[INIT]

.gitignore

@@ -0,0 +1 @@
+*~

README.md

@@ -0,0 +1,50 @@
+![](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_small.png)
+
+# How to use these Reverse Proxy Configs
+
+This folder contains sample reverse proxy configs for various docker images linuxserver provides and other commonly used applications. 
+
+NOTE: We avoid providing samples that publicly expose server management software (ex: syno, qnap, unraid, proxmox, esxi, etc). Pull requests to add samples for this category of applications will not be accepted.
+
+They are grouped in two:
+
+1. `subfolder` these will allow accessing services at https://yourdomain.com/servicename
+2. `subdomain` these will allow accessing services at https://servicename.yourdomain.com
+
+## To enable the reverse proxy configs:
+
+### Configure your default site config
+
+Make sure that your default site config contains the following lines in the appropriate spots as seen in the default version:
+
+1) For subfolder methods: `include /config/nginx/proxy-confs/*.subfolder.conf;`
+2) For subdomain methods: `include /config/nginx/proxy-confs/*.subdomain.conf;`
+
+### Ensure you have a custom docker network
+
+These confs assume that the swag container can reach other containers via their dns hostnames (defaults to container name) resolved via docker's internal dns. This is achieved through having the containers attached to the same user defined docker bridge network. 
+
+- If you are using docker-compose and the containers are managed through the same yaml file, docker-compose will automatically create a custom network and attach all containers to it. Nothing extra is required.
+
+- If you are starting the containers via command line, first create a bridge network with the command `docker network create [networkname]` Then define that network in the container run/create command via `--network [networkname]`.
+
+- If you are using a gui manager like portainer, you can create a custom bridge network in the gui, and select it when creating a new container.
+
+- If you are using unraid, create a custom network in command line via `docker network create [networkname]`, then go to docker service settings (under advanced) and set the option `Preserve user defined networks:` to `Yes`. Then in each container setting, including the swag container, in the network type dropdown, select `Custom : [networkname]`.  This is a necessary step as the bridge network that unraid uses by default does not allow container to container communication.
+
+If the reverse proxied containers are not reachable via dns or they are running on a different machine, you will have to modify these confs to fit your needs.
+
+### Rename the required proxy configs
+
+1) Rename the conf files and remove the `.sample` at the end (ie. `sonarr.subfolder.conf`)
+2) Restart the swag container
+
+### Make any necessary changes detailed in the config
+
+Some applications require you to make changes to the service containers such as adding base urls in their settings. Each conf file lists the required changes on the first line.
+
+If you are reverse proxying linuxserver containers installed on the same host with the recommended options, you shouldn't need to edit these conf files.
+
+## To disable the configs:
+
+Simply delete the confs and restart swag.

blog.subdomain.conf

@@ -0,0 +1,40 @@
+## Version 2020/12/09
+# make sure that your dns has a cname set for ghost and that your ghost config is not using a subdirectory.
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name blog.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    #enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        #enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        #enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app  ghost-ghost-1;
+        set $upstream_port 2368;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+        proxy_redirect off;
+    }
+}

books.subdomain.conf

@@ -0,0 +1,44 @@
+## Version 2020/12/09
+# make sure that your dns has a cname set for gitea and the following parameters in /data/gitea/conf/app.ini are edited
+# [server]
+# SSH_DOMAIN       = gitea.server.com
+# ROOT_URL         = https://gitea.server.com/
+# DOMAIN           = gitea.server.com
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name books.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app komga;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}

cockpit.subdomain.conf

@@ -0,0 +1,23 @@
+server {
+    listen 443 ssl;
+    #add_header Strict-Transport-Security "max-age=15552000" always;
+    add_header Referrer-Policy no-referrer;
+    add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";  
+    #add_header X-Frame-Options SAMEORIGIN always;
+    #add_header X-Content-Type-Options nosniff always;
+    #add_header X-XSS-Protection "1; mode=block" always;
+    root /config/www;
+    index index.html index.htm index.php;
+    server_name cockpit.cha-sam.re; #la ligne1 à personnaliser
+    include /config/nginx/ssl.conf;
+    client_max_body_size 0;
+    location / {
+        include /config/nginx/proxy.conf;
+        proxy_redirect http:// https://;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+	proxy_pass https://192.168.8.50:9090; #la ligne2 à personnaliser
+    }
+    
+}

