shmick/docker
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

Adding auto-reload; updating subdomains; add proxy configuration files

Browse Source
This commit is contained in:
shmick
2021-09-24 14:42:24 +03:00
parent efeedb649f
commit 6f763726c0
28 changed files with 1348 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,2 +1,3 @@
*
!docker-compose.yml
!config/nginx/proxy-confs/*.conf

82
config/nginx/proxy-confs/bitwarden.subdomain.conf Normal file
View File

@@ -0,0 +1,82 @@
# make sure that your dns has a cname set for bitwarden and that your bitwarden container is not using a base url
# make sure your bitwarden container is named "bitwarden"
# set the environment variable WEBSOCKET_ENABLED=true on your bitwarden container
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name vault.*;
include /config/nginx/ssl.conf;
client_max_body_size 128M;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /admin {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /notifications/hub {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app vaultwarden;
set $upstream_port 3012;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /notifications/hub/negotiate {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app vaultwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

47
config/nginx/proxy-confs/bitwarden.subfolder.conf Normal file
View File

@@ -0,0 +1,47 @@
## Version 2021/02/05
## Environmental Variable DOMAIN=https://<DOMAIN>/bitwarden must be set in bitwarden container including subfolder.
## This is using ports 80 and 3012
location /bitwarden {
return 301 $scheme://$host/bitwarden/;
}
location ^~ /bitwarden/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app bitwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /notifications/hub {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app bitwarden;
set $upstream_port 3012;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /notifications/hub/negotiate {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app bitwarden;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}

40
config/nginx/proxy-confs/code-server.subdomain.conf Normal file
View File

@@ -0,0 +1,40 @@
## Version 2021/05/18
# make sure that your dns has a cname set for code-server
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name code.* "~^[0-9]{1,10}\.code-server\..*$";
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app code;
set $upstream_port 8443;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

40
config/nginx/proxy-confs/dillinger.subdomain.conf Normal file
View File

@@ -0,0 +1,40 @@
## Version 2021/05/18
# make sure that your dns has a cname set for dillinger
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name notes.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app dillinger;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

66
config/nginx/proxy-confs/filebrowser.subdomain.conf Normal file
View File

@@ -0,0 +1,66 @@
## Version 2021/05/18
# make sure that your dns has a cname set for filebrowser and that your filebrowser container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name files.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app filebrowser;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/filebrowser)?/api/public {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app filebrowser;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/filebrowser)?/share {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app filebrowser;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ~ (/filebrowser)?/static {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app filebrowser;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

55
config/nginx/proxy-confs/freshrss.subdomain.conf Normal file
View File

@@ -0,0 +1,55 @@
## Version 2021/07/08
# make sure that your dns has a cname set for freshrss
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name news.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app freshrss;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_buffering off;
proxy_set_header X-Forwarded-Port $server_port;
proxy_cookie_path / "/; HTTPOnly; Secure";
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
}
location ~ (/freshrss)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app freshrss;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

43
config/nginx/proxy-confs/gitea.subdomain.conf Normal file
View File

@@ -0,0 +1,43 @@
# make sure that your dns has a cname set for gitea and the following parameters in /data/gitea/conf/app.ini are edited
# [server]
# SSH_DOMAIN = gitea.server.com
# ROOT_URL = https://gitea.server.com/
# DOMAIN = gitea.server.com
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name git.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app gitea;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

20
config/nginx/proxy-confs/gitea.subfolder.conf Normal file
View File

@@ -0,0 +1,20 @@
# The following parameters in /data/gitea/conf/app.ini should be edited to match your setup
# [server]
# SSH_DOMAIN = example.com:2222
# ROOT_URL = https://example.com/gitea/
# DOMAIN = example.com
location /gitea {
return 301 $scheme://$host/gitea/;
}
location ^~ /gitea/ {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app gitea;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /gitea(.*) $1 break;
}

39
config/nginx/proxy-confs/grocy.subdomain.conf Normal file
View File

@@ -0,0 +1,39 @@
## Version 2020/12/09
# make sure that your dns has a cname set for grocy
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name grocy.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app grocy;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

23
config/nginx/proxy-confs/homer.subfolder.conf Normal file
View File

@@ -0,0 +1,23 @@
## Version 2020/12/09
# In order to use this location block you need to edit the default file one folder up and comment out the / location
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia, also enable authelia-server.conf in the default site config
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app homer;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}

43
config/nginx/proxy-confs/jackett.subfolder.conf Normal file
View File

@@ -0,0 +1,43 @@
## Version 2020/12/09
# first go into jackett settings, set the URL Base to /jackett and restart the jackett container
location ^~ /jackett {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia, also enable authelia-server.conf in the default site config
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app jackett;
set $upstream_port 9117;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /jackett/api {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app jackett;
set $upstream_port 9117;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /jackett/dl {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app jackett;
set $upstream_port 9117;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}

