##Radarr +## Version 2020/12/09 +# first go into radarr settings, under "General" set the URL Base to /radarr and restart the radarr container + +location ^~ /radarr { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app radarr; + set $upstream_port 7878; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ^~ /radarr/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app radarr; + set $upstream_port 7878; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} +##Bazarr +# Version 2020/12/09 +# first go into bazarr settings, under "General" set the URL Base to /bazarr/ and restart the bazarr container + +location /bazarr { + return 301 $scheme://$host/bazarr/; +} + +location ^~ /bazarr/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app bazarr; + set $upstream_port 6767; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} + +location ^~ /bazarr/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app bazarr; + set $upstream_port 6767; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +} +} diff --git a/config/nginx/proxy-confs/joplin.subdomain.conf b/config/nginx/proxy-confs/joplin.subdomain.conf new file mode 100644 index 0000000..324b0b8 --- /dev/null +++ b/config/nginx/proxy-confs/joplin.subdomain.conf @@ -0,0 +1,58 @@ +## Version 2021/05/18 +# REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template. +# REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for and replace them. Review other sample files to see how things are done. +# REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings. +# make sure that your dns has a cname set for and that your container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name jop.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location /joplin { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app joplin; + set $upstream_port 22300; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + proxy_set_header Host $upstream_proto://$upstream_app:$upstream_port; + + # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above. + } + + # REMOVE THIS LINE BEFORE SUBMITTING: Some proxies require one or more additional location blocks for things like API or RPC endpoints. + # REMOVE THIS LINE BEFORE SUBMITTING: If the proxy you are making a sample for does not require an additional location block please remove the commented out section below. + location ~ /joplin?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app joplin; + set $upstream_port 22300; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above. + } +} diff --git a/config/nginx/proxy-confs/nextcloud.subdomain.conf b/config/nginx/proxy-confs/nextcloud.subdomain.conf new file mode 100644 index 0000000..d13c490 --- /dev/null +++ b/config/nginx/proxy-confs/nextcloud.subdomain.conf @@ -0,0 +1,36 @@ +# make sure that your dns has a cname set for nextcloud +# assuming this container is called "swag", edit your nextcloud container's config +# located at /config/www/nextcloud/config/config.php and add the following lines before the ");": +# 'trusted_proxies' => ['swag'], +# 'overwrite.cli.url' => 'https://nextcloud.your-domain.com/', +# 'overwritehost' => 'nextcloud.your-domain.com', +# 'overwriteprotocol' => 'https', +# +# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: +# array ( +# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. +# 1 => 'nextcloud.your-domain.com', +# ), + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name cloud.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app nextcloud; + set $upstream_port 443; + set $upstream_proto https; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + #proxy_pass $upstream_proto://cloud:$upstream_port; + + proxy_max_temp_file_size 2048m; + } +} diff --git a/config/nginx/proxy-confs/photoprism.subdomain.conf b/config/nginx/proxy-confs/photoprism.subdomain.conf new file mode 100644 index 0000000..bd0105c --- /dev/null +++ b/config/nginx/proxy-confs/photoprism.subdomain.conf @@ -0,0 +1,42 @@ +## Version 2021/05/18 +# Ensure your DNS has a CNAME set for Photoprism and that Photoprism container is not using a base URL. + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name photos.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app photoprism; + set $upstream_port 2342; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + +} diff --git a/config/nginx/proxy-confs/pihole.subfolder.conf b/config/nginx/proxy-confs/pihole.subfolder.conf new file mode 100644 index 0000000..ddcf4e4 --- /dev/null +++ b/config/nginx/proxy-confs/pihole.subfolder.conf @@ -0,0 +1,55 @@ +# pihole does not require a base url setting + +location /pihole { + return 301 $scheme://$host/pihole/; +} + +location ^~ /pihole/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app pihole; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /pihole(.