nginx

2022-08-04 19:32:51 -05:00
parent dcf42399b5
commit 6ec0a5066f
6 changed files with 306 additions and 0 deletions
--- a/store/swag/nginx/proxy-confs/gitea.subfolder.conf
+++ b/store/swag/nginx/proxy-confs/gitea.subfolder.conf
@@ -0,0 +1,22 @@
+## Version 2021/05/18
+# The following parameters in /data/gitea/conf/app.ini should be edited to match your setup
+# [server]
+# SSH_DOMAIN       = example.com:2222
+# ROOT_URL         = https://example.com/gitea/
+# DOMAIN           = example.com
+
+location /git {
+    return 301 $scheme://$host/gitea/;
+}
+
+location ^~ /git/ {
+    client_max_body_size 0;
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app gitea;
+    set $upstream_port 3000;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /git(.*) $1 break;
+}
--- a/store/swag/nginx/proxy-confs/jellyfin.subfolder.conf
+++ b/store/swag/nginx/proxy-confs/jellyfin.subfolder.conf
@@ -0,0 +1,24 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for jellyfin
+# if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is
+# if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app <containername>;"
+# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of jellyfin
+# in jellyfin settings, under "Advanced/Networking" change the public https port to 443, leave the local ports as is, set the base url to "/jellyfin",
+# and set the "Secure connection mode" to "Handled by reverse proxy"
+
+location /jellyfin {
+    return 301 $scheme://$host/jellyfin/;
+}
+
+location ^~ /jellyfin/ {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app jellyfin;
+    set $upstream_port 8096;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range;
+    proxy_buffering off;
+}
--- a/store/swag/nginx/proxy-confs/nextcloud.subfolder.conf
+++ b/store/swag/nginx/proxy-confs/nextcloud.subfolder.conf
@@ -0,0 +1,54 @@
+## Version 2021/07/14
+# Assuming this container is called "swag", edit your nextcloud container's config
+# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
+#  'trusted_proxies' => ['swag'],
+#  'overwritewebroot' => '/nextcloud',
+#  'overwrite.cli.url' => 'https://your-domain.com/nextcloud',
+#
+# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
+#  array (
+#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
+#    1 => 'your-domain.com',
+#  ),
+location ^~ /.well-known {
+	client_max_body_size 0;
+        # The rules in this block are an adaptation of the rules
+        # in the Nextcloud `.htaccess` that concern `/.well-known`.
+
+        location = /.well-known/carddav { return 301 /nextcloud/remote.php/dav/; }
+        location = /.well-known/caldav  { return 301 /nextcloud/remote.php/dav/; }
+
+        # Let Nextcloud's API for `/.well-known` URIs handle all other
+        # requests by passing them to the front-end controller.
+        return 301 /nextcloud/index.php$request_uri;
+    }
+
+location ^~ /nextcloud/ {
+    client_max_body_size 0;
+    fastcgi_buffers 64 4K;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app nextcloud;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
+
+    rewrite /nextcloud(.*) $1 break;
+    proxy_max_temp_file_size 2048m;
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range;
+    proxy_ssl_session_reuse off;
+
+#    add_header Referrer-Policy                      "no-referrer"   always;
+#    add_header X-Content-Type-Options               "nosniff"       always;
+#    add_header X-Download-Options                   "noopen"        always;
+#    add_header X-Frame-Options                      "SAMEORIGIN"    always;
+#    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
+#    add_header X-Robots-Tag                         "none"          always;
+#    add_header X-XSS-Protection                     "1; mode=block" always;
+
+#    fastcgi_hide_header X-Powered-By;
+}