Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Lets Encrypt Reverse Proxy Files
alias dcp='docker-compose -f /opt/docker-compose.yml '
alias dcpull='docker-compose -f /opt/docker-compose.yml pull --parallel'
alias dcplogs='docker-compose -f /opt/docker-compose.yml logs -tf --tail="50" '
alias df='df -h -x aufs -x tmpfs -x udev'
alias editle='sudo vi /opt/appdata/letsencrypt/nginx/site-confs/default'
# vim: set ft=dosini
---
version: "3"
services:
letsencrypt:
image: linuxserver/letsencrypt
container_name: le
ports:
- 443:443
volumes:
- /opt/appdata/letsencrypt:/config
restart: always
depends_on:
- plexpy
- grafana
- nzbget
- sonarr
- radarr
- headphones
- airsonic
- smokeping
environment:
- PUID=${PUID}
- PGID=${PGID}
- EMAIL=blah@zay.com
- URL=blah.com
- SUBDOMAINS=sub
- ONLY_SUBDOMAINS=true
- DHLEVEL=4096
- TZ=Europe/London
plex:
image: plexinc/pms-docker
container_name: plex
volumes:
- /opt/appdata/plex:/config
- /mnt/storage:/data
network_mode: host
restart: always
environment:
- PLEX_CLAIM="claim"
- PUID=${PUID}
- PGID=${PGID}
plexpy:
image: linuxserver/plexpy
container_name: plexpy
depends_on:
- plex
volumes:
- /opt/appdata/plexpy:/config
- /opt/appdata/plex/Library/Application\ Support/Plex\ Media\ Server/Logs:/logs:ro
restart: unless-stopped
environment:
- PUID=${PUID}
- PGID=${PGID}
influxdb:
image: influxdb:latest
container_name: influxdb
ports:
- 8086:8086
volumes:
- /opt/appdata/influxdb:/var/lib/influxdb
restart: unless-stopped
grafana:
image: grafana/grafana
container_name: grafana
environment:
- "GF_ROOT_URL=%(protocol)s://%(domain)s:%(http_port)s/grafana/"
volumes:
- /opt/appdata/grafana/data:/var/lib/grafana
- /opt/appdata/grafana/config/grafana.ini:/etc/grafana/grafana.ini
restart: unless-stopped
nzbget:
image: linuxserver/nzbget
container_name: nzbget
volumes:
- /opt/appdata/nzbget/config:/config
- /opt/downloads:/downloads
restart: unless-stopped
environment:
- PUID=${PUID}
- PGID=${PGID}
sonarr:
image: linuxserver/sonarr
container_name: sonarr
depends_on:
- nzbget
volumes:
- /opt/appdata/sonarr:/config
- /mnt/storage/tv:/tv
- /opt/downloads/complete/tv:/downloads/complete/tv
restart: unless-stopped
environment:
- PUID=${PUID}
- PGID=${PGID}
radarr:
image: linuxserver/radarr
container_name: radarr
volumes:
- /opt/appdata/radarr:/config
- /mnt/storage/movies:/movies
- /opt/appdata/complete/movies:/downloads
environment:
- PUID=${PUID}
- PGID=${PGID}
restart: unless-stopped
headphones:
image: linuxserver/headphones
container_name: headphones
volumes:
- /opt/appdata/headphones:/config
- /mnt/storage/music/flac:/music
- /opt/downloads/complete/music:/downloads
environment:
- PUID=${PUID}
- PGID=${PGID}
restart: unless-stopped
airsonic:
image: linuxserver/airsonic
container_name: airsonic
volumes:
- /opt/appdata/airsonic:/config
- /mnt/storage/music/flac:/music/flac
environment:
- PUID=${PUID}
- PGID=${PGID}
- CONTEXT_PATH=sonic
restart: unless-stopped
smokeping:
image: linuxserver/smokeping
container_name: smokeping
volumes:
- /opt/appdata/smokeping/config:/config
- /opt/appdata/smokeping/data:/data
environment:
- PUID=${PUID}
- PGID=${PGID}
restart: unless-stopped
# listening on port 80 disabled by default, remove the "#" signs to enable
# redirect all traffic to https
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# main server block
server {
listen 443 ssl default_server;
#root /config/www;
#index index.html index.htm index.php;
server_name _;
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
client_max_body_size 0;
location / {
try_files $uri $uri/ /index.html /index.php?$args =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# With php7-cgi alone:
fastcgi_pass 127.0.0.1:9000;
# With php7-fpm:
#fastcgi_pass unix:/var/run/php7-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
location /sonic {
proxy_pass http://libresonic:4040/sonic;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /smokeping {
proxy_pass http://smokeping;
include /config/nginx/proxy.conf;
}
location /plexpy {
proxy_pass http://plexpy:8181;
proxy_bind $server_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Ssl on;
include /config/nginx/proxy.conf;
}
location /nzbget {
proxy_pass http://nzbget:6789;
include /config/nginx/proxy.conf;
}
location /sonarr {
proxy_pass http://sonarr:8989/sonarr;
include /config/nginx/proxy.conf;
}
location /headphones {
proxy_pass http://headphones:8181/headphones;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /radarr {
proxy_pass http://radarr:7878/radarr;
include /config/nginx/proxy.conf;
}
location /ombi {
proxy_pass http://ombi:3579/ombi;
include /config/nginx/proxy.conf;
}
location /grafana/ {
proxy_pass http://grafana:3000;
rewrite ^/grafana/(.*) /$1 break;
proxy_set_header Host $host;
}
}
client_max_body_size 10m;
client_body_buffer_size 128k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;
@Aghassi
Copy link

Aghassi commented Apr 6, 2018

As a note to future readers:

If you use Sonarr/Radarr, you will have to go into the settings for them and update the "Base URL" setting and restart. Otherwise, you will not be able to load via the reverse proxy.

@renatobellotti
Copy link

renatobellotti commented Sep 16, 2020

I would love to see a Nextcloud entry here. In an ideal world, this includes also an Onlyoffice server. 😄

@ironicbadger
Copy link
Author

ironicbadger commented Sep 16, 2020

This is quite old now.

https://GitHub.com/ironicbadger/infra

@franz-ka
Copy link

franz-ka commented Mar 1, 2021

This is quite old now.

https://GitHub.com/ironicbadger/infra

you say its old but in that repo you don't use docker-compose.yml simple config so for newbies like me this document is still useful.

(coming from https://blog.linuxserver.io/2017/11/28/how-to-setup-a-reverse-proxy-with-letsencrypt-ssl-for-all-your-docker-apps/)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment