Skip to content

Instantly share code, notes, and snippets.

@AllySummers

AllySummers/bazarr.nginx

Last active May 6, 2024 15:34
Show Gist options
  • Save AllySummers/18fd44bbcf124a173c525dd770643bf8 to your computer and use it in GitHub Desktop.
Save AllySummers/18fd44bbcf124a173c525dd770643bf8 to your computer and use it in GitHub Desktop.
Download ZIP
emmy nginx
Raw
bazarr.nginx
server {
# Redirect to SSL
set $bazarr_server_name bazarr.emmy.casa;
server_name $bazarr_server_name;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
set $bazarr_server_name bazarr.emmy.casa;
set $bazarr_upstream 192.168.99.255:9999;
server_name $bazarr_server_name;
listen 443 ssl http2;
listen [::]:443 ssl http2;
default_type application/octet-stream;
include mime.types;
keepalive_timeout 65;
sendfile on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://$bazarr_upstream;
proxy_no_cache $cookie_session;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location /api {
auth_request off;
proxy_pass http://$bazarr_upstream/api;
}
}
Raw
deemix.nginx
server {
# Redirect to SSL
set $deemix_server_name deemix.emmy.casa;
set $deemix_upstream 192.168.99.255:9999;
server_name $deemix_server_name;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
set $deemix_server_name deemix.emmy.casa;
set $deemix_upstream 192.168.99.255:9999;
server_name $deemix_server_name;
listen 443 ssl http2;
listen [::]:443 ssl http2;
default_type application/octet-stream;
include mime.types;
keepalive_timeout 65;
sendfile on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://$deemix_upstream;
autoindex on;
proxy_connect_timeout 60;
proxy_no_cache $cookie_session;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header Origin "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Proxy-Port $server_port;
proxy_set_header X-Real-IP $remote_addr;
}
location /api {
auth_request off;
proxy_pass http://$deemix_upstream/api;
}
}
Raw
deluge.nginx
server {
# Redirect to SSL
set $deluge_server_name deluge.emmy.casa;
set $deluge_upstream 192.168.99.255:9999;
server_name $deluge_server_name;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
set $deluge_server_name deluge.emmy.casa;
set $deluge_upstream 192.168.99.255:9999;
server_name $deluge_server_name;
listen 443 ssl http2;
listen [::]:443 ssl http2;
default_type application/octet-stream;
include mime.types;
keepalive_timeout 65;
sendfile on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://$deluge_upstream;
proxy_no_cache $cookie_session;
proxy_http_version 1.1;
proxy_redirect off;
add_header X-Frame-Options SAMEORIGIN;
proxy_set_header X-Deluge-Base "/deluge/";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection $http_connection;
}
location /api {
auth_request off;
proxy_pass http://$deluge_upstream/api;
}
}
Raw
hass.nginx
server {
# Redirect to SSL
set $hass_server_name hass.emmy.casa;
set $hass_upstream 192.168.99.255:9999;
server_name $hass_server_name;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
set $hass_server_name hass.emmy.casa;
set $hass_upstream 192.168.99.255:9999;
server_name $hass_server_name;
listen 443 ssl http2;
listen [::]:443 ssl http2;
default_type application/octet-stream;
include mime.types;
keepalive_timeout 65;
send_timeout 100m;
sendfile on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
client_max_body_size 100M;
gzip on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_vary on;
add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
expires off;
proxy_buffering off;
proxy_cache off;
proxy_cache_bypass 1;
proxy_http_version 1.1;
proxy_no_cache 1;
proxy_redirect off;
location / {
### force timeouts if one of backend is died ##
proxy_next_upstream invalid_header http_500 http_502 http_503 http_504;
proxy_http_version 1.1;
proxy_pass http://$hass_upstream;
proxy_redirect off;
add_header Front-End-Https on;
add_header Strict-Transport-Security "max-age=15552000";
proxy_set_header Accept-Encoding "";
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location /api/websocket {
proxy_pass http://hass_upstream/api/websocket;
proxy_http_version 1.1;
proxy_redirect off;
add_header Front-End-Https on;
add_header Strict-Transport-Security "max-age=15552000";
