tbgoose/auth-basic.conf

## auth-basic.conf
auth_basic              "Restricted";
auth_basic_user_file    /usr/local/etc/nginx/htpasswd;

## index.html
<html>
	<head>
		<title>My NGINX Proxies</title>
	</head>
	<body>
		<h1>
			Welcome to my stuff</h1>

		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			<a href="/sonarr">/sonarr</a></p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			&nbsp;</p>

		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			<a href="/couchpotato">/couchpotato</a></p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			&nbsp;</p>

		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			<a href="/plexpy">/headphones</a></p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			&nbsp;</p>

		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			<a href="/sabnzbd">/sabnzbd</a></p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			&nbsp;</p>

		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			<a href="/deluge">/deluge</a></p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			&nbsp;</p>

		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			<a href="/plexpy">/plexpy</a></p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			&nbsp;</p>

	</body>
</html>

## proxy-control.conf
proxy_connect_timeout   59s;
proxy_send_timeout      600;
proxy_read_timeout      600;
proxy_buffer_size       64k;
proxy_buffers           16 32k;
proxy_pass_header       Set-Cookie;
proxy_hide_header       Vary;

proxy_busy_buffers_size         64k;
proxy_temp_file_write_size      64k;

proxy_set_header        Accept-Encoding         '';
proxy_ignore_headers    Cache-Control           Expires;
proxy_set_header        Referer                 $http_referer;
proxy_set_header        Host                    $host;
proxy_set_header        Cookie                  $http_cookie;
proxy_set_header        X-Real-IP               $remote_addr;
proxy_set_header        X-Forwarded-Host        $host;
proxy_set_header        X-Forwarded-Server      $host;
proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
#proxy_set_header       X-Forwarded-For         $remote_addr;

proxy_set_header        X-Forwarded-Port        '443';
proxy_set_header        X-Forwarded-Ssl         on;
proxy_set_header        X-Forwarded-Proto       https;
proxy_set_header        Authorization           '';

#proxy_buffering        off;

#proxy_redirect        off;
#proxy_redirect        default;
proxy_redirect         http://example.net/ /;
proxy_redirect         https://example.net/ /;
#proxy_redirect        http://$host/ /;
#proxy_redirect        http:// https://;

#more_clear_headers    'referer';
#RequestHeader unset   referer
#proxy_hide_header     referer;
#proxy_ignore_headers  referer;

## services.conf
location /sonarr {
        proxy_pass        http://localhost:8989/sonarr;
        include           proxy-control.conf;
        include           auth-basic.conf;
        proxy_set_header  Host localhost:8989;
        proxy_redirect    default;
        port_in_redirect  off;
}
#Change web_root in config.ini to /sonarr (sonarr should be stopped while editing file)
#web_root = /sonarr

location /sabnzbd {
        proxy_pass        http://localhost:8081/sabnzbd;
        include           proxy-control.conf;
        include           auth-basic.conf;
	proxy_set_header  Host localhost:8081;
        proxy_redirect    default;
        port_in_redirect  off;
}

location /couchpotato {
        proxy_pass        http://localhost:5050/couchpotato;
        include           proxy-control.conf;
        include           auth-basic.conf;
        proxy_set_header  Host localhost:5050;
        proxy_redirect    default;
}
#See http://couchpotato.tenderapp.com/kb/tips/reverse-proxy
#URL base needs to be adjusted and make sure couchpotato is restarted once the change is in place

location /deluge {
        proxy_pass        http://localhost:8112/deluge;
        include           proxy-control.conf;
        include           auth-basic.conf;
        proxy_set_header  Host localhost:8112;
        proxy_redirect    default;
        port_in_redirect  off;
}

location /headphones {
        proxy_pass        http://localhost:8181/headphones;
        include           proxy-control.conf;
        include           auth-basic.conf;
        proxy_set_header  Host localhost:8181;
        proxy_redirect    default;
        port_in_redirect  off;
}
#You will need to make sure headphones is not running, and then modify its config.ini file in order to set:
#http_root = /headphones

location /plexpy {
        proxy_pass        http://localhost:8181/plexpy;
        include           proxy-control.conf;
        include           auth-basic.conf;
        proxy_set_header  Host localhost:8181;
        proxy_redirect    default;
        port_in_redirect  off;
}

## site-available.conf
server {
        listen 443;

        include ssl.conf;
        include services.conf;
}

## ssl.conf
ssl on;
ssl_certificate /usr/local/etc/ssl/server.cer;
ssl_certificate_key /usr/local/etc/ssl/server.key;

#ssl_session_timeout 5m;

ssl_protocols SSLv3 TLSv1;
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SH$
ssl_prefer_server_ciphers on;
	auth_basic "Restricted";
	auth_basic_user_file /usr/local/etc/nginx/htpasswd;
	<html>
	<head>
	<title>My NGINX Proxies</title>
	</head>
	<body>
	<h1>
	Welcome to my stuff</h1>

	<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
	<a href="/sonarr">/sonarr</a></p>
	<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
	</p>

	<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
	<a href="/couchpotato">/couchpotato</a></p>
	<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
	</p>

	<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
	<a href="/plexpy">/headphones</a></p>
	<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
	</p>

	<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
	<a href="/sabnzbd">/sabnzbd</a></p>
	<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
	</p>

	<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
	<a href="/deluge">/deluge</a></p>
	<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
	</p>

	<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
	<a href="/plexpy">/plexpy</a></p>
	<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
	</p>

	</body>
	</html>
	proxy_connect_timeout 59s;
	proxy_send_timeout 600;
	proxy_read_timeout 600;
	proxy_buffer_size 64k;
	proxy_buffers 16 32k;
	proxy_pass_header Set-Cookie;
	proxy_hide_header Vary;

	proxy_busy_buffers_size 64k;
	proxy_temp_file_write_size 64k;

	proxy_set_header Accept-Encoding '';
	proxy_ignore_headers Cache-Control Expires;
	proxy_set_header Referer $http_referer;
	proxy_set_header Host $host;
	proxy_set_header Cookie $http_cookie;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Server $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	#proxy_set_header X-Forwarded-For $remote_addr;

	proxy_set_header X-Forwarded-Port '443';
	proxy_set_header X-Forwarded-Ssl on;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header Authorization '';

	#proxy_buffering off;

	#proxy_redirect off;
	#proxy_redirect default;
	proxy_redirect http://example.net/ /;
	proxy_redirect https://example.net/ /;
	#proxy_redirect http://$host/ /;
	#proxy_redirect http:// https://;

	#more_clear_headers 'referer';
	#RequestHeader unset referer
	#proxy_hide_header referer;
	#proxy_ignore_headers referer;
	location /sonarr {
	proxy_pass http://localhost:8989/sonarr;
	include proxy-control.conf;
	include auth-basic.conf;
	proxy_set_header Host localhost:8989;
	proxy_redirect default;
	port_in_redirect off;
	}
	#Change web_root in config.ini to /sonarr (sonarr should be stopped while editing file)
	#web_root = /sonarr

	location /sabnzbd {
	proxy_pass http://localhost:8081/sabnzbd;
	include proxy-control.conf;
	include auth-basic.conf;
	proxy_set_header Host localhost:8081;
	proxy_redirect default;
	port_in_redirect off;
	}

	location /couchpotato {
	proxy_pass http://localhost:5050/couchpotato;
	include proxy-control.conf;
	include auth-basic.conf;
	proxy_set_header Host localhost:5050;
	proxy_redirect default;
	}
	#See http://couchpotato.tenderapp.com/kb/tips/reverse-proxy
	#URL base needs to be adjusted and make sure couchpotato is restarted once the change is in place

	location /deluge {
	proxy_pass http://localhost:8112/deluge;
	include proxy-control.conf;
	include auth-basic.conf;
	proxy_set_header Host localhost:8112;
	proxy_redirect default;
	port_in_redirect off;
	}

	location /headphones {
	proxy_pass http://localhost:8181/headphones;
	include proxy-control.conf;
	include auth-basic.conf;
	proxy_set_header Host localhost:8181;
	proxy_redirect default;
	port_in_redirect off;
	}
	#You will need to make sure headphones is not running, and then modify its config.ini file in order to set:
	#http_root = /headphones

	location /plexpy {
	proxy_pass http://localhost:8181/plexpy;
	include proxy-control.conf;
	include auth-basic.conf;
	proxy_set_header Host localhost:8181;
	proxy_redirect default;
	port_in_redirect off;
	}
	ssl on;
	ssl_certificate /usr/local/etc/ssl/server.cer;
	ssl_certificate_key /usr/local/etc/ssl/server.key;

	#ssl_session_timeout 5m;

	ssl_protocols SSLv3 TLSv1;
	#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
	ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SH$
	ssl_prefer_server_ciphers on;