*) $1 break; + proxy_hide_header X-Frame-Options; +} + +location /pihole/admin { + return 301 $scheme://$host/pihole/admin/; +} + +location ^~ /pihole/admin/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app pihole; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /pihole(.*) $1 break; + proxy_hide_header X-Frame-Options; +} diff --git a/config/nginx/proxy-confs/podgrab.subdomain.conf b/config/nginx/proxy-confs/podgrab.subdomain.conf new file mode 100644 index 0000000..c80f051 --- /dev/null +++ b/config/nginx/proxy-confs/podgrab.subdomain.conf @@ -0,0 +1,41 @@ +## Version 2021/05/18 +# make sure that your dns has a cname set for podgrab and that your podgrab container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name pod.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app podgrab; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + +} diff --git a/config/nginx/proxy-confs/portainer.subdomain.conf b/config/nginx/proxy-confs/portainer.subdomain.conf new file mode 100644 index 0000000..115cd43 --- /dev/null +++ b/config/nginx/proxy-confs/portainer.subdomain.conf @@ -0,0 +1,62 @@ +# make sure that your dns has a cname set for portainer + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name portain.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app portainer; + set $upstream_port 9000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 + } + + location /api/websocket/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app portainer; + set $upstream_port 9000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 + } +} diff --git a/config/nginx/proxy-confs/portainer.subfolder.conf b/config/nginx/proxy-confs/portainer.subfolder.conf new file mode 100644 index 0000000..fafed86 --- /dev/null +++ b/config/nginx/proxy-confs/portainer.subfolder.conf @@ -0,0 +1,40 @@ +# portainer does not require a base url setting + +location /portainer { + return 301 $scheme://$host/portainer/; +} + +location ^~ /portainer/ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app portainer; + set $upstream_port 9000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /portainer(.*) $1 break; + proxy_hide_header X-Frame-Options; # Possibly nott needed after Portainer 1.20.0 +} + +location ^~ /portainer/api/websocket/ { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app portainer; + set $upstream_port 9000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /portainer(.*) $1 break; + proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0 +} diff --git a/config/nginx/proxy-confs/pyload.subdomain.conf b/config/nginx/proxy-confs/pyload.subdomain.conf new file mode 100644 index 0000000..1185273 --- /dev/null +++ b/config/nginx/proxy-confs/pyload.subdomain.conf @@ -0,0 +1,40 @@ +## Version 2020/12/09 +# make sure that your dns has a cname set for pyload and that your pyload container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name download.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + #include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app pyload; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/config/nginx/proxy-confs/qbittorrent.subdomain.conf b/config/nginx/proxy-confs/qbittorrent.subdomain.conf new file mode 100644 index 0000000..5c6c847 --- /dev/null +++ b/config/nginx/proxy-confs/qbittorrent.subdomain.conf @@ -0,0 +1,112 @@ +## Version 2021/05/18 +# make sure that your dns has a cname set for qbittorrent and that your qbittorrent container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name torrent.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app qbittorrent; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_set_header Referer ''; + proxy_set_header Host $upstream_app:$upstream_port; + } + + location ~ (/qbittorrent)?/api { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app qbittorrent; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /qbittorrent(.*) $1 break; + + proxy_set_header Referer ''; + proxy_set_header Host $upstream_app:$upstream_port; + } + + location ~ (/qbittorrent)?/command { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app qbittorrent; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /qbittorrent(.*) $1 break; + + proxy_set_header Referer ''; + proxy_set_header Host $upstream_app:$upstream_port; + } + + location ~ (/qbittorrent)?/query { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app qbittorrent; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /qbittorrent(.*) $1 break; + + proxy_set_header Referer ''; + proxy_set_header Host $upstream_app:$upstream_port; + } + + location ~ (/qbittorrent)?