LuisFlores3/nginx - sonarr config Secret

## nginx - sonarr config
server {
        listen 443 http2 ssl;
        server_name sonarr.domain.com;

	access_log	/var/log/nginx/sonarr.access.log;
        error_log	/var/log/nginx/sonarr.error.log;
        root		/my/www/root;
        index		index.php index.html index.htm;

        satisfy any;
        allow work.ip/32;
        allow local.network/24;
        deny all;
        auth_basic              "My Services";
        auth_basic_user_file    /my/htpasswd;

        ssl on;
	ssl_protocols TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
	ssl_certificate /my/cert.chained.crt;
        ssl_certificate_key /my/cert.key;
        ssl_session_cache shared:SSL:10m;
	ssl_dhparam /my/dhparam.pem;

        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /my/cert.pem;
        resolver 8.8.8.8 8.8.4.4 valid=300s;
        resolver_timeout 5s;

	add_header Public-Key-Pins 'pin-sha256="***"; pin-sha256="***"; max-age=5184000; includeSubDomains';
        more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains";
	add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.sonarr.tv; img-src 'self'; style-src 'unsafe-inline' 'self'";

	location / {

        proxy_pass  http://localhost:8989;

	proxy_next_upstream 	error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect		off;
        proxy_buffering		off;
        proxy_connect_timeout	2400;
        proxy_send_timeout	2400;
	proxy_read_timeout	2400;
	send_timeout		2400;

	proxy_set_header        Host			$http_host;
	proxy_set_header        X-Forwarded-Proto	https;
	proxy_set_header        X-Real-IP		$remote_addr;
	proxy_set_header        X-Forwarded-For		$proxy_add_x_forwarded_for;
	proxy_set_header	Upgrade			$http_upgrade;
	proxy_set_header	Connection		"upgrade";

        error_page 502 /sonarr-502.html;
        location /sonarr-502.html {
	                }


	        }
}
	server {
	listen 443 http2 ssl;
	server_name sonarr.domain.com;

	access_log /var/log/nginx/sonarr.access.log;
	error_log /var/log/nginx/sonarr.error.log;
	root /my/www/root;
	index index.php index.html index.htm;

	satisfy any;
	allow work.ip/32;
	allow local.network/24;
	deny all;
	auth_basic "My Services";
	auth_basic_user_file /my/htpasswd;

	ssl on;
	ssl_protocols TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
	ssl_certificate /my/cert.chained.crt;
	ssl_certificate_key /my/cert.key;
	ssl_session_cache shared:SSL:10m;
	ssl_dhparam /my/dhparam.pem;

	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /my/cert.pem;
	resolver 8.8.8.8 8.8.4.4 valid=300s;
	resolver_timeout 5s;

	add_header Public-Key-Pins 'pin-sha256="*"; pin-sha256="*"; max-age=5184000; includeSubDomains';
	more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains";
	add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.sonarr.tv; img-src 'self'; style-src 'unsafe-inline' 'self'";

	location / {

	proxy_pass http://localhost:8989;

	proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
	proxy_redirect off;
	proxy_buffering off;
	proxy_connect_timeout 2400;
	proxy_send_timeout 2400;
	proxy_read_timeout 2400;
	send_timeout 2400;

	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";

	error_page 502 /sonarr-502.html;
	location /sonarr-502.html {
	}


	}
	}