nginx

store/swag/nginx/nginx.conf

@@ -0,0 +1,172 @@
+## Version 2022/01/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf
+
+#user poslop;
+
+# Set number of worker processes automatically based on number of CPU cores.
+include /config/nginx/worker_processes.conf;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Configures default error logger.
+error_log /config/log/nginx/error.log;
+
+# Includes files with directives to load dynamic modules.
+include /etc/nginx/modules/*.conf;
+
+events {
+    # The maximum number of simultaneous connections that can be opened by
+    # a worker process.
+    worker_connections 1024;
+    # multi_accept on;
+}
+
+http {
+    # Includes mapping of file name extensions to MIME types of responses
+    # and defines the default type.
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Name servers used to resolve names of upstream servers into addresses.
+    # It's also needed when using tcpsocket and udpsocket in Lua modules.
+    #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
+    include /config/nginx/resolver.conf;
+
+    # Don't tell nginx version to the clients. Default is 'on'.
+    server_tokens off;
+
+    # Specifies the maximum accepted body size of a client request, as
+    # indicated by the request header Content-Length. If the stated content
+    # length is greater than this size, then the client receives the HTTP
+    # error code 413. Set to 0 to disable. Default is '1m'.
+    client_max_body_size 0;
+
+    # Sendfile copies data between one FD and other from within the kernel,
+    # which is more efficient than read() + write(). Default is off.
+    sendfile on;
+
+    # Causes nginx to attempt to send its HTTP response head in one packet,
+    # instead of using partial frames. Default is 'off'.
+    tcp_nopush on;
+
+    # Helper variable for proxying websockets.
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        '' close;
+    }
+
+
+    # Saves unauthorized log messages to a separate log file
+    map $status $unauthorized {
+        default 0;
+        ~^401  1;
+    }
+    access_log /config/log/nginx/unauthorized.log combined if=$unauthorized;
+    
+    # Sets the path, format, and configuration for a buffered log write.
+    access_log /config/log/nginx/access.log;
+
+    # Includes virtual hosts configs.
+    #include /etc/nginx/http.d/*.conf;
+
+    # WARNING: Don't use this directory for virtual hosts anymore.
+    # This include will be moved to the root context in Alpine 3.14.
+    #include /etc/nginx/conf.d/*.conf;
+
+
+    ##
+    # Basic Settings
+    ##
+
+    client_body_buffer_size 128k;
+    keepalive_timeout 65;
+    large_client_header_buffers 4 16k;
+    send_timeout 5m;
+    tcp_nodelay on;
+    types_hash_max_size 2048;
+    variables_hash_max_size 2048;
+    # server_names_hash_bucket_size 64;
+    # server_name_in_redirect off;
+
+    ##
+    # Gzip Settings
+    ##
+
+    gzip on;
+    gzip_disable "msie6";
+    # gzip_vary on;
+    # gzip_proxied any;
+    # gzip_comp_level 6;
+    # gzip_buffers 16 8k;
+    # gzip_http_version 1.1;
+    # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+    ##
+    # nginx-naxsi config
+    ##
+    # Uncomment it if you installed nginx-naxsi
+    ##
+
+    #include /etc/nginx/naxsi_core.rules;
+
+    ##
+    # nginx-passenger config
+    ##
+    # Uncomment it if you installed nginx-passenger
+    ##
+
+    #passenger_root /usr;
+    #passenger_ruby /usr/bin/ruby;
+
+    ##
+    # Virtual Host Configs
+    ##
+    include /config/nginx/site-confs/*;
+    #Removed lua. Do not remove this comment
+
+
+ server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    root /config/www;
+    index index.html index.htm index.php;
+
+    server_name mintyserver.net;
+
+    client_body_temp_path /tmp/nginx 1 2;
+    proxy_temp_path /tmp/nginx-proxy;
+    fastcgi_temp_path /tmp/nginx-fastcgi;
+    uwsgi_temp_path /tmp/nginx-uwsgi;
+    scgi_temp_path /tmp/nginx-scgi;
+
+    include /config/nginx/ssl.conf;
+
+    include /config/nginx/proxy-confs/*.conf;
+    }
+}
+
+#mail {
+#    # See sample authentication script at:
+#    # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+#    # auth_http localhost/auth.php;
+#    # pop3_capabilities "TOP" "USER";
+#    # imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+#    server {
+#        listen     localhost:110;
+#        protocol   pop3;
+#        proxy      on;
+#    }
+#
+#    server {
+#        listen     localhost:143;
+#        protocol   imap;
+#        proxy      on;
+#    }
+#}
+
+daemon off;
+pid /run/nginx.pid;
+

