Create pocketid.subdomain.conf.sample #790
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,102 @@ | ||
| ## Version 2025/07/18 | ||
| # make sure that your pocketid container is named pocketid | ||
| # make sure that your dns has a cname set for pocketid | ||
|
|
||
| server { | ||
| listen 443 ssl; | ||
| listen 443 quic; | ||
| listen [::]:443 ssl; | ||
| listen [::]:443 quic; | ||
|
|
||
|
|
||
| server_name pocketid.*; | ||
|
|
||
| include /config/nginx/ssl.conf; | ||
|
|
||
| client_max_body_size 0; | ||
|
|
||
| # enable for ldap auth (requires ldap-location.conf in the location block) | ||
| #include /config/nginx/ldap-server.conf; | ||
|
|
||
| # enable for Authelia (requires authelia-location.conf in the location block) | ||
| #include /config/nginx/authelia-server.conf; | ||
|
|
||
| # enable for Authentik (requires authentik-location.conf in the location block) | ||
| #include /config/nginx/authentik-server.conf; | ||
|
|
||
| # enable for Tinyauth (requires tinyauth-location.conf in the location block) | ||
| #include /config/nginx/tinyauth-server.conf; | ||
|
|
||
| if ($lan-ip = yes) { set $geo-whitelist yes; } | ||
|
Member
There was a problem hiding this comment. you dont know that users want geoblocking or have the mod to support it |
||
| if ($geo-whitelist = no) { return 404; } | ||
|
Member
There was a problem hiding this comment. you dont know that users want geoblocking or have the mod to support it |
||
| location / { | ||
| # enable the next two lines for http auth | ||
| #auth_basic "Restricted"; | ||
| #auth_basic_user_file /config/nginx/.htpasswd; | ||
|
|
||
| # enable for ldap auth (requires ldap-server.conf in the server block) | ||
| #include /config/nginx/ldap-location.conf; | ||
|
|
||
| # enable for Authelia (requires authelia-server.conf in the server block) | ||
| #include /config/nginx/authelia-location.conf; | ||
|
|
||
| # enable for Authentik (requires authentik-server.conf in the server block) | ||
| #include /config/nginx/authentik-location.conf; | ||
|
|
||
| # enable for Tinyauth (requires tinyauth-server.conf in the server block) | ||
| #include /config/nginx/tinyauth-location.conf; | ||
|
|
||
| # include /config/nginx/proxy.conf; | ||
| include /config/nginx/resolver.conf; | ||
| set $upstream_app pocketid; | ||
| set $upstream_port 1411; | ||
| set $upstream_proto http; | ||
| proxy_pass $upstream_proto://$upstream_app:$upstream_port; | ||
|
|
||
| ## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample | ||
|
Member
There was a problem hiding this comment. im not sure what you're doing here, but this doesn't belong in this file and it's highly unlikely we would make overarching changes to proxy.conf which affects everything. |
||
|
|
||
| # Timeout if the real server is dead | ||
| proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; | ||
|
|
||
| # Proxy Connection Settings | ||
| #### proxy_buffers 32 4k; | ||
| proxy_connect_timeout 240; | ||
| proxy_headers_hash_bucket_size 128; | ||
| proxy_headers_hash_max_size 1024; | ||
| proxy_http_version 1.1; | ||
| proxy_read_timeout 240; | ||
| proxy_redirect http:// $scheme://; | ||
| proxy_send_timeout 240; | ||
|
|
||
| # Proxy Cache and Cookie Settings | ||
| proxy_cache_bypass $cookie_session; | ||
| #proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps | ||
| proxy_no_cache $cookie_session; | ||
| # Proxy Header Settings | ||
| proxy_set_header Connection $connection_upgrade; | ||
| proxy_set_header Early-Data $ssl_early_data; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header Proxy ""; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Host $host; | ||
| proxy_set_header X-Forwarded-Method $request_method; | ||
| proxy_set_header X-Forwarded-Port $server_port; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_set_header X-Forwarded-Server $host; | ||
| proxy_set_header X-Forwarded-Ssl on; | ||
| proxy_set_header X-Forwarded-Uri $request_uri; | ||
| proxy_set_header X-Original-Method $request_method; | ||
| proxy_set_header X-Original-URL $scheme://$http_host$request_uri; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
|
|
||
| proxy_buffer_size 256k; | ||
| proxy_buffers 4 512k; | ||
| proxy_busy_buffers_size 512k; | ||
|
|
||
|
|
||
| } | ||
| } | ||
|
|
||
|
|
||
|
|
||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do not enable by default