40
config/nginx/proxy-confs/jekyll.subdomain.conf Normal file
View File

@@ -0,0 +1,40 @@
## Version 2021/05/18
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name ler.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Pukeko! Pukeko?";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app jekyll;
set $upstream_port 4000;
set $upstream_proto http;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

145
config/nginx/proxy-confs/jellyfin.subdomain.conf Normal file
View File

@@ -0,0 +1,145 @@
# make sure that your dns has a cname set for jellyfin
# if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is
# if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app <containername>;"
# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of jellyfin
# in jellyfin settings, under "Advanced/Networking" change the public https port to 443, leave the local ports as is,
# and set the "Secure connection mode" to "Handled by reverse proxy"
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name stream.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app jellyfin;
set $upstream_port 8096;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
}
location ~ (/jellyfin)?/socket {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app jellyfin;
set $upstream_port 8096;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
## Sonarr
## Version 2020/12/09
# first go into sonarr settings, under "General" set the URL Base to /sonarr and restart the sonarr container
location ^~ /sonarr {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia, also enable authelia-server.conf in the default site config
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app sonarr;
set $upstream_port 8989;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /sonarr/api {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app sonarr;
set $upstream_port 8989;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
##Radarr
## Version 2020/12/09
# first go into radarr settings, under "General" set the URL Base to /radarr and restart the radarr container
location ^~ /radarr {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia, also enable authelia-server.conf in the default site config
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app radarr;
set $upstream_port 7878;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /radarr/api {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app radarr;
set $upstream_port 7878;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
##Bazarr
# Version 2020/12/09
# first go into bazarr settings, under "General" set the URL Base to /bazarr/ and restart the bazarr container
location /bazarr {
return 301 $scheme://$host/bazarr/;
}
location ^~ /bazarr/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia, also enable authelia-server.conf in the default site config
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app bazarr;
set $upstream_port 6767;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location ^~ /bazarr/api {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app bazarr;
set $upstream_port 6767;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

58
config/nginx/proxy-confs/joplin.subdomain.conf Normal file
View File

@@ -0,0 +1,58 @@
## Version 2021/05/18
# REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template.
# REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done.
# REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings.
# make sure that your dns has a cname set for <container_name> and that your <container_name> container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name jop.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location /joplin {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app joplin;
set $upstream_port 22300;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header Host $upstream_proto://$upstream_app:$upstream_port;
# REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
}
# REMOVE THIS LINE BEFORE SUBMITTING: Some proxies require one or more additional location blocks for things like API or RPC endpoints.
# REMOVE THIS LINE BEFORE SUBMITTING: If the proxy you are making a sample for does not require an additional location block please remove the commented out section below.
location ~ /joplin?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app joplin;
set $upstream_port 22300;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
}
}

36
config/nginx/proxy-confs/nextcloud.subdomain.conf Normal file
View File

@@ -0,0 +1,36 @@
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
# 'trusted_proxies' => ['swag'],
# 'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
# 'overwritehost' => 'nextcloud.your-domain.com',
# 'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
# array (
# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
# 1 => 'nextcloud.your-domain.com',
# ),
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name cloud.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app nextcloud;
set $upstream_port 443;
set $upstream_proto https;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
#proxy_pass $upstream_proto://cloud:$upstream_port;
proxy_max_temp_file_size 2048m;
}
}

42
config/nginx/proxy-confs/photoprism.subdomain.conf Normal file
View File

@@ -0,0 +1,42 @@
## Version 2021/05/18
# Ensure your DNS has a CNAME set for Photoprism and that Photoprism container is not using a base URL.
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name photos.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app photoprism;
set $upstream_port 2342;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

55
config/nginx/proxy-confs/pihole.subfolder.conf Normal file
View File

@@ -0,0 +1,55 @@
# pihole does not require a base url setting
location /pihole {
return 301 $scheme://$host/pihole/;
}
location ^~ /pihole/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia, also enable authelia-server.conf in the default site config
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app pihole;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /pihole(.*) $1 break;
proxy_hide_header X-Frame-Options;
}
location /pihole/admin {
return 301 $scheme://$host/pihole/admin/;
}
location ^~ /pihole/admin/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia, also enable authelia-server.conf in the default site config
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app pihole;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /pihole(.*) $1 break;
proxy_hide_header X-Frame-Options;
}

41
config/nginx/proxy-confs/podgrab.subdomain.conf Normal file
View File

@@ -0,0 +1,41 @@
## Version 2021/05/18
# make sure that your dns has a cname set for podgrab and that your podgrab container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name pod.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app podgrab;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