/login { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app qbittorrent; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /qbittorrent(.*) $1 break; + + proxy_set_header Referer ''; + proxy_set_header Host $upstream_app:$upstream_port; + } + + location ~ (/qbittorrent)?/sync { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app qbittorrent; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + rewrite /qbittorrent(.*) $1 break; + + proxy_set_header Referer ''; + proxy_set_header Host $upstream_app:$upstream_port; + } +} diff --git a/config/nginx/proxy-confs/syncthing.subdomain.conf b/config/nginx/proxy-confs/syncthing.subdomain.conf new file mode 100644 index 0000000..94ad745 --- /dev/null +++ b/config/nginx/proxy-confs/syncthing.subdomain.conf @@ -0,0 +1,39 @@ +## Version 2020/12/09 +# make sure that your dns has a cname set for syncthing and that your syncthing container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name sync.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app syncthing; + set $upstream_port 8384; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/config/nginx/proxy-confs/wekan.subdomain.conf b/config/nginx/proxy-confs/wekan.subdomain.conf new file mode 100644 index 0000000..08022bb --- /dev/null +++ b/config/nginx/proxy-confs/wekan.subdomain.conf @@ -0,0 +1,57 @@ +## Version 2021/05/18 +# REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template. +# REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for and replace them. Review other sample files to see how things are done. +# REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings. +# make sure that your dns has a cname set for wekan and that your wekan container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name tasks.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app wekan; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above. + } + + # REMOVE THIS LINE BEFORE SUBMITTING: Some proxies require one or more additional location blocks for things like API or RPC endpoints. + # REMOVE THIS LINE BEFORE SUBMITTING: If the proxy you are making a sample for does not require an additional location block please remove the commented out section below. + # location ~ (/wekan)?/api { + # include /config/nginx/proxy.conf; + # include /config/nginx/resolver.conf; + # set $upstream_app wekan; + # set $upstream_port 8080; + # set $upstream_proto http; + # proxy_pass $upstream_proto://$upstream_app:$upstream_port; + # + # # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above. + # } +} diff --git a/config/nginx/proxy-confs/wikijs.subdomain.conf b/config/nginx/proxy-confs/wikijs.subdomain.conf new file mode 100644 index 0000000..7608aaf --- /dev/null +++ b/config/nginx/proxy-confs/wikijs.subdomain.conf @@ -0,0 +1,41 @@ +## Version 2020/12/09 +# First complete the setup by appending install.php to URL. +# Make sure that your dns has a cname set for wikijs + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name wiki.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + #enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + #enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + #enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app wikijs; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/config/nginx/proxy-confs/wireguard.subdomain.conf b/config/nginx/proxy-confs/wireguard.subdomain.conf new file mode 100644 index 0000000..0ea302d --- /dev/null +++ b/config/nginx/proxy-confs/wireguard.subdomain.conf @@ -0,0 +1,39 @@ +## Version 2021/05/18 + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name vpn.*; + + include /config/nginx/ssl.conf; + + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Pukeko! Pukeko?"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app wireguard; + set $upstream_port 51821; + set $upstream_proto http; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + } +} diff --git a/docker-compose.yml b/docker-compose.yml index 3c66871..aa7b2ce 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,7 +10,7 @@ services: - PGID=1000 - TZ=Asia/Jerusalem - URL=pukeko.xyz #optional - - SUBDOMAINS=cloud,git,photos,stream,vault,wiki,grocy,torrent,ler,pod,sync,files,code,tasks,notes,news + - SUBDOMAINS=cloud,git,photos,stream,vault,wiki,grocy,torrent,ler,pod,sync,files,tasks,notes,news,vpn - VALIDATION=dns - DNSPLUGIN=cloudflare #optional #- PROPAGATION=100 #optional @@ -19,6 +19,7 @@ services: - ONLY_SUBDOMAINS=false #optional #- EXTRA_DOMAINS= - STAGING=false #optional + - DOCKER_MODS=linuxserver/mods:swag-auto-reload volumes: - /Red-Vol/Media/Containers/swag/config:/config ports: