Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
nginx reverse proxy for sickbeard, couchpotato etc.
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd;
proxy_connect_timeout 59s;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_buffer_size 64k;
proxy_buffers 16 32k;
proxy_pass_header Set-Cookie;
proxy_hide_header Vary;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_set_header Accept-Encoding '';
proxy_ignore_headers Cache-Control Expires;
proxy_set_header Referer $http_referer;
proxy_set_header Host $host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port '443';
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Authorization '';
proxy_redirect default;
port_in_redirect off;
location /monit {
rewrite ^/monit$ https://example.net/monit/ permanent;
rewrite ^/monit/(.*) /$1 break;
proxy_pass http://localhost:2812/;
include proxy-control.conf;
include auth-basic.conf;
}
location /sickbeard {
proxy_pass http://localhost:8081/sickbeard;
include proxy-control.conf;
include auth-basic.conf;
}
location /sabnzbd {
proxy_pass http://localhost:8080/sabnzbd;
include proxy-control.conf;
include auth-basic.conf;
}
location /couchpotato {
proxy_pass http://localhost:5050/couchpotato;
include proxy-control.conf;
include auth-basic.conf;
proxy_set_header Host localhost:5050;
}
location /headphones {
proxy_pass http://localhost:8181/headphones;
include proxy-control.conf;
include auth-basic.conf;
}
location /deluge {
proxy_pass http://127.0.0.1:8112/;
proxy_set_header X-Deluge-Base "/deluge/";
include proxy-control.conf;
include auth-basic.conf;
}
location ~ ^/nzbget($|./*) {
rewrite ^/nzbget/(.*) /$1 break;
proxy_pass http://127.0.0.1:6789;
include proxy-control.conf;
include auth-basic.conf;
}
location ~ ^/nzbget$ {
return 302 $scheme://$host$request_uri/;
}
location /syncthing/ {
proxy_pass http://127.0.0.1:41111/;
include proxy-control.conf;
include auth-basic.conf;
}
location /sonarr {
proxy_pass http://127.0.0.1:8989/sonarr;
include proxy-control.conf;
include auth-basic.conf;
proxy_set_header Host localhost:8989;
}
server {
listen 443;
include ssl.conf;
include services.conf;
}
ssl on;
ssl_certificate /etc/ssl/server.cer;
ssl_certificate_key /etc/ssl/server.key;
#ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
@Vaevictus

This comment has been minimized.

Copy link

commented Oct 28, 2013

hi there.

I am trying to use your config for setting up sickbeard etc.

Where do I put these files? I've tried putting them in the /etc/nginx/conf.d/ folder but I get errors in the nginx error log complaining about the services.conf having a location directive.

cheers!
Craig

@TwinMist

This comment has been minimized.

Copy link

commented Nov 11, 2013

Did anyone get this working?

@ifeelcream

This comment has been minimized.

Copy link

commented Nov 29, 2013

I was partly successful in using these files. If you put them in /etc/nginx/conf.d/ they will be loaded automatically, that's why you get the error. You have to put them in some other directory. I put mine in /etc/nginx/included.d/ and adjusted the paths in site-available.conf and services.conf accordingly.

I hope I was of some help.

@surrealchemist

This comment has been minimized.

Copy link

commented Mar 15, 2014

I got all my services working. You can see my fork of the files if you want more info.
Some of these require changing the app settings. I also included an example index.html I am using so I can forward the port to my home server via dynamic dns and have remote access.

@surrealchemist

This comment has been minimized.

Copy link

commented Mar 15, 2014

You can put services.conf into your conf.d or load it manually from nginx.conf if you want it to be on port 80 and have your listen line already there.

If you don't provide a path and just name a file it loads it from the nginx config root (where nginx.conf usually is) so you can either put stuff like proxy-control.conf and auth-basic.conf into the root, or you can put them into a directory like extras and reference them like extra/proxy-control.conf in the other config file.

@surrealchemist

This comment has been minimized.

Copy link

commented Apr 13, 2014

I found when using proxy_redirect it adds the port into the URLS. This made some stuff break when I was going from my home router 80 to nginx listening on 8080
Adding "port_in_redirect off;" option in the problem sections fixed it. Updated my fork with it.

@chulderman

This comment has been minimized.

Copy link

commented May 29, 2014

Hey! For sickbeard, you have to edit the config.ini when sickbeard has been shutdown. More info here

For couchpotato, you'll also need to do something similar. More info here

@freenaszn

This comment has been minimized.

Copy link

commented Sep 14, 2014

How do you integrate this with the owncloud code? I've been bashing my head against this and cant get the images to come through the proxy or fpm sock

@Thermionix

This comment has been minimized.

Copy link
Owner Author

commented Sep 17, 2016

all these .conf files should be placed in /etc/nginx (or your nginx config folder)

use of site-available.conf will depend on your main nginx.conf. You may just append/replace the server section of nginx.conf with the content of site-available.conf

most of these services will require additional configuration to accept reverse proxying.

generation of htpasswd;

sudo sh -c "echo -n 'authuser:' >> /etc/nginx/htpasswd"
sudo sh -c "openssl passwd -apr1 >> /etc/nginx/htpasswd"
cat /etc/nginx/htpasswd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.