From 2a5ec41cafab7a4ccafddffe73f66f84429858b6 Mon Sep 17 00:00:00 2001 From: Jurrer Date: Fri, 29 Sep 2023 12:57:35 +0000 Subject: [PATCH 1/5] Create linkace.subdomain.conf.sample --- linkace.subdomain.conf.sample | 62 +++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 linkace.subdomain.conf.sample diff --git a/linkace.subdomain.conf.sample b/linkace.subdomain.conf.sample new file mode 100644 index 000000000..6b4f2c733 --- /dev/null +++ b/linkace.subdomain.conf.sample @@ -0,0 +1,62 @@ +## Version 2023/09/29 +# make sure that your linkace container is named linkace +# make sure that your dns has a cname set for linkace +# use linkace:simple package with included proxy + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name linkace.*; + + # enable to indicate to search engines to not index this site + # add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + + # Content security headers for Laravel + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app linkace; + set $upstream_port 80; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + +} \ No newline at end of file From 2d577f0687eeffb02291d3c07e0af3f8bd8a2e4d Mon Sep 17 00:00:00 2001 From: Jurrer Date: Fri, 29 Sep 2023 13:03:01 +0000 Subject: [PATCH 2/5] Create storm.subdomain.conf.sample --- storm.subdomain.conf.sample | 54 +++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 storm.subdomain.conf.sample diff --git a/storm.subdomain.conf.sample b/storm.subdomain.conf.sample new file mode 100644 index 000000000..18667418b --- /dev/null +++ b/storm.subdomain.conf.sample @@ -0,0 +1,54 @@ +## Version 2023/02/05 +# reverse proxy config for a modern deluge interface named storm +# https://github.com/relvacode/storm +# make sure that your storm container is named storm +# make sure that your dns has a cname set for storm + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name storm.*; + + # enable to indicate to search engines to not index this site + # add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app storm; + set $upstream_port 8221; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + + } + + +} From 4a6acdc792e1934b962518506d5991306b242beb Mon Sep 17 00:00:00 2001 From: Jurrer Date: Fri, 29 Sep 2023 13:21:52 +0000 Subject: [PATCH 3/5] Create your-spotify.subdomain.conf.sample --- your-spotify.subdomain.conf.sample | 102 +++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 your-spotify.subdomain.conf.sample diff --git a/your-spotify.subdomain.conf.sample b/your-spotify.subdomain.conf.sample new file mode 100644 index 000000000..a7bb0ba9f --- /dev/null +++ b/your-spotify.subdomain.conf.sample @@ -0,0 +1,102 @@ +## Version 2023/09/29 +# https://github.com/Yooooomi/your_spotify +# this app requires separate server and web containers. It uses web and server URLs for api callbacks, thus a double config is required. +# make sure that your YourSpotify client container is named your-spotify-web +# make sure that your YourSpotify server container is named your-spotify-server +# make sure that your dns has a cname set for your-spotify and your-spotify-server +# do not forget to finish configuration following instructions in apps repository. CLIENT_ENDPOINT=https://your-spotify.[your domain]; API_ENDPOINT=https://your-spotify-server.[your domain]. + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name your-spotify.*; + + # enable to indicate to search engines to not index this site + #add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app your-spotify-web; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + +} + + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name your-spotify-server.*; + + # enable to indicate to search engines to not index this site + #add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app your-spotify-server; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + +} \ No newline at end of file From c924cf20e4c36a6664db334bac2e2d3032784d17 Mon Sep 17 00:00:00 2001 From: Jurrer Date: Sun, 15 Oct 2023 20:37:20 +0200 Subject: [PATCH 4/5] remove unnecessary headers --- linkace.subdomain.conf.sample | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/linkace.subdomain.conf.sample b/linkace.subdomain.conf.sample index 6b4f2c733..bad95ee2e 100644 --- a/linkace.subdomain.conf.sample +++ b/linkace.subdomain.conf.sample @@ -11,16 +11,6 @@ server { # enable to indicate to search engines to not index this site # add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; - - # Content security headers for Laravel - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Content-Type-Options "nosniff"; - - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - include /config/nginx/ssl.conf; @@ -55,8 +45,5 @@ server { set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; - } - - } \ No newline at end of file From 0558de6424c43e7713276aa26d4c44ac39a831b2 Mon Sep 17 00:00:00 2001 From: Jurrer Date: Tue, 17 Oct 2023 16:31:09 +0200 Subject: [PATCH 5/5] unify configs, split your-spotify config --- linkace.subdomain.conf.sample | 3 -- storm.subdomain.conf.sample | 3 -- your-spotify-api.subdomain.conf.sample | 51 +++++++++++++++++++++ your-spotify.subdomain.conf.sample | 63 +++----------------------- 4 files changed, 58 insertions(+), 62 deletions(-) create mode 100644 your-spotify-api.subdomain.conf.sample diff --git a/linkace.subdomain.conf.sample b/linkace.subdomain.conf.sample index bad95ee2e..884da71b4 100644 --- a/linkace.subdomain.conf.sample +++ b/linkace.subdomain.conf.sample @@ -9,9 +9,6 @@ server { server_name linkace.