diff --git a/config/nginx/proxy-confs/code-server.subdomain.conf b/config/nginx/proxy-confs/code-server.subdomain.conf deleted file mode 100644 index 1b2b8fc..0000000 --- a/config/nginx/proxy-confs/code-server.subdomain.conf +++ /dev/null @@ -1,40 +0,0 @@ -## Version 2021/05/18 -# make sure that your dns has a cname set for code-server - -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name code.* "~^[0-9]{1,10}\.code-server\..*$"; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth, fill in ldap details in ldap.conf - #include /config/nginx/ldap.conf; - - # enable for Authelia - include /config/nginx/authelia-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable the next two lines for ldap auth - #auth_request /auth; - #error_page 401 =200 /ldaplogin; - - # enable for Authelia - include /config/nginx/authelia-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app code; - set $upstream_port 8443; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } -} diff --git a/config/nginx/proxy-confs/filebrowser.subdomain.conf b/config/nginx/proxy-confs/filebrowser.subdomain.conf index 1ca05bf..3267461 100644 --- a/config/nginx/proxy-confs/filebrowser.subdomain.conf +++ b/config/nginx/proxy-confs/filebrowser.subdomain.conf @@ -5,7 +5,7 @@ server { listen 443 ssl; listen [::]:443 ssl; - server_name files.*; + server_name cloud.*; include /config/nginx/ssl.conf; diff --git a/config/nginx/proxy-confs/jellyfin.subdomain.conf b/config/nginx/proxy-confs/jellyfin.subdomain.conf index 9916f33..12d6cd8 100644 --- a/config/nginx/proxy-confs/jellyfin.subdomain.conf +++ b/config/nginx/proxy-confs/jellyfin.subdomain.conf @@ -1,3 +1,4 @@ +## Version 2021/05/18 # make sure that your dns has a cname set for jellyfin # if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is # if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app ;" @@ -17,7 +18,7 @@ server { location / { include /config/nginx/proxy.conf; - resolver 127.0.0.11 valid=30s; + include /config/nginx/resolver.conf; set $upstream_app jellyfin; set $upstream_port 8096; set $upstream_proto http; @@ -29,117 +30,11 @@ server { location ~ (/jellyfin)?/socket { include /config/nginx/proxy.conf; - resolver 127.0.0.11 valid=30s; + include /config/nginx/resolver.conf; set $upstream_app jellyfin; set $upstream_port 8096; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - ## Sonarr - ## Version 2020/12/09 -# first go into sonarr settings, under "General" set the URL Base to /sonarr and restart the sonarr container - -location ^~ /sonarr { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf - #auth_request /auth; - #error_page 401 =200 /ldaplogin; - - # enable for Authelia, also enable authelia-server.conf in the default site config - #include /config/nginx/authelia-location.conf; - - include /config/nginx/proxy.conf; - resolver 127.0.0.11 valid=30s; - set $upstream_app sonarr; - set $upstream_port 8989; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /sonarr/api { - include /config/nginx/proxy.conf; - resolver 127.0.0.11 valid=30s; - set $upstream_app sonarr; - set $upstream_port 8989; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} -##Radarr -## Version 2020/12/09 -# first go into radarr settings, under "General" set the URL Base to /radarr and restart the radarr container - -location ^~ /radarr { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf - #auth_request /auth; - #error_page 401 =200 /ldaplogin; - - # enable for Authelia, also enable authelia-server.conf in the default site config - #include /config/nginx/authelia-location.conf; - - include /config/nginx/proxy.conf; - resolver 127.0.0.11 valid=30s; - set $upstream_app radarr; - set $upstream_port 7878; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /radarr/api { - include /config/nginx/proxy.conf; - resolver 127.0.0.11 valid=30s; - set $upstream_app radarr; - set $upstream_port 7878; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} -##Bazarr -# Version 2020/12/09 -# first go into bazarr settings, under "General" set the URL Base to /bazarr/ and restart the bazarr container - -location /bazarr { - return 301 $scheme://$host/bazarr/; -} - -location ^~ /bazarr/ { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf - #auth_request /auth; - #error_page 401 =200 /ldaplogin; - - # enable for Authelia, also enable authelia-server.conf in the default site config - #include /config/nginx/authelia-location.conf; - - include /config/nginx/proxy.conf; - resolver 127.0.0.11 valid=30s; - set $upstream_app bazarr; - set $upstream_port 6767; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} - -location ^~ /bazarr/api { - include /config/nginx/proxy.conf; - resolver 127.0.0.11 valid=30s; - set $upstream_app bazarr; - set $upstream_port 6767; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - -} } diff --git a/config/nginx/proxy-confs/nextcloud.subdomain.conf b/config/nginx/proxy-confs/nextcloud.subdomain.conf deleted file mode 100644 index d13c490..0000000 --- a/config/nginx/proxy-confs/nextcloud.subdomain.conf +++ /dev/null @@ -1,36 +0,0 @@ -# make sure that your dns has a cname set for nextcloud -# assuming this container is called "swag", edit your nextcloud container's config -# located at /config/www/nextcloud/config/config.php and add the following lines before the ");": -# 'trusted_proxies' => ['swag'], -# 'overwrite.cli.url' => 'https://nextcloud.your-domain.com/', -# 'overwritehost' => 'nextcloud.your-domain.com', -# 'overwriteprotocol' => 'https', -# -# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: -# array ( -# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. -# 1 => 'nextcloud.your-domain.com', -# ), - -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name cloud.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - location / { - include /config/nginx/proxy.conf; - resolver 127.0.0.11 valid=30s; - set $upstream_app nextcloud; - set $upstream_port 443; - set $upstream_proto https; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - #proxy_pass $upstream_proto://cloud:$upstream_port; - - proxy_max_temp_file_size 2048m; - } -} diff --git a/config/nginx/proxy-confs/photoprism.subdomain.conf b/config/nginx/proxy-confs/photoprism.subdomain.conf index bd0105c..342b094 100644 --- a/config/nginx/proxy-confs/photoprism.subdomain.conf +++ b/config/nginx/proxy-confs/photoprism.subdomain.conf @@ -37,6 +37,4 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } - - } diff --git a/config/nginx/proxy-confs/wireguard.subdomain.conf b/config/nginx/proxy-confs/wireguard.subdomain.conf index 0ea302d..155a2ba 100644 --- a/config/nginx/proxy-confs/wireguard.subdomain.conf +++ b/config/nginx/proxy-confs/wireguard.subdomain.conf @@ -4,7 +4,7 @@ server { listen 443 ssl; listen [::]:443 ssl; - server_name vpn.*; + server_name secure.*; include /config/nginx/ssl.conf; diff --git a/docker-compose.yml b/docker-compose.yml index aa7b2ce..3fc4f32 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,7 +10,7 @@ services: - PGID=1000 - TZ=Asia/Jerusalem - URL=pukeko.xyz #optional - - SUBDOMAINS=cloud,git,photos,stream,vault,wiki,grocy,torrent,ler,pod,sync,files,tasks,notes,news,vpn + - SUBDOMAINS=cloud,git,photos,stream,vault,wiki,grocy,torrent,ler,pod,sync,tasks,notes,news,secure,flight,monitor,tv,movies,subtitles,index,portain - VALIDATION=dns - DNSPLUGIN=cloudflare #optional #- PROPAGATION=100 #optional @@ -42,9 +42,19 @@ services: container_name: authelia environment: - TZ=Asia/Jerusalem + - AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE=/run/secrets/private_key volumes: - ./authelia:/config restart: unless-stopped + secrets: + - hmac + - private_key +secrets: + hmac: + file: ./authelia/secrets/hmac + private_key: + file: ./authelia/secrets/issuer_private_key + networks: default: - name: gerbil_network + name: takahe_network