62
config/nginx/proxy-confs/portainer.subdomain.conf Normal file
View File

@@ -0,0 +1,62 @@
# make sure that your dns has a cname set for portainer
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name portain.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app portainer;
set $upstream_port 9000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
}
location /api/websocket/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app portainer;
set $upstream_port 9000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
}
}

40
config/nginx/proxy-confs/portainer.subfolder.conf Normal file
View File

@@ -0,0 +1,40 @@
# portainer does not require a base url setting
location /portainer {
return 301 $scheme://$host/portainer/;
}
location ^~ /portainer/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia, also enable authelia-server.conf in the default site config
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app portainer;
set $upstream_port 9000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /portainer(.*) $1 break;
proxy_hide_header X-Frame-Options; # Possibly nott needed after Portainer 1.20.0
}
location ^~ /portainer/api/websocket/ {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app portainer;
set $upstream_port 9000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /portainer(.*) $1 break;
proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
}

40
config/nginx/proxy-confs/pyload.subdomain.conf Normal file
View File

@@ -0,0 +1,40 @@
## Version 2020/12/09
# make sure that your dns has a cname set for pyload and that your pyload container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name download.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app pyload;
set $upstream_port 8000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

112
config/nginx/proxy-confs/qbittorrent.subdomain.conf Normal file
View File

@@ -0,0 +1,112 @@
## Version 2021/05/18
# make sure that your dns has a cname set for qbittorrent and that your qbittorrent container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name torrent.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app qbittorrent;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port;
}
location ~ (/qbittorrent)?/api {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app qbittorrent;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port;
}
location ~ (/qbittorrent)?/command {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app qbittorrent;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port;
}
location ~ (/qbittorrent)?/query {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app qbittorrent;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port;
}
location ~ (/qbittorrent)?/login {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app qbittorrent;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port;
}
location ~ (/qbittorrent)?/sync {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app qbittorrent;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /qbittorrent(.*) $1 break;
proxy_set_header Referer '';
proxy_set_header Host $upstream_app:$upstream_port;
}
}

39
config/nginx/proxy-confs/syncthing.subdomain.conf Normal file
View File

@@ -0,0 +1,39 @@
## Version 2020/12/09
# make sure that your dns has a cname set for syncthing and that your syncthing container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name sync.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app syncthing;
set $upstream_port 8384;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

57
config/nginx/proxy-confs/wekan.subdomain.conf Normal file
View File

@@ -0,0 +1,57 @@
## Version 2021/05/18
# REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template.
# REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done.
# REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings.
# make sure that your dns has a cname set for wekan and that your wekan container is not using a base url
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name tasks.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app wekan;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
}
# REMOVE THIS LINE BEFORE SUBMITTING: Some proxies require one or more additional location blocks for things like API or RPC endpoints.
# REMOVE THIS LINE BEFORE SUBMITTING: If the proxy you are making a sample for does not require an additional location block please remove the commented out section below.
# location ~ (/wekan)?/api {
# include /config/nginx/proxy.conf;
# include /config/nginx/resolver.conf;
# set $upstream_app wekan;
# set $upstream_port 8080;
# set $upstream_proto http;
# proxy_pass $upstream_proto://$upstream_app:$upstream_port;
#
# # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
# }
}

41
config/nginx/proxy-confs/wikijs.subdomain.conf Normal file
View File

@@ -0,0 +1,41 @@
## Version 2020/12/09
# First complete the setup by appending install.php to URL.
# Make sure that your dns has a cname set for wikijs
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name wiki.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
#enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
#enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
#enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app wikijs;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

39
config/nginx/proxy-confs/wireguard.subdomain.conf Normal file
View File

@@ -0,0 +1,39 @@
## Version 2021/05/18
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name vpn.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Pukeko! Pukeko?";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app wireguard;
set $upstream_port 51821;
set $upstream_proto http;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}

3
docker-compose.yml
View File

@@ -10,7 +10,7 @@ services:
- PGID=1000
- TZ=Asia/Jerusalem
- URL=pukeko.xyz #optional
- SUBDOMAINS=cloud,git,photos,stream,vault,wiki,grocy,torrent,ler,pod,sync,files,code,tasks,notes,news
- SUBDOMAINS=cloud,git,photos,stream,vault,wiki,grocy,torrent,ler,pod,sync,files,tasks,notes,news,vpn
- VALIDATION=dns
- DNSPLUGIN=cloudflare #optional
#- PROPAGATION=100 #optional
@@ -19,6 +19,7 @@ services:
- ONLY_SUBDOMAINS=false #optional
#- EXTRA_DOMAINS=
- STAGING=false #optional
- DOCKER_MODS=linuxserver/mods:swag-auto-reload
volumes:
- /Red-Vol/Media/Containers/swag/config:/config
ports: