From e24dfd031c9cea1303f88e83b4169be4abf6cd24 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 11 Apr 2020 19:01:50 +0200 Subject: [PATCH] services: migrate to linuxerserver-letsencrypt --- .gitignore | 9 ++ docker-compose.yml | 133 +++--------------- .../nginx/proxy-confs/airsonic.subdomain.conf | 33 +++++ .../nginx/proxy-confs/bazarr.subdomain.conf | 33 +++++ .../proxy-confs/calibre-web.subdomain.conf | 35 +++++ .../nginx/proxy-confs/calibre.subdomain.conf | 35 +++++ .../nginx/proxy-confs/emby.subdomain.conf | 32 +++++ .../nginx/proxy-confs/freshrss.subdomain.conf | 40 ++++++ .../nginx/proxy-confs/jackett.subdomain.conf | 53 +++++++ .../nginx/proxy-confs/lidarr.subdomain.conf | 43 ++++++ .../nginx/proxy-confs/pyload.subdomain.conf | 33 +++++ .../nginx/proxy-confs/radarr.subdomain.conf | 43 ++++++ .../nginx/proxy-confs/sonarr.subdomain.conf | 43 ++++++ .../proxy-confs/transmission.subdomain.conf | 44 ++++++ uploadsize.conf | 1 - 15 files changed, 496 insertions(+), 114 deletions(-) create mode 100644 letsencrypt/nginx/proxy-confs/airsonic.subdomain.conf create mode 100644 letsencrypt/nginx/proxy-confs/bazarr.subdomain.conf create mode 100644 letsencrypt/nginx/proxy-confs/calibre-web.subdomain.conf create mode 100644 letsencrypt/nginx/proxy-confs/calibre.subdomain.conf create mode 100644 letsencrypt/nginx/proxy-confs/emby.subdomain.conf create mode 100644 letsencrypt/nginx/proxy-confs/freshrss.subdomain.conf create mode 100644 letsencrypt/nginx/proxy-confs/jackett.subdomain.conf create mode 100644 letsencrypt/nginx/proxy-confs/lidarr.subdomain.conf create mode 100644 letsencrypt/nginx/proxy-confs/pyload.subdomain.conf create mode 100644 letsencrypt/nginx/proxy-confs/radarr.subdomain.conf create mode 100644 letsencrypt/nginx/proxy-confs/sonarr.subdomain.conf create mode 100644 letsencrypt/nginx/proxy-confs/transmission.subdomain.conf delete mode 100644 uploadsize.conf diff --git a/.gitignore b/.gitignore index b34aef9..c08d9af 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,12 @@ /emby embystat /airsonic + +/letsencrypt/* +!/letsencrypt/nginx/ + +/letsencrypt/nginx/* +!/letsencrypt/nginx/proxy-confs/ + +/letsencrypt/nginx/proxy-confs/*.sample +/letsencrypt/nginx/proxy-confs/README.md diff --git a/docker-compose.yml b/docker-compose.yml index 07434cd..1cb5ea8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,69 +1,48 @@ version: "2" services: - - proxy: - image: jwilder/nginx-proxy - container_name: proxy - restart: unless-stopped - labels: - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" - volumes: - - /var/run/docker.sock:/tmp/docker.sock:ro - - certs:/etc/nginx/certs:rw - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - ./uploadsize.conf:/etc/nginx/conf.d/uploadsize.conf:ro - ports: - - "80:80" - - "443:443" - networks: - - "default" - - "proxy-tier" - - proxy-letsencrypt: - image: jrcs/letsencrypt-nginx-proxy-companion + letsencrypt: + image: linuxserver/letsencrypt container_name: letsencrypt restart: unless-stopped + cap_add: + - NET_ADMIN environment: - - NGINX_PROXY_CONTAINER=proxy + - PUID=1000 + - PGID=1000 + - TZ=Europe/Paris + - URL=belanyi.fr + - SUBDOMAINS=wildcard + - VALIDATION=dns + - DNSPLUGIN=gandi #optional + - EMAIL=brunobelanyi@gmail.com #optional + - DHLEVEL=2048 #optional + - ONLY_SUBDOMAINS=false #optional + - EXTRA_DOMAINS= #optional + - STAGING=false #optional volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - volumes_from: - - "proxy" - depends_on: - - "proxy" - networks: - - "default" - - "proxy-tier" + - ./letsencrypt:/config + ports: + - 443:443 + - 80:80 #optional freshrss: image: linuxserver/freshrss container_name: freshrss restart: unless-stopped environment: - - VIRTUAL_HOST=feed.belanyi.fr - - LETSENCRYPT_HOST=feed.belanyi.fr - - LETSENCRYPT_EMAIL=brunobelanyi@gmail.com - PGID=1001 - PUID=1000 volumes: - ./freshrss:/config ports: - "667:80" - networks: - - "proxy-tier" - - "default" calibre: image: linuxserver/calibre container_name: calibre restart: unless-stopped environment: - - VIRTUAL_HOST=calibre.belanyi.fr - - LETSENCRYPT_HOST=calibre.belanyi.fr - - LETSENCRYPT_EMAIL=brunobelanyi@gmail.com - - VIRTUAL_PORT=8080 - PUID=1000 - PGID=1000 - TZ=Europe/Paris @@ -75,18 +54,12 @@ services: ports: - "8080:8080" #- "8081:8081" - networks: - - "default" - - "proxy-tier" calibre-web: image: linuxserver/calibre-web container_name: calibre-web restart: unless-stopped environment: - - VIRTUAL_HOST=library.belanyi.fr - - LETSENCRYPT_HOST=library.belanyi.fr - - LETSENCRYPT_EMAIL=brunobelanyi@gmail.com - PUID=1000 - PGID=1000 - TZ=Europe/Paris @@ -96,19 +69,12 @@ services: - ./library:/books ports: - "8083:8083" - networks: - - "default" - - "proxy-tier" pyload: image: linuxserver/pyload container_name: pyload restart: unless-stopped environment: - - VIRTUAL_HOST=pyload.belanyi.fr - - LETSENCRYPT_HOST=pyload.belanyi.fr - - LETSENCRYPT_EMAIL=brunobelanyi@gmail.com - - VIRTUAL_PORT=8000 - TZ=Europe/Paris - PUID=1000 - PGID=1000 @@ -118,19 +84,12 @@ services: ports: - 8000:8000 - 7227:7227 #optional - networks: - - "default" - - "proxy-tier" transmission: image: linuxserver/transmission container_name: transmission restart: unless-stopped environment: - - VIRTUAL_HOST=transmission.belanyi.fr - - LETSENCRYPT_HOST=transmission.belanyi.fr - - LETSENCRYPT_EMAIL=brunobelanyi@gmail.com - - VIRTUAL_PORT=9091 - PUID=1000 - PGID=1000 - TZ=Europe/Paris @@ -146,18 +105,12 @@ services: - 9091:9091 - 51413:51413 - 51413:51413/udp - networks: - - "default" - - "proxy-tier" jackett: image: linuxserver/jackett container_name: jackett restart: unless-stopped environment: - - VIRTUAL_HOST=jackett.belanyi.fr - - LETSENCRYPT_HOST=jackett.belanyi.fr - - LETSENCRYPT_EMAIL=brunobelanyi@gmail.com - PUID=1000 - PGID=1000 - TZ=Europe/Paris @@ -166,18 +119,12 @@ services: - ~/downloads/blackhole:/downloads ports: - 9117:9117 - networks: - - "default" - - "proxy-tier" sonarr: image: linuxserver/sonarr container_name: sonarr restart: unless-stopped environment: - - VIRTUAL_HOST=sonarr.belanyi.fr - - LETSENCRYPT_HOST=sonarr.belanyi.fr - - LETSENCRYPT_EMAIL=brunobelanyi@gmail.com - PUID=1000 - PGID=1000 - TZ=Europe/Paris @@ -188,18 +135,12 @@ services: - ~/downloads:/downloads ports: - 8989:8989 - networks: - - "default" - - "proxy-tier" radarr: image: linuxserver/radarr container_name: radarr restart: unless-stopped environment: - - VIRTUAL_HOST=radarr.belanyi.fr - - LETSENCRYPT_HOST=radarr.belanyi.fr - - LETSENCRYPT_EMAIL=brunobelanyi@gmail.com - PUID=1000 - PGID=1000 - TZ=Europe/Paris @@ -210,18 +151,12 @@ services: - ~/downloads:/downloads ports: - 7878:7878 - networks: - - "default" - - "proxy-tier" bazarr: image: linuxserver/bazarr container_name: bazarr restart: unless-stopped environment: - - VIRTUAL_HOST=bazarr.belanyi.fr - - LETSENCRYPT_HOST=bazarr.belanyi.fr - - LETSENCRYPT_EMAIL=brunobelanyi@gmail.com - PUID=1000 - PGID=1000 - TZ=Europe/Paris @@ -232,18 +167,12 @@ services: - ~/videos/shows:/tv ports: - 6767:6767 - networks: - - "default" - - "proxy-tier" lidarr: image: linuxserver/lidarr container_name: lidarr restart: unless-stopped environment: - - VIRTUAL_HOST=lidarr.belanyi.fr - - LETSENCRYPT_HOST=lidarr.belanyi.fr - - LETSENCRYPT_EMAIL=brunobelanyi@gmail.com - PUID=1000 - PGID=1000 - TZ=Europe/Paris @@ -254,19 +183,12 @@ services: - ~/downloads:/downloads ports: - 8686:8686 - networks: - - "default" - - "proxy-tier" quassel-core: image: linuxserver/quassel-core container_name: quassel-core restart: unless-stopped environment: - - VIRTUAL_HOST=quassel.belanyi.fr - - LETSENCRYPT_HOST=quassel.belanyi.fr - - LETSENCRYPT_EMAIL=brunobelanyi@gmail.com - - VIRTUAL_PORT=4242 - PUID=1000 - PGID=1000 - TZ=Europe/Paris @@ -284,10 +206,6 @@ services: container_name: emby restart: unless-stopped environment: - - VIRTUAL_HOST=emby.belanyi.fr - - LETSENCRYPT_HOST=emby.belanyi.fr - - LETSENCRYPT_EMAIL=brunobelanyi@gmail.com - - VIRTUAL_PORT=8096 - PUID=1000 - PGID=1000 - TZ=Europe/Paris @@ -305,9 +223,6 @@ services: container_name: airsonic restart: unless-stopped environment: - - VIRTUAL_HOST=airsonic.belanyi.fr - - LETSENCRYPT_HOST=airsonic.belanyi.fr - - LETSENCRYPT_EMAIL=brunobelanyi@gmail.com - PUID=1000 - PGID=1000 - TZ=Europe/Paris @@ -319,11 +234,3 @@ services: - ~/playlists:/playlists ports: - 4040:4040 - -volumes: - certs: - vhost.d: - html: - -networks: - proxy-tier: diff --git a/letsencrypt/nginx/proxy-confs/airsonic.subdomain.conf b/letsencrypt/nginx/proxy-confs/airsonic.subdomain.conf new file mode 100644 index 0000000..80c1831 --- /dev/null +++ b/letsencrypt/nginx/proxy-confs/airsonic.subdomain.conf @@ -0,0 +1,33 @@ +# make sure that your dns has a cname set for airsonic and that your airsonic container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name airsonic.