proxy_set_header Accept-Encoding "";
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
}
Raw
homarr.nginx
server {
# Redirect to SSL
set $homarr_server_name homarr.emmy.casa;
set $homarr_upstream 192.168.99.255:9999;
server_name $homarr_server_name;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
set $homarr_server_name homarr.emmy.casa;
set $homarr_upstream 192.168.99.255:9999;
server_name $homarr_server_name;
listen 443 ssl http2;
listen [::]:443 ssl http2;
default_type application/octet-stream;
include mime.types;
keepalive_timeout 65;
sendfile on;
client_max_body_size 0;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://$homarr_upstream;
proxy_no_cache $cookie_session;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location /api {
auth_request off;
proxy_pass http://$homarr_upstream/api;
}
}
Raw
lidarr.nginx
server {
# Redirect to SSL
set $lidarr_server_name lidarr.emmy.casa;
server_name $lidarr_server_name;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
set $lidarr_server_name lidarr.emmy.casa;
set $lidarr_upstream 192.168.99.255:9999;
server_name $lidarr_server_name;
listen 443 ssl http2;
listen [::]:443 ssl http2;
default_type application/octet-stream;
include mime.types;
keepalive_timeout 65;
sendfile on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://$lidarr_upstream;
proxy_no_cache $cookie_session;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location /api {
auth_request off;
proxy_pass http://$lidarr_upstream/api;
}
}
Raw
plex.nginx
upstream plex_backend {
server 192.168.99.255:9999;
keepalive 32;
}
server {
# Redirect to SSL
set $plex_server_name plex.emmy.casa;
server_name $plex_server_name;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
set $plex_server_name plex.emmy.casa;
server_name $plex_server_name;
listen 443 ssl http2;
listen [::]:443 ssl http2;
default_type application/octet-stream;
include mime.types;
keepalive_timeout 65;
sendfile on;
resolver 8.8.8.8 8.8.8.4 valid=300s;
resolver_timeout 10s;
send_timeout 100m;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
client_max_body_size 100M;
gzip on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_vary on;
add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
proxy_buffering off;
proxy_http_version 1.1;
proxy_redirect off;
location / {
proxy_pass http://$plex_backend;
proxy_no_cache $cookie_session;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location /api {
auth_request off;
proxy_pass http://plex_backend/api;
}
}
Raw
prowlarr.nginx
server {
# Redirect to SSL
set $prowlarr_server_name prowlarr.emmy.casa;
server_name $prowlarr_server_name;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
set $prowlarr_server_name prowlarr.emmy.casa;
set $prowlarr_upstream 192.168.99.255:9999;
server_name $prowlarr_server_name;
listen 443 ssl http2;
listen [::]:443 ssl http2;
default_type application/octet-stream;
include mime.types;
keepalive_timeout 65;
sendfile on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://$prowlarr_upstream;
proxy_no_cache $cookie_session;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location /api {
auth_request off;
proxy_pass http://$prowlarr_upstream/api;
}
}
Raw
radarr.nginx
server {
# Redirect to SSL
set $radarr_server_name radarr.emmy.casa;
server_name $radarr_server_name;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
set $radarr_server_name radarr.emmy.casa;
set $radarr_upstream 192.168.99.255:9999;
server_name $radarr_server_name;
listen 443 ssl http2;
listen [::]:443 ssl http2;
default_type application/octet-stream;
include mime.types;
keepalive_timeout 65;
sendfile on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://$radarr_upstream;
proxy_no_cache $cookie_session;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location /api {
auth_request off;
proxy_pass http://$radarr_upstream/api;
}
}
Raw
radarr4k.nginx
server {
# Redirect to SSL
set $radarr4k_server_name radarr4k.emmy.casa;
server_name $radarr4k_server_name;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
set $radarr4k_server_name radarr4k.emmy.casa;
set $radarr4k_upstream 192.168.99.255:9999;
server_name $radarr4k_server_name;
listen 443 ssl http2;
listen [::]:443 ssl http2;