*; - # enable to indicate to search engines to not index this site - # add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; - include /config/nginx/ssl.conf; client_max_body_size 0; diff --git a/storm.subdomain.conf.sample b/storm.subdomain.conf.sample index 18667418b..e112ddeef 100644 --- a/storm.subdomain.conf.sample +++ b/storm.subdomain.conf.sample @@ -10,9 +10,6 @@ server { server_name storm.*; - # enable to indicate to search engines to not index this site - # add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; - include /config/nginx/ssl.conf; client_max_body_size 0; diff --git a/your-spotify-api.subdomain.conf.sample b/your-spotify-api.subdomain.conf.sample new file mode 100644 index 000000000..2ebba5af4 --- /dev/null +++ b/your-spotify-api.subdomain.conf.sample @@ -0,0 +1,51 @@ +## Version 2023/10/17 +# https://github.com/Yooooomi/your_spotify +# this is not a standalone config, it requires configured your-spotify web container for full functionality. +# it uses server URLs for api callbacks, thus a server is required +# make sure that your YourSpotify api container is named your-spotify-server +# make sure that your dns has a cname set for your-spotify-server +# do not forget to finish configuration following instructions in apps repository. API_ENDPOINT=https://your-spotify-server.[your domain]. + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name your-spotify-server.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app your-spotify-server; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + +} \ No newline at end of file diff --git a/your-spotify.subdomain.conf.sample b/your-spotify.subdomain.conf.sample index a7bb0ba9f..e698f2259 100644 --- a/your-spotify.subdomain.conf.sample +++ b/your-spotify.subdomain.conf.sample @@ -1,19 +1,16 @@ -## Version 2023/09/29 +## Version 2023/10/17 # https://github.com/Yooooomi/your_spotify -# this app requires separate server and web containers. It uses web and server URLs for api callbacks, thus a double config is required. -# make sure that your YourSpotify client container is named your-spotify-web -# make sure that your YourSpotify server container is named your-spotify-server -# make sure that your dns has a cname set for your-spotify and your-spotify-server -# do not forget to finish configuration following instructions in apps repository. CLIENT_ENDPOINT=https://your-spotify.[your domain]; API_ENDPOINT=https://your-spotify-server.[your domain]. +# this is not a standalone config, it requires configured your-spotify api container for full functionality. +# it uses server URLs for api callbacks, thus a server is required +# make sure that your YourSpotify web container is named your-spotify-web +# make sure that your dns has a cname set for your-spotify +# do not forget to finish configuration following instructions in apps repository. CLIENT_ENDPOINT=https://your-spotify.[your domain] server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name your-spotify.*; - - # enable to indicate to search engines to not index this site - #add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + server_name your-spotify.*; include /config/nginx/ssl.conf; @@ -54,49 +51,3 @@ server { } -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name your-spotify-server.*; - - # enable to indicate to search engines to not index this site - #add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - # enable for ldap auth (requires ldap-location.conf in the location block) - #include /config/nginx/ldap-server.conf; - - # enable for Authelia (requires authelia-location.conf in the location block) - #include /config/nginx/authelia-server.conf; - - # enable for Authentik (requires authentik-location.conf in the location block) - #include /config/nginx/authentik-server.conf; - - location / { - # enable the next two lines for http auth - #auth_basic "Restricted"; - #auth_basic_user_file /config/nginx/.htpasswd; - - # enable for ldap auth (requires ldap-server.conf in the server block) - #include /config/nginx/ldap-location.conf; - - # enable for Authelia (requires authelia-server.conf in the server block) - #include /config/nginx/authelia-location.conf; - - # enable for Authentik (requires authentik-server.conf in the server block) - #include /config/nginx/authentik-location.conf; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_app your-spotify-server; - set $upstream_port 8080; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - -} \ No newline at end of file