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app airsonic; + set $upstream_port 4040; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/letsencrypt/nginx/proxy-confs/bazarr.subdomain.conf b/letsencrypt/nginx/proxy-confs/bazarr.subdomain.conf new file mode 100644 index 0000000..c8054a1 --- /dev/null +++ b/letsencrypt/nginx/proxy-confs/bazarr.subdomain.conf @@ -0,0 +1,33 @@ +# make sure that your dns has a cname set for bazarr and that your bazarr container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name bazarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app bazarr; + set $upstream_port 6767; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/letsencrypt/nginx/proxy-confs/calibre-web.subdomain.conf b/letsencrypt/nginx/proxy-confs/calibre-web.subdomain.conf new file mode 100644 index 0000000..4c575e4 --- /dev/null +++ b/letsencrypt/nginx/proxy-confs/calibre-web.subdomain.conf @@ -0,0 +1,35 @@ +# make sure that your dns has a cname set for calibre-web + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name library.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app calibre-web; + set $upstream_port 8083; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_set_header Host $http_host; + proxy_set_header X-Scheme $scheme; + } +} diff --git a/letsencrypt/nginx/proxy-confs/calibre.subdomain.conf b/letsencrypt/nginx/proxy-confs/calibre.subdomain.conf new file mode 100644 index 0000000..8bc93e2 --- /dev/null +++ b/letsencrypt/nginx/proxy-confs/calibre.subdomain.conf @@ -0,0 +1,35 @@ +# make sure that your dns has a cname set for calibre + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name calibre.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + resolver 127.0.0.11 valid=30s; + set $upstream_app calibre; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_buffering off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + } +} diff --git a/letsencrypt/nginx/proxy-confs/emby.subdomain.conf b/letsencrypt/nginx/proxy-confs/emby.subdomain.conf new file mode 100644 index 0000000..b32543c --- /dev/null +++ b/letsencrypt/nginx/proxy-confs/emby.subdomain.conf @@ -0,0 +1,32 @@ +# make sure that your dns has a cname set for emby and that your emby container is not using a base url +# if emby is running in bridge mode and the container is named "emby", the below config should work as is +# if not, replace the line "set $upstream_app emby;" with "set $upstream_app ;" +# or "set $upstream_app ;" for host mode, HOSTIP being the IP address of emby +# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url, +# and set the "Secure connection mode" to "Handled by reverse proxy" + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name emby.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app emby; + set $upstream_port 8096; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + } +} diff --git a/letsencrypt/nginx/proxy-confs/freshrss.subdomain.conf b/letsencrypt/nginx/proxy-confs/freshrss.subdomain.conf new file mode 100644 index 0000000..852faed --- /dev/null +++ b/letsencrypt/nginx/proxy-confs/freshrss.subdomain.conf @@ -0,0 +1,40 @@ +# make sure that your dns has a cname set for freshrss + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name feed.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app freshrss; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_redirect off; + proxy_buffering off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Port $server_port; + proxy_cookie_path / "/; HTTPOnly; Secure"; + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + } +} diff --git a/letsencrypt/nginx/proxy-confs/jackett.subdomain.conf b/letsencrypt/nginx/proxy-confs/jackett.subdomain.conf new file mode 100644 index 0000000..69b4ecd --- /dev/null +++ b/letsencrypt/nginx/proxy-confs/jackett.subdomain.conf @@ -0,0 +1,53 @@ +# make sure that your dns has a cname set for jackett and that your jackett container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name jackett.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app jackett; + set $upstream_port 9117; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/jackett)?/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app jackett; + set $upstream_port 9117; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/jackett)?/dl { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app jackett; + set $upstream_port 9117; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/letsencrypt/nginx/proxy-confs/lidarr.subdomain.conf b/letsencrypt/nginx/proxy-confs/lidarr.subdomain.conf new file mode 100644 index 0000000..36d267c --- /dev/null +++ b/letsencrypt/nginx/proxy-confs/lidarr.subdomain.conf @@ -0,0 +1,43 @@ +# make sure that your dns has a cname set for lidarr and that your lidarr container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name lidarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app lidarr; + set $upstream_port 8686; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/lidarr)?/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app lidarr; + set $upstream_port 8686; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/letsencrypt/nginx/proxy-confs/pyload.subdomain.conf b/letsencrypt/nginx/proxy-confs/pyload.subdomain.conf new file mode 100644 index 0000000..4822cd7 --- /dev/null +++ b/letsencrypt/nginx/proxy-confs/pyload.subdomain.conf @@ -0,0 +1,33 @@ +# make sure that your dns has a cname set for pyload and that your pyload container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name pyload.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app pyload; + set $upstream_port 8000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/letsencrypt/nginx/proxy-confs/radarr.subdomain.conf b/letsencrypt/nginx/proxy-confs/radarr.subdomain.conf new file mode 100644 index 0000000..cccfccf --- /dev/null +++ b/letsencrypt/nginx/proxy-confs/radarr.subdomain.conf @@ -0,0 +1,43 @@ +# make sure that your dns has a cname set for radarr and that your radarr container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name radarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app radarr; + set $upstream_port 7878; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/radarr)?/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app radarr; + set $upstream_port 7878; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/letsencrypt/nginx/proxy-confs/sonarr.subdomain.conf b/letsencrypt/nginx/proxy-confs/sonarr.subdomain.conf new file mode 100644 index 0000000..5ff6e37 --- /dev/null +++ b/letsencrypt/nginx/proxy-confs/sonarr.subdomain.conf @@ -0,0 +1,43 @@ +# make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name sonarr.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app sonarr; + set $upstream_port 8989; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location ~ (/sonarr)?/api { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app sonarr; + set $upstream_port 8989; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/letsencrypt/nginx/proxy-confs/transmission.subdomain.conf b/letsencrypt/nginx/proxy-confs/transmission.subdomain.conf new file mode 100644 index 0000000..54cd511 --- /dev/null +++ b/letsencrypt/nginx/proxy-confs/transmission.subdomain.conf @@ -0,0 +1,44 @@ +# make sure that your dns has a cname set for transmission + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name transmission.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /login; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app transmission; + set $upstream_port 9091; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + proxy_pass_header X-Transmission-Session-Id; + } + + location ~ (/transmission)?/rpc { + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app transmission; + set $upstream_port 9091; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/uploadsize.conf b/uploadsize.conf deleted file mode 100644 index baaa0b2..0000000 --- a/uploadsize.conf +++ /dev/null @@ -1 +0,0 @@ -client_max_body_size 1g;