327 lines
11 KiB
Plaintext
327 lines
11 KiB
Plaintext
server {
|
|
listen 80;
|
|
server_name code-server.hvn.nz;
|
|
access_log /var/log/nginx/code-server.access.log main;
|
|
error_log /var/log/nginx/code-server.error.log notice;
|
|
|
|
location / {
|
|
proxy_pass http://code-server:8443;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_redirect http:// https://;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name portainer.hvn.nz;
|
|
access_log /var/log/nginx/portainer.access.log main;
|
|
error_log /var/log/nginx/portainer.error.log notice;
|
|
|
|
location / {
|
|
proxy_pass https://portainer:9443;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_redirect http:// https://;
|
|
}
|
|
}
|
|
server {
|
|
listen 80;
|
|
server_name home.hvn.nz;
|
|
access_log /var/log/nginx/homarr.access.log main;
|
|
error_log /var/log/nginx/homar.error.log notice;
|
|
|
|
location / {
|
|
proxy_pass http://homarr:7575;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_redirect http:// https://;
|
|
}
|
|
}
|
|
server {
|
|
listen 443 ssl;
|
|
server_name search.hvn.nz;
|
|
access_log /var/log/nginx/search.access.log haven-debug;
|
|
error_log /var/log/nginx/search.error.log notice;
|
|
|
|
# client certificate
|
|
ssl_client_certificate /step-ca_data/certs/ca-chain.crt;
|
|
# make verification optional, so we can display a 403 message to those
|
|
# who fail authentication
|
|
# changed to on for troubleshooting
|
|
ssl_verify_client on;
|
|
|
|
location / {
|
|
# if the client-side certificate failed to authenticate, show a 403
|
|
# message to the client
|
|
# if ($ssl_client_verify != SUCCESS) {
|
|
# return 403;
|
|
# }
|
|
proxy_pass http://searxng:8080;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_redirect http:// https://;
|
|
}
|
|
}
|
|
server {
|
|
listen 443 ssl;
|
|
server_name prowlarr.hvn.nz;
|
|
access_log /var/log/nginx/prowlarr.access.log haven-debug;
|
|
error_log /var/log/nginx/prowlarr.error.log notice;
|
|
|
|
# client certificate
|
|
ssl_client_certificate /step-ca_data/certs/ca-chain.crt;
|
|
# make verification optional, so we can display a 403 message to those
|
|
# who fail authentication
|
|
# changed to on for troubleshooting
|
|
ssl_verify_client on;
|
|
|
|
location / {
|
|
# if the client-side certificate failed to authenticate, show a 403
|
|
# message to the client
|
|
# if ($ssl_client_verify != SUCCESS) {
|
|
# return 403;
|
|
# }
|
|
proxy_pass http://prowlarr:9696;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_redirect http:// https://;
|
|
}
|
|
}
|
|
server {
|
|
listen 443 ssl;
|
|
server_name radarr.hvn.nz;
|
|
access_log /var/log/nginx/radarr.access.log haven-debug;
|
|
error_log /var/log/nginx/radarr.error.log notice;
|
|
|
|
# client certificate
|
|
ssl_client_certificate /step-ca_data/certs/ca-chain.crt;
|
|
# make verification optional, so we can display a 403 message to those
|
|
# who fail authentication
|
|
# changed to on for troubleshooting
|
|
ssl_verify_client on;
|
|
|
|
location / {
|
|
# if the client-side certificate failed to authenticate, show a 403
|
|
# message to the client
|
|
# if ($ssl_client_verify != SUCCESS) {
|
|
# return 403;
|
|
# }
|
|
proxy_pass http://radarr:7878;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_redirect http:// https://;
|
|
}
|
|
}
|
|
server {
|
|
listen 443 ssl;
|
|
server_name jellyfin.hvn.nz;
|
|
access_log /var/log/nginx/jellyfin.access.log haven-debug;
|
|
error_log /var/log/nginx/jellyfin.error.log notice;
|
|
|
|
# client certificate
|
|
ssl_client_certificate /step-ca_data/certs/ca-chain.crt;
|
|
# make verification optional, so we can display a 403 message to those
|
|
# who fail authentication
|
|
# changed to on for troubleshooting
|
|
ssl_verify_client on;
|
|
|
|
location / {
|
|
# if the client-side certificate failed to authenticate, show a 403
|
|
# message to the client
|
|
# if ($ssl_client_verify != SUCCESS) {
|
|
# return 403;
|
|
# }
|
|
proxy_pass http://jellyfin:8096;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_redirect http:// https://;
|
|
}
|
|
}
|
|
server {
|
|
listen 443 ssl;
|
|
server_name homepage.hvn.nz;
|
|
access_log /var/log/nginx/homepage.access.log haven-debug;
|
|
error_log /var/log/nginx/homepage.error.log notice;
|
|
|
|
# client certificate
|
|
ssl_client_certificate /step-ca_data/certs/ca-chain.crt;
|
|
# make verification optional, so we can display a 403 message to those
|
|
# who fail authentication
|
|
# changed to on for troubleshooting
|
|
ssl_verify_client on;
|
|
|
|
location / {
|
|
# if the client-side certificate failed to authenticate, show a 403
|
|
# message to the client
|
|
# if ($ssl_client_verify != SUCCESS) {
|
|
# return 403;
|
|
# }
|
|
proxy_pass http://homepage:3000;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_redirect http:// https://;
|
|
}
|
|
}
|
|
server {
|
|
listen 443 ssl;
|
|
server_name sonarr.hvn.nz;
|
|
access_log /var/log/nginx/sonarr.access.log haven-debug;
|
|
error_log /var/log/nginx/sonarr.error.log notice;
|
|
|
|
# client certificate
|
|
ssl_client_certificate /step-ca_data/certs/ca-chain.crt;
|
|
# make verification optional, so we can display a 403 message to those
|
|
# who fail authentication
|
|
# changed to on for troubleshooting
|
|
ssl_verify_client on;
|
|
|
|
location / {
|
|
# if the client-side certificate failed to authenticate, show a 403
|
|
# message to the client
|
|
# if ($ssl_client_verify != SUCCESS) {
|
|
# return 403;
|
|
# }
|
|
proxy_pass http://sonarr:8989;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_redirect http:// https://;
|
|
}
|
|
}
|
|
server {
|
|
listen 443 ssl;
|
|
server_name qbittorrent.hvn.nz;
|
|
access_log /var/log/nginx/qbittorrent.access.log haven-debug;
|
|
error_log /var/log/nginx/qbittorrent.error.log notice;
|
|
|
|
# client certificate
|
|
ssl_client_certificate /step-ca_data/certs/ca-chain.crt;
|
|
# make verification optional, so we can display a 403 message to those
|
|
# who fail authentication
|
|
# changed to on for troubleshooting
|
|
ssl_verify_client on;
|
|
|
|
location / {
|
|
# if the client-side certificate failed to authenticate, show a 403
|
|
# message to the client
|
|
# if ($ssl_client_verify != SUCCESS) {
|
|
# return 403;
|
|
# }
|
|
proxy_pass http://qbittorrent:8080;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_redirect http:// https://;
|
|
}
|
|
}
|
|
# server {
|
|
# listen 443 ssl;
|
|
# server_name auth.hvn.nz;
|
|
# access_log /var/log/nginx/auth.access.log haven-debug;
|
|
# error_log /var/log/nginx/auth.error.log notice;
|
|
|
|
# # client certificate
|
|
# #ssl_client_certificate /step-ca_data/certs/intermediate_ca.crt;
|
|
# # make verification optional, so we can display a 403 message to those
|
|
# # who fail authentication
|
|
# #ssl_verify_client optional;
|
|
|
|
# location / {
|
|
# # if the client-side certificate failed to authenticate, show a 403
|
|
# # message to the client
|
|
# #if ($ssl_client_verify != SUCCESS) {
|
|
# # return 403;
|
|
# #}
|
|
# proxy_pass https://authentik-server:9443;
|
|
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
|
|
# proxy_http_version 1.1;
|
|
|
|
# proxy_redirect http:// https://;
|
|
# }
|
|
# } |