Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Lets Encrypt Reverse Proxy Files
alias dcp='docker-compose -f /opt/docker-compose.yml '
alias dcpull='docker-compose -f /opt/docker-compose.yml pull --parallel'
alias dcplogs='docker-compose -f /opt/docker-compose.yml logs -tf --tail="50" '
alias df='df -h -x aufs -x tmpfs -x udev'
alias editle='sudo vi /opt/appdata/letsencrypt/nginx/site-confs/default'
# vim: set ft=dosini
---
version: "3"
services:
letsencrypt:
image: linuxserver/letsencrypt
container_name: le
ports:
- 443:443
volumes:
- /opt/appdata/letsencrypt:/config
restart: always
depends_on:
- plexpy
- grafana
- nzbget
- sonarr
- radarr
- headphones
- airsonic
- smokeping
environment:
- PUID=${PUID}
- PGID=${PGID}
- EMAIL=blah@zay.com
- URL=blah.com
- SUBDOMAINS=sub
- ONLY_SUBDOMAINS=true
- DHLEVEL=4096
- TZ=Europe/London
plex:
image: plexinc/pms-docker
container_name: plex
volumes:
- /opt/appdata/plex:/config
- /mnt/storage:/data
network_mode: host
restart: always
environment:
- PLEX_CLAIM="claim"
- PUID=${PUID}
- PGID=${PGID}
plexpy:
image: linuxserver/plexpy
container_name: plexpy
depends_on:
- plex
volumes:
- /opt/appdata/plexpy:/config
- /opt/appdata/plex/Library/Application\ Support/Plex\ Media\ Server/Logs:/logs:ro
restart: unless-stopped
environment:
- PUID=${PUID}
- PGID=${PGID}
influxdb:
image: influxdb:latest
container_name: influxdb
ports:
- 8086:8086
volumes:
- /opt/appdata/influxdb:/var/lib/influxdb
restart: unless-stopped
grafana:
image: grafana/grafana
container_name: grafana
environment:
- "GF_ROOT_URL=%(protocol)s://%(domain)s:%(http_port)s/grafana/"
volumes:
- /opt/appdata/grafana/data:/var/lib/grafana
- /opt/appdata/grafana/config/grafana.ini:/etc/grafana/grafana.ini
restart: unless-stopped
nzbget:
image: linuxserver/nzbget
container_name: nzbget
volumes:
- /opt/appdata/nzbget/config:/config
- /opt/downloads:/downloads
restart: unless-stopped
environment:
- PUID=${PUID}
- PGID=${PGID}
sonarr:
image: linuxserver/sonarr
container_name: sonarr
depends_on:
- nzbget
volumes:
- /opt/appdata/sonarr:/config
- /mnt/storage/tv:/tv
- /opt/downloads/complete/tv:/downloads/complete/tv
restart: unless-stopped
environment:
- PUID=${PUID}
- PGID=${PGID}
radarr:
image: linuxserver/radarr
container_name: radarr
volumes:
- /opt/appdata/radarr:/config
- /mnt/storage/movies:/movies
- /opt/appdata/complete/movies:/downloads
environment:
- PUID=${PUID}
- PGID=${PGID}
restart: unless-stopped
headphones:
image: linuxserver/headphones
container_name: headphones
volumes:
- /opt/appdata/headphones:/config
- /mnt/storage/music/flac:/music
- /opt/downloads/complete/music:/downloads
environment:
- PUID=${PUID}
- PGID=${PGID}
restart: unless-stopped
airsonic:
image: linuxserver/airsonic
container_name: airsonic
volumes:
- /opt/appdata/airsonic:/config
- /mnt/storage/music/flac:/music/flac
environment:
- PUID=${PUID}
- PGID=${PGID}
- CONTEXT_PATH=sonic
restart: unless-stopped
smokeping:
image: linuxserver/smokeping
container_name: smokeping
volumes:
- /opt/appdata/smokeping/config:/config
- /opt/appdata/smokeping/data:/data
environment:
- PUID=${PUID}
- PGID=${PGID}
restart: unless-stopped
# listening on port 80 disabled by default, remove the "#" signs to enable
# redirect all traffic to https
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# main server block
server {
listen 443 ssl default_server;
#root /config/www;
#index index.html index.htm index.php;
server_name _;
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
client_max_body_size 0;
location / {
try_files $uri $uri/ /index.html /index.php?$args =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# With php7-cgi alone:
fastcgi_pass 127.0.0.1:9000;
# With php7-fpm:
#fastcgi_pass unix:/var/run/php7-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
location /sonic {
proxy_pass http://libresonic:4040/sonic;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /smokeping {
proxy_pass http://smokeping;
include /config/nginx/proxy.conf;
}
location /plexpy {
proxy_pass http://plexpy:8181;
proxy_bind $server_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Ssl on;
include /config/nginx/proxy.conf;
}
location /nzbget {
proxy_pass http://nzbget:6789;
include /config/nginx/proxy.conf;
}
location /sonarr {
proxy_pass http://sonarr:8989/sonarr;
include /config/nginx/proxy.conf;
}
location /headphones {
proxy_pass http://headphones:8181/headphones;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /radarr {
proxy_pass http://radarr:7878/radarr;
include /config/nginx/proxy.conf;
}
location /ombi {
proxy_pass http://ombi:3579/ombi;
include /config/nginx/proxy.conf;
}
location /grafana/ {
proxy_pass http://grafana:3000;
rewrite ^/grafana/(.*) /$1 break;
proxy_set_header Host $host;
}
}
client_max_body_size 10m;
client_body_buffer_size 128k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;
@Aghassi

This comment has been minimized.

Copy link

Aghassi commented Apr 6, 2018

As a note to future readers:

If you use Sonarr/Radarr, you will have to go into the settings for them and update the "Base URL" setting and restart. Otherwise, you will not be able to load via the reverse proxy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.