store/swag/nginx/proxy-confs/gitea.subfolder.conf

@@ -0,0 +1,22 @@
+## Version 2021/05/18
+# The following parameters in /data/gitea/conf/app.ini should be edited to match your setup
+# [server]
+# SSH_DOMAIN       = example.com:2222
+# ROOT_URL         = https://example.com/gitea/
+# DOMAIN           = example.com
+
+location /git {
+    return 301 $scheme://$host/gitea/;
+}
+
+location ^~ /git/ {
+    client_max_body_size 0;
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app gitea;
+    set $upstream_port 3000;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /git(.*) $1 break;
+}

store/swag/nginx/proxy-confs/jellyfin.subfolder.conf

@@ -0,0 +1,24 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for jellyfin
+# if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is
+# if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app <containername>;"
+# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of jellyfin
+# in jellyfin settings, under "Advanced/Networking" change the public https port to 443, leave the local ports as is, set the base url to "/jellyfin",
+# and set the "Secure connection mode" to "Handled by reverse proxy"
+
+location /jellyfin {
+    return 301 $scheme://$host/jellyfin/;
+}
+
+location ^~ /jellyfin/ {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app jellyfin;
+    set $upstream_port 8096;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range;
+    proxy_buffering off;
+}

store/swag/nginx/proxy-confs/nextcloud.subfolder.conf

@@ -0,0 +1,54 @@
+## Version 2021/07/14
+# Assuming this container is called "swag", edit your nextcloud container's config
+# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
+#  'trusted_proxies' => ['swag'],
+#  'overwritewebroot' => '/nextcloud',
+#  'overwrite.cli.url' => 'https://your-domain.com/nextcloud',
+#
+# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
+#  array (
+#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
+#    1 => 'your-domain.com',
+#  ),
+location ^~ /.well-known {
+	client_max_body_size 0;
+        # The rules in this block are an adaptation of the rules
+        # in the Nextcloud `.htaccess` that concern `/.well-known`.
+
+        location = /.well-known/carddav { return 301 /nextcloud/remote.php/dav/; }
+        location = /.well-known/caldav  { return 301 /nextcloud/remote.php/dav/; }
+
+        # Let Nextcloud's API for `/.well-known` URIs handle all other
+        # requests by passing them to the front-end controller.
+        return 301 /nextcloud/index.php$request_uri;
+    }
+
+location ^~ /nextcloud/ {
+    client_max_body_size 0;
+    fastcgi_buffers 64 4K;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app nextcloud;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
+
+    rewrite /nextcloud(.*) $1 break;
+    proxy_max_temp_file_size 2048m;
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range;
+    proxy_ssl_session_reuse off;
+
+#    add_header Referrer-Policy                      "no-referrer"   always;
+#    add_header X-Content-Type-Options               "nosniff"       always;
+#    add_header X-Download-Options                   "noopen"        always;
+#    add_header X-Frame-Options                      "SAMEORIGIN"    always;
+#    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
+#    add_header X-Robots-Tag                         "none"          always;
+#    add_header X-XSS-Protection                     "1; mode=block" always;
+
+#    fastcgi_hide_header X-Powered-By;
+}

store/swag/nginx/proxy.conf

@@ -0,0 +1,31 @@
+## Version 2021/10/26 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf
+
+# Timeout if the real server is dead
+proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+
+# Proxy Connection Settings
+proxy_buffers 32 4k;
+proxy_connect_timeout 240;
+proxy_headers_hash_bucket_size 128;
+proxy_headers_hash_max_size 1024;
+proxy_http_version 1.1;
+proxy_read_timeout 240;
+proxy_redirect  http://  $scheme://;
+proxy_send_timeout 240;
+
+# Proxy Cache and Cookie Settings
+proxy_cache_bypass $cookie_session;
+#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
+proxy_no_cache $cookie_session;
+
+# Proxy Header Settings
+proxy_set_header Connection $connection_upgrade;
+proxy_set_header Early-Data $ssl_early_data;
+proxy_set_header Host $host;
+proxy_set_header Proxy "";
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Host $host;
+proxy_set_header X-Forwarded-Proto https;
+proxy_set_header X-Forwarded-Ssl on;
+proxy_set_header X-Real-IP $remote_addr;

store/swag/nginx/resolver.conf

@@ -0,0 +1,3 @@
+# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.
+
+resolver  127.0.0.11 valid=30s;