collabora.subdomain.conf

@@ -0,0 +1,122 @@
+## Version 2020/12/09
+# make sure that your dns has a cname set for collabora and that your collabora container is named collabora
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name collabora.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app collabora_code_1;
+        set $upstream_port 9980;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+#        proxy_http_version 1.1;
+#        proxy_read_timeout 3600s;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host            $host;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        add_header X-Frontend-Host $host;
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+    }
+ # static files
+ # location ^~ /browser {
+ #   include /config/nginx/proxy.conf;
+ #   resolver 127.0.0.11 valid=30s;
+ #   set $upstream_app collabora_code_1;
+ #   set $upstream_port 9980;
+ #   set $upstream_proto http;
+ #   proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+ #   proxy_set_header Host $http_host;
+ # }
+
+ # WOPI discovery URL
+ # location ^~ /hosting/discovery {
+ #   include /config/nginx/proxy.conf;
+ #   resolver 127.0.0.11 valid=30s;
+ #   set $upstream_app collabora_code_1;
+ #   set $upstream_port 9980;
+ #   set $upstream_proto http;
+ #   proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+ #   proxy_set_header Host $http_host;
+ # }
+
+ # Capabilities
+ # location ^~ /hosting/capabilities {
+ #   include /config/nginx/proxy.conf;
+ #   resolver 127.0.0.11 valid=30s;
+ #   set $upstream_app collabora_code_1;
+ #   set $upstream_port 9980;
+ #   set $upstream_proto http;
+ #   proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+ #   proxy_set_header Host $http_host;
+ # }
+
+ # main websocket
+ # location ~ ^/cool/(.*)/ws$ {
+ #   include /config/nginx/proxy.conf;
+ #   resolver 127.0.0.11 valid=30s;
+ #   set $upstream_app collabora_code_1;
+ #   set $upstream_port 9980;
+ #   set $upstream_proto http;
+ #   proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+ #   proxy_set_header Upgrade $http_upgrade;
+ #   proxy_set_header Connection "Upgrade";
+ #   proxy_set_header Host $http_host;
+ #   #proxy_read_timeout 36000s;
+ # }
+
+ # # download, presentation and image upload
+ # location ~ ^/(c|l)ool {
+ #   include /config/nginx/proxy.conf;
+ #   resolver 127.0.0.11 valid=30s;
+ #   set $upstream_app collabora_code_1;
+ #   set $upstream_port 9980;
+ #   set $upstream_proto http;
+ #   proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+ #   proxy_set_header Host $http_host;
+ # }
+
+ # # Admin Console websocket
+ # location ^~ /cool/adminws {
+ #   include /config/nginx/proxy.conf;
+ #   resolver 127.0.0.11 valid=30s;
+ #   set $upstream_app collabora_code_1;
+ #   set $upstream_port 9980;
+ #   set $upstream_proto http;
+ #   proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+ #   proxy_set_header Upgrade $http_upgrade;
+ #   proxy_set_header Connection "Upgrade";
+ #   proxy_set_header Host $http_host;
+ #   #proxy_read_timeout 36000s;
+
+ # }
+
+}

git.subdomain.conf

@@ -0,0 +1,44 @@
+## Version 2020/12/09
+# make sure that your dns has a cname set for gitea and the following parameters in /data/gitea/conf/app.ini are edited
+# [server]
+# SSH_DOMAIN       = gitea.server.com
+# ROOT_URL         = https://gitea.server.com/
+# DOMAIN           = gitea.server.com
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name git.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app gogs-gogs-1;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}