default_type application/octet-stream;
include mime.types;
keepalive_timeout 65;
sendfile on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://$radarr4k_upstream;
proxy_no_cache $cookie_session;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location /api {
auth_request off;
proxy_pass http://$radarr4k_upstream/api;
}
}
Raw
servarr-template.nginx
# Use TS Playground to generate:
# https://www.typescriptlang.org/play/?target=99&jsx=0#code/MYewdgzgLgBFCmBbADgGwIYJgXhgAwngCcA3YmAbwCgZaYBiGAJXgBMBLI+YWKEGAMoCAMjTqFYdKdJnSAJOiJEA+oVLFlYdIngxFRAHRJEATwPB0EdAG4qY2mrIqtO2W5gKlq4k83b4tlKo7NDwYO4RtAAcAAyBdMGh4ZHuANoAXOkAuumxtvYwXFAArkTJKbIAzDEAjDAAFlBQyBDpAPRtcvUg0HJcAI7F8NDKpey2AL52juTUUhIVkZ4qM87+ekpGiKbmljYFC4vuy6MtUFzaMDUAnABMBjUAbFEG19cGtwCsn+lvb-nzHwaFy6I4nVZ+HTxWiJBDlI50AAsiMqMAgEFQDSayFu0JgsLCCOkGWy6WRqPRmMazVxdikrHgADN0MVUFBlFATMhQRV0Mg0OwLFB2OA2iAePAoABaaAXRB49hgYCoYoMol0RDsHQGTnciB4gDW8HgyHQwTIHK18BAxUkbkenzxhDArEZ7FQPIR4AB4gxymA7GQ9WIEARACIAKIAYQAIgAJCNS6MxgQAQSlqYjAi+jylAHEowBZKUCOOpypRRHpZMJqVMNMZrM5-NFktlitVmuJ5MNqNlvup24xKUABQA8sIAJo1ao-Lt13v9stD0cT6ez6ux2s99OZ7OfXOl8uVzfxxP13dNg9t4+IsNOv3cVj1f2lMgVQjAZAdog1B+oZRkC4RkNAhAMgxDWhvQOP0gJAPhQFQUMKgAFWEAQSDqNCMJqB4YGwzCPnw9DCMqf9vHREUwH9dBgGDCIIHqRQ2HSIRhHSGoYnlGCAMISjwEtHQbTtaROO4+Y-WgPlgjAABzI5oIk3ioGkxVZOUJx2EZEw3Gggp0FYVhlGDAzyARARzkFaUUKIdBIGQEAiGlARuDGTkYDDRB0AADyldBZPgbBKhqT5KkeGIIusGBFWVVV4AEYoACMYxALzFQgMM9FQAB3dATH1OkEnFTAqJgNpKAKKQ4O8kxAMsZDImpZB2k6fRTlleBtB9GRqtqsAQBoujPXkUAQANdh4AoiAqLxKqiBAGrjOxDSQ1KqRcL-Sq6F65QuA4LgeHcEBGUZbrpB2iRjM6hkiFkKNwDAbhhXADwmv9B6npmrbaAuyUrtM26ZDjHpYC6EHZu2+bFsukybtkABVZBZNstUumW4okZRgJvpgX72VhszpAADSlAAxRzcqIBlWDJxyPB2gyjO85RGQpxRqZZxyIZ+qHaph67CakEnyaISnqalYHoFe8Gcbx-64ZkYW2apthR3mvgPAgIaoVl3nvHxgXAeJutOtQKUAEkRw8LhEHgybGaIfICimIJiue8I2j5dgKrcFkoBfAYhiliJjtO3WFtq010QqJqWpODGOu0T3kHGZ2qAmPB8lASBYH0Vo0UsuTUiyHAYFSMQAHIIHAfQK4AGkrlHa4b2gK6bpREQNevK7g7KMCUbvW+CVhm8rxL0AAL1HrJ8jzgxWaICNaPqAAKfQcAAPh9mBs+rj0DFQEBZJXhAUAwBADC4NBaPgVNUFQFeK7a+v8DkCh9AmZQ8AASkvk0MGALfe+j99AGBfngN+H8DA-2-unb+QA
server {
# Redirect to SSL
set $arr_server_name arr.emmy.casa;
server_name $arr_server_name;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
set $arr_server_name arr.emmy.casa;
set $arr_upstream 192.168.99.255:9999;
server_name $arr_server_name;
listen 443 ssl http2;
listen [::]:443 ssl http2;
default_type application/octet-stream;
include mime.types;
keepalive_timeout 65;
sendfile on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://$arr_upstream;
proxy_no_cache $cookie_session;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location /api {
auth_request off;
proxy_pass http://$arr_upstream/api;
}
}
Raw
sonarr.nginx
server {
# Redirect to SSL
set $sonarr_server_name sonarr.emmy.casa;
server_name $sonarr_server_name;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
set $sonarr_server_name sonarr.emmy.casa;
set $sonarr_upstream 192.168.99.255:9999;
server_name $sonarr_server_name;
listen 443 ssl http2;
listen [::]:443 ssl http2;
default_type application/octet-stream;
include mime.types;
keepalive_timeout 65;
sendfile on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://$sonarr_upstream;
proxy_no_cache $cookie_session;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location /api {
auth_request off;
proxy_pass http://$sonarr_upstream/api;
}
}
Raw
tautulli.nginx
server {
# Redirect to SSL
set $tautulli_server_name tautulli.emmy.casa;
set $tautulli_upstream 192.168.99.255:9999;
server_name $tautulli_server_name;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
set $tautulli_server_name tautulli.emmy.casa;
set $tautulli_upstream 192.168.99.255:9999;
server_name $tautulli_server_name;
listen 443 ssl http2;
listen [::]:443 ssl http2;
default_type application/octet-stream;
include mime.types;
keepalive_timeout 65;
sendfile on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://$tautulli_upstream;
proxy_no_cache $cookie_session;
proxy_http_version 1.1;
proxy_redirect off;
proxy_read_timeout 90;
set $xforwardedssl "on";
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
}
location /api {
auth_request off;
proxy_pass http://$tautulli_upstream/api;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment