homeserver/opt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add nginx config files

Browse Source
This commit is contained in:
Bram Veenboer
2025-05-04 12:30:35 +02:00
parent 2026160b19
commit b590536512
5 changed files with 230 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
nginx/etc/nginx/conf.d/global.conf Normal file
View File

@@ -0,0 +1,143 @@
server {
listen 80;
location / {
proxy_pass http://host:80;
include /etc/nginx/conf/proxy.conf;
}
location /transmission {
proxy_pass http://host:9091;
include /etc/nginx/conf/proxy.conf;
}
location /sonarr {
proxy_pass http://host:18989;
include /etc/nginx/conf/proxy.conf;
}
location /radarr {
proxy_pass http://host:17878;
include /etc/nginx/conf/proxy.conf;
}
location /lidarr {
proxy_pass http://host:18686;
include /etc/nginx/conf/proxy.conf;
}
location /bazarr {
proxy_pass http://host:16767;
include /etc/nginx/conf/proxy.conf;
}
location /jellyfin {
proxy_pass http://host:8097;
include /etc/nginx/conf/proxy.conf;
}
location /facette {
proxy_pass http://host:12003;
include /etc/nginx/conf/proxy.conf;
}
location /gitlab {
proxy_pass http://host:19080;
include /etc/nginx/conf/proxy.conf;
}
location /filebrowser {
proxy_pass http://host:8001;
include /etc/nginx/conf/proxy.conf;
}
location /plik {
proxy_pass http://host:8087;
include /etc/nginx/conf/proxy.conf;
}
location /droppy {
rewrite ^/droppy(.*)$ /$1 break;
proxy_pass http://host:19898;
include /etc/nginx/conf/proxy.conf;
}
location /ghost {
proxy_pass http://host:2368;
include /etc/nginx/conf/proxy.conf;
}
location /jackett {
proxy_pass http://host:9117;
include /etc/nginx/conf/proxy.conf;
}
location /dss {
proxy_pass http://host:10001;
include /etc/nginx/conf/proxy.conf;
}
location /pgsql {
proxy_pass http://host:5050;
include /etc/nginx/conf/proxy.conf;
}
location /registry {
proxy_pass http://host:1080;
include /etc/nginx/conf/proxy.conf;
}
}
server { # dsmr
listen 80;
server_name dsmr.bram.veenboer.xyz;
location / {
proxy_pass http://host:8888;
rewrite ^/dsmr(.*)$ $1 break;
include /etc/nginx/conf/proxy.conf;
}
}
server {
# homeassistant
listen 80;
server_name ha.bram.veenboer.xyz;
location / {
proxy_pass http://host:8123;
include /etc/nginx/conf/proxy.conf;
}
}
server { # esphome
listen 80;
server_name esp.bram.veenboer.xyz;
location / {
proxy_pass http://host:6052;
include /etc/nginx/conf/proxy.conf;
}
}
server {
# seafile
listen 80;
server_name seafile.bram.veenboer.xyz;
location / {
proxy_pass http://host:8082;
include /etc/nginx/conf/proxy.conf;
proxy_set_header X-Forwarded-Proto https;
}
#location /seafhttp {
# rewrite ^/seafhttp(.*)$ $1 break;
# proxy_pass http://host:8182;
# include /etc/nginx/conf/proxy.conf;
# proxy_set_header X-Forwarded-Proto https;
# client_max_body_size 0;
#}
#location /seafdav {
# proxy_pass http://host:8180;
# include /etc/nginx/conf/proxy.conf;
#}
}
server { # grafana
listen 80;
server_name grafana.bram.veenboer.xyz;
location / {
proxy_pass http://host:3333;
include /etc/nginx/conf/proxy.conf;
}
}
server { # photoprism
listen 80;
server_name photoprism.bram.veenboer.xyz;
location / {
proxy_pass http://host:2342;
include /etc/nginx/conf/proxy.conf;
}
}

10
nginx/etc/nginx/conf/proxy.conf Normal file
View File

@@ -0,0 +1,10 @@
# Proxy
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;

21
nginx/etc/nginx/conf/ssl-sub.conf Normal file
View File

@@ -0,0 +1,21 @@
# Enable SSL
ssl_certificate /host/etc/certs/.bram.veenboer.online/certificate+intermediate.pem;
ssl_certificate_key /host/etc/certs/.bram.veenboer.online/key.pem;
ssl_dhparam /host/etc/certs/.bram.veenboer.online/dh.pem;
# Increased security, from https://cipherli.st/
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver_timeout 5s;
# add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# Redirect HTTP trafic
error_page 497 https://$host:$server_port$request_uri;

20
nginx/etc/nginx/conf/ssl.conf Normal file
View File

@@ -0,0 +1,20 @@
# Enable SSL
ssl_certificate /host/etc/certs/certificate+intermediate.pem;
ssl_certificate_key /host/etc/certs/key.pem;
ssl_dhparam /host/etc/certs/dh.pem;
# Increased security, from https://cipherli.st/
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver_timeout 5s;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# Redirect HTTP trafic
error_page 497 https://$host:$server_port$request_uri;

36
nginx/etc/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,36 @@
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
client_body_buffer_size 1000M;
client_max_body_size 5000M;
server_tokens off;
error_page 401 403 404 /404.html;
include /etc/nginx/conf.d/*.conf;
}