homeassistant.subdomain.conf

@@ -0,0 +1,62 @@
+## Version 2020/12/09
+# make sure that your dns has a cname set for homeassistant and that your homeassistant container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name homeassistant.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app homeassistant;
+        set $upstream_port 8123;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+    
+    location /api {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app homeassistant;
+        set $upstream_port 8123;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+    location /api/websocket {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app homeassistant;
+        set $upstream_port 8123;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+#	proxy_http_version 1.1;
+	proxy_set_header Upgrade $http_upgrade;
+    	proxy_set_header Connection "upgrade";
+    }
+
+}

jellyfin.subdomain.conf

@@ -0,0 +1,40 @@
+## Version 2020/12/09
+# make sure that your dns has a cname set for jellyfin
+# if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is
+# if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app <containername>;"
+# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of jellyfin
+# in jellyfin settings, under "Advanced/Networking" change the public https port to 443, leave the local ports as is,
+# and set the "Secure connection mode" to "Handled by reverse proxy"
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name jellyfin.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app jellyfin;
+        set $upstream_port 8096;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_set_header Range $http_range;
+        proxy_set_header If-Range $http_if_range;
+    }
+
+    location ~ (/jellyfin)?/socket {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app jellyfin;
+        set $upstream_port 8096;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}

mailu.subdomain.conf

@@ -0,0 +1,40 @@
+## Version 2020/12/09
+# make sure that your dns has a cname set for mailu and that your mailu front container is named front
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name mail.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app mailu-front-1;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}

nextcloud.subdomain.conf

@@ -0,0 +1,37 @@
+# make sure that your dns has a cname set for nextcloud
+# assuming this container is called "letsencrypt", edit your nextcloud container's config
+# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
+#  'trusted_proxies' => ['letsencrypt'],
+#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
+#  'overwritehost' => 'nextcloud.your-domain.com',
+#  'overwriteprotocol' => 'https',
+#
+# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
+#  array (
+#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
+#    1 => 'nextcloud.your-domain.com',
+#  ),
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name nextcloud.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app nextcloud;
+        set $upstream_port 443;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        #proxy_max_temp_file_size 2048m;
+	proxy_max_temp_file_size 30720m;
+
+	}
+}

office.subdomain.conf

@@ -0,0 +1,35 @@
+## Version 2020/12/09
+# make sure that your dns has a cname set for portainer
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name office.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    access_log /var/log/nginx/onlyoffice.access_log;
+    error_log /var/log/nginx/onlyoffice.error_log info;
+    location / {
+        proxy_pass http://192.168.8.50:2291;
+        proxy_http_version 1.1;
+        proxy_read_timeout 3600s;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host            $host;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        add_header X-Frontend-Host $host;
+        # Uncomment this line and reload once you have setup TLS for that domain !
+        # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    }
+ }

omv.subdomain.conf

@@ -0,0 +1,37 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    #add_header Strict-Transport-Security "max-age=15552000" always;
+    add_header Referrer-Policy no-referrer;
+    add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";  
+    #add_header X-Frame-Options SAMEORIGIN always;
+    #add_header X-Content-Type-Options nosniff always;
+    #add_header X-XSS-Protection "1; mode=block" always;
+    root /config/www;
+    index index.html index.htm index.php;
+    server_name omv.*; #la ligne1 à personnaliser
+    include /config/nginx/ssl.conf;
+#    client_max_body_size 0;
+    location / {
+       include /config/nginx/proxy.conf;
+       proxy_redirect http:// https://;
+       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+       proxy_set_header Upgrade $http_upgrade;
+       proxy_set_header Connection "upgrade";
+       proxy_pass http://192.168.8.50:80; #la ligne2 à personnaliser
+
+        # include /config/nginx/proxy.conf;
+        # resolver 127.0.0.11 valid=30s;
+        # set $upstream_app portainer;
+        # set $upstream_port 80;
+        # set $upstream_proto http;
+        # proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+#        proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
+
+    }
+}
+
+## Version 2020/12/09                                                                                                                                                                                                                        
+# make sure that your dns has a cname set for portainer                                                                                                                                                                                      
+

plex.subdomain.conf

@@ -0,0 +1,57 @@
+## Version 2020/12/09
+# make sure that your dns has a cname set for plex
+# if plex is running in bridge mode and the container is named "plex", the below config should work as is
+# if not, replace the line "set $upstream_app plex;" with "set $upstream_app <containername>;"
+# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of plex
+# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443")
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name plex.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    proxy_redirect off;
+    proxy_buffering off;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app plex;
+        set $upstream_port 32400;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
+        proxy_set_header X-Plex-Device $http_x_plex_device;
+        proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
+        proxy_set_header X-Plex-Platform $http_x_plex_platform;
+        proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
+        proxy_set_header X-Plex-Product $http_x_plex_product;
+        proxy_set_header X-Plex-Token $http_x_plex_token;
+        proxy_set_header X-Plex-Version $http_x_plex_version;
+        proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
+        proxy_set_header X-Plex-Provides $http_x_plex_provides;
+        proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
+        proxy_set_header X-Plex-Model $http_x_plex_model;
+    }
+}

portainer.subdomain.conf

@@ -0,0 +1,63 @@
+## Version 2020/12/09
+# make sure that your dns has a cname set for portainer
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name portainer.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app portainer;
+        set $upstream_port 9000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
+    }
+
+    location /api/websocket/ {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app portainer;
+        set $upstream_port 9000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
+    }
+}

radarr.subdomain.conf

@@ -0,0 +1,50 @@
+## Version 2020/12/09
+# make sure that your dns has a cname set for radarr and that your radarr container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name movies.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app radarr;
+        set $upstream_port 7878;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/radarr)?/api {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app radarr;
+        set $upstream_port 7878;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}

searx.subdomain.conf

@@ -0,0 +1,41 @@
+## Version 2020/12/09
+# First complete the setup by appending install.php to URL.
+# Make sure that your dns has a cname set for dokuwiki
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name search.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    #enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        #enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        #enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app searxng;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}

sonarr.subdomain.conf

@@ -0,0 +1,50 @@
+## Version 2020/12/09
+# make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name series.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app sonarr;
+        set $upstream_port 8989;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/sonarr)?/api {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app sonarr;
+        set $upstream_port 8989;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+   }
+}

torrent.subdomain.conf

@@ -0,0 +1,61 @@
+## Version 2020/12/09
+# Make sure that DNS has a cname set for torrent
+#
+# Some Torrent Chrome extensions cannot handle HTTP/2 proxies as they
+# rely on the HTTP Status Text to determine if they should add the
+# X-Torrent-Session-Id header or not. HTTP/2 does not return this text
+# so jQuery responses are empty. This causes RPCs to fail.
+#
+# If your extension is affected, you can remove http2 from the default server
+# in /config/nginx/site-confs/default or listen on a different port that has
+# no http2 servers defined. Better yet, submit a bug report with the
+# extension developer to fix their extensions to support HTTP/2.
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name torrent.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app transmission;
+        set $upstream_port 9091;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_pass_header  X-Torrent-Session-Id;
+    }
+
+    location ~ (/torrent)?/rpc {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app transmission;
+        set $upstream_port 9091;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}

wekan.subdomain.conf

@@ -0,0 +1,23 @@
+server {
+    listen 443 ssl;
+    #add_header Strict-Transport-Security "max-age=15552000" always;
+    add_header Referrer-Policy no-referrer;
+    add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";  
+    #add_header X-Frame-Options SAMEORIGIN always;
+    #add_header X-Content-Type-Options nosniff always;
+    #add_header X-XSS-Protection "1; mode=block" always;
+    root /config/www;
+    index index.html index.htm index.php;
+    server_name wekan.cha-sam.re; #la ligne1 à personnaliser
+    include /config/nginx/ssl.conf;
+    client_max_body_size 0;
+    location / {
+        include /config/nginx/proxy.conf;
+        proxy_redirect http:// https://;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+	proxy_pass http://192.168.8.50:3001; #la ligne2 à personnaliser
+    }
+    
+}

wiki.subdomain.conf

@@ -0,0 +1,41 @@
+## Version 2020/12/09
+# First complete the setup by appending install.php to URL.
+# Make sure that your dns has a cname set for dokuwiki
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name wiki.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    #enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        #enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        #enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app dokuwiki;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}