-
-
Save surrealchemist/9560955 to your computer and use it in GitHub Desktop.
auth_basic "Restricted"; | |
auth_basic_user_file /usr/local/etc/nginx/htpasswd; |
<html> | |
<head> | |
<title>My NGINX Proxies</title> | |
</head> | |
<body> | |
<h1> | |
Welcome to my stuff</h1> | |
<p style="margin: 0px; font-size: 11px; font-family: Menlo;"> | |
<a href="/sickbeard">/sickbeard</a></p> | |
<p style="margin: 0px; font-size: 11px; font-family: Menlo;"> | |
</p> | |
<p style="margin: 0px; font-size: 11px; font-family: Menlo;"> | |
<a href="/sabnzbd">/sabnzbd</a></p> | |
<p style="margin: 0px; font-size: 11px; font-family: Menlo;"> | |
</p> | |
<p style="margin: 0px; font-size: 11px; font-family: Menlo;"> | |
<a href="/couchpotato">/couchpotato</a></p> | |
<p style="margin: 0px; font-size: 11px; font-family: Menlo;"> | |
</p> | |
<p style="margin: 0px; font-size: 11px; font-family: Menlo;"> | |
<a href="/transmission">/transmission</a></p> | |
</body> | |
</html> |
proxy_connect_timeout 59s; | |
proxy_send_timeout 600; | |
proxy_read_timeout 600; | |
proxy_buffer_size 64k; | |
proxy_buffers 16 32k; | |
proxy_pass_header Set-Cookie; | |
proxy_hide_header Vary; | |
proxy_busy_buffers_size 64k; | |
proxy_temp_file_write_size 64k; | |
proxy_set_header Accept-Encoding ''; | |
proxy_ignore_headers Cache-Control Expires; | |
proxy_set_header Referer $http_referer; | |
proxy_set_header Host $host; | |
proxy_set_header Cookie $http_cookie; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-Host $host; | |
proxy_set_header X-Forwarded-Server $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
#proxy_set_header X-Forwarded-For $remote_addr; | |
proxy_set_header X-Forwarded-Port '443'; | |
proxy_set_header X-Forwarded-Ssl on; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_set_header Authorization ''; | |
#proxy_buffering off; | |
#proxy_redirect off; | |
#proxy_redirect default; | |
proxy_redirect http://example.net/ /; | |
proxy_redirect https://example.net/ /; | |
#proxy_redirect http://$host/ /; | |
#proxy_redirect http:// https://; | |
#more_clear_headers 'referer'; | |
#RequestHeader unset referer | |
#proxy_hide_header referer; | |
#proxy_ignore_headers referer; |
location /sickbeard { | |
proxy_pass http://localhost:8081/sickbeard; | |
include proxy-control.conf; | |
include auth-basic.conf; | |
proxy_set_header Host localhost:8081; | |
proxy_redirect default; | |
port_in_redirect off; | |
} | |
#Change web_root in config.ini to /sickbeard (Sickbeard should be stopped while editing file), also for post processing add web_root to autoProcessTV.cfg | |
#web_root = /sickbeard | |
location /sabnzbd { | |
proxy_pass http://localhost:8082/sabnzbd; | |
include proxy-control.conf; | |
include auth-basic.conf; | |
proxy_set_header Host localhost:8082; | |
proxy_redirect default; | |
port_in_redirect off; | |
} | |
location /couchpotato { | |
proxy_pass http://localhost:5050/couchpotato; | |
include proxy-control.conf; | |
include auth-basic.conf; | |
proxy_set_header Host localhost:5050; | |
proxy_redirect default; | |
#See http://couchpotato.tenderapp.com/kb/tips/reverse-proxy | |
#URL base needs to be adjusted and make sure couchpotato is restarted once the change is in place | |
} | |
location /transmission { | |
proxy_pass http://localhost:9091/transmission; | |
include proxy-control.conf; | |
include auth-basic.conf; | |
} | |
location /headphones { | |
proxy_pass http://localhost:8181/headphones; | |
include proxy-control.conf; | |
include auth-basic.conf; | |
} | |
#You will need to make sure headphones is not running, and then modify its config.ini file in order to set: | |
#http_root = /headphones |
server { | |
listen 443; | |
include ssl.conf; | |
include services.conf; | |
} |
ssl on; | |
ssl_certificate /usr/local/etc/ssl/server.cer; | |
ssl_certificate_key /usr/local/etc/ssl/server.key; | |
#ssl_session_timeout 5m; | |
ssl_protocols SSLv3 TLSv1; | |
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; | |
ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SH$ | |
ssl_prefer_server_ciphers on; |
This really helped me get everything running behind nginx, thanks!
Awesome stuff mate, going through customizing it for my own setup. Few questions though - do all the services need / benefit from proxy_set_header / port_in_redirect = off? I noticed that not all the apps have it in their nginx redirect section.
Also what does the auth-basic.conf do? Do I need to create a htpsswd file with credentials in it or something?
Sorry I haven't checked this in ages so I didn't see all these comments. The auth-basic.conf does read login credentials from htpasswd generated file. That is so I can protect the pages it links to as I make my site open to the internet.
The proxy header settings were added on a per app basis, as they work in different ways. Having it show up as port 80 can change the URLs and depending on the application it may not work properly. I guess this is months after you posted so you probably have figured it out already.
Thanks for the comments regarding changing the base URLs, I couldn't figure that part out for some reason