Skip to content

Instantly share code, notes, and snippets.

@surrealchemist
Forked from Thermionix/auth-basic.conf
Last active July 3, 2019 12:28
Show Gist options
  • Save surrealchemist/9560955 to your computer and use it in GitHub Desktop.
Save surrealchemist/9560955 to your computer and use it in GitHub Desktop.
Adding "port_in_redirect off;" which fixes the problem caused when your router is forwarding from a different port. This stops nginx from adding the port back in which is needed in a couple cases.
auth_basic "Restricted";
auth_basic_user_file /usr/local/etc/nginx/htpasswd;
<html>
<head>
<title>My NGINX Proxies</title>
</head>
<body>
<h1>
Welcome to my stuff</h1>
<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
<a href="/sickbeard">/sickbeard</a></p>
<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
&nbsp;</p>
<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
<a href="/sabnzbd">/sabnzbd</a></p>
<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
&nbsp;</p>
<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
<a href="/couchpotato">/couchpotato</a></p>
<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
&nbsp;</p>
<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
<a href="/transmission">/transmission</a></p>
</body>
</html>
proxy_connect_timeout 59s;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_buffer_size 64k;
proxy_buffers 16 32k;
proxy_pass_header Set-Cookie;
proxy_hide_header Vary;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_set_header Accept-Encoding '';
proxy_ignore_headers Cache-Control Expires;
proxy_set_header Referer $http_referer;
proxy_set_header Host $host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port '443';
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Authorization '';
#proxy_buffering off;
#proxy_redirect off;
#proxy_redirect default;
proxy_redirect http://example.net/ /;
proxy_redirect https://example.net/ /;
#proxy_redirect http://$host/ /;
#proxy_redirect http:// https://;
#more_clear_headers 'referer';
#RequestHeader unset referer
#proxy_hide_header referer;
#proxy_ignore_headers referer;
location /sickbeard {
proxy_pass http://localhost:8081/sickbeard;
include proxy-control.conf;
include auth-basic.conf;
proxy_set_header Host localhost:8081;
proxy_redirect default;
port_in_redirect off;
}
#Change web_root in config.ini to /sickbeard (Sickbeard should be stopped while editing file), also for post processing add web_root to autoProcessTV.cfg
#web_root = /sickbeard
location /sabnzbd {
proxy_pass http://localhost:8082/sabnzbd;
include proxy-control.conf;
include auth-basic.conf;
proxy_set_header Host localhost:8082;
proxy_redirect default;
port_in_redirect off;
}
location /couchpotato {
proxy_pass http://localhost:5050/couchpotato;
include proxy-control.conf;
include auth-basic.conf;
proxy_set_header Host localhost:5050;
proxy_redirect default;
#See http://couchpotato.tenderapp.com/kb/tips/reverse-proxy
#URL base needs to be adjusted and make sure couchpotato is restarted once the change is in place
}
location /transmission {
proxy_pass http://localhost:9091/transmission;
include proxy-control.conf;
include auth-basic.conf;
}
location /headphones {
proxy_pass http://localhost:8181/headphones;
include proxy-control.conf;
include auth-basic.conf;
}
#You will need to make sure headphones is not running, and then modify its config.ini file in order to set:
#http_root = /headphones
server {
listen 443;
include ssl.conf;
include services.conf;
}
ssl on;
ssl_certificate /usr/local/etc/ssl/server.cer;
ssl_certificate_key /usr/local/etc/ssl/server.key;
#ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SH$
ssl_prefer_server_ciphers on;
@slayer49
Copy link

slayer49 commented Feb 8, 2015

Thanks for the comments regarding changing the base URLs, I couldn't figure that part out for some reason

@Rumbles
Copy link

Rumbles commented Jul 7, 2015

This really helped me get everything running behind nginx, thanks!

@tbgoose
Copy link

tbgoose commented Sep 23, 2015

Awesome stuff mate, going through customizing it for my own setup. Few questions though - do all the services need / benefit from proxy_set_header / port_in_redirect = off? I noticed that not all the apps have it in their nginx redirect section.

Also what does the auth-basic.conf do? Do I need to create a htpsswd file with credentials in it or something?

@surrealchemist
Copy link
Author

Sorry I haven't checked this in ages so I didn't see all these comments. The auth-basic.conf does read login credentials from htpasswd generated file. That is so I can protect the pages it links to as I make my site open to the internet.

The proxy header settings were added on a per app basis, as they work in different ways. Having it show up as port 80 can change the URLs and depending on the application it may not work properly. I guess this is months after you posted so you probably have figured it out already.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment