<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://wiki.deathbybandaid.net/index.php?action=history&amp;feed=atom&amp;title=Nginx</id>
	<title>Nginx - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://wiki.deathbybandaid.net/index.php?action=history&amp;feed=atom&amp;title=Nginx"/>
	<link rel="alternate" type="text/html" href="https://wiki.deathbybandaid.net/index.php?title=Nginx&amp;action=history"/>
	<updated>2026-07-05T17:04:44Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.41.1</generator>
	<entry>
		<id>https://wiki.deathbybandaid.net/index.php?title=Nginx&amp;diff=8&amp;oldid=prev</id>
		<title>Deathbybandaid: Created page with &quot; =Reverse Proxy (rough)= Below is a very rough outline of an nginx reverse proxy setup  &lt;nowiki&gt;cd /etc/nginx&lt;/nowiki&gt;   &lt;nowiki&gt;nano nginx.conf&lt;/nowiki&gt;   &lt;nowiki&gt;  ## Global Settings  include /etc/nginx/conf/globals.conf;    http {    ## United States only  # requires apt-get install geoip-database  # geoip_country /usr/share/GeoIP/GeoIP.dat;  # map $geoip_country_code $allowed_country {default yes; US yes;}    ## Settings  include /etc/nginx/conf/settings.conf;    ##...&quot;</title>
		<link rel="alternate" type="text/html" href="https://wiki.deathbybandaid.net/index.php?title=Nginx&amp;diff=8&amp;oldid=prev"/>
		<updated>2021-12-08T20:12:28Z</updated>

		<summary type="html">&lt;p&gt;Created page with &amp;quot; =Reverse Proxy (rough)= Below is a very rough outline of an nginx reverse proxy setup  &amp;lt;nowiki&amp;gt;cd /etc/nginx&amp;lt;/nowiki&amp;gt;   &amp;lt;nowiki&amp;gt;nano nginx.conf&amp;lt;/nowiki&amp;gt;   &amp;lt;nowiki&amp;gt;  ## Global Settings  include /etc/nginx/conf/globals.conf;    http {    ## United States only  # requires apt-get install geoip-database  # geoip_country /usr/share/GeoIP/GeoIP.dat;  # map $geoip_country_code $allowed_country {default yes; US yes;}    ## Settings  include /etc/nginx/conf/settings.conf;    ##...&amp;quot;&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;&lt;br /&gt;
=Reverse Proxy (rough)=&lt;br /&gt;
Below is a very rough outline of an nginx reverse proxy setup&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;cd /etc/nginx&amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;nano nginx.conf&amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;&lt;br /&gt;
 ## Global Settings&lt;br /&gt;
 include /etc/nginx/conf/globals.conf;&lt;br /&gt;
 &lt;br /&gt;
 http {&lt;br /&gt;
 &lt;br /&gt;
 ## United States only&lt;br /&gt;
 # requires apt-get install geoip-database&lt;br /&gt;
 # geoip_country /usr/share/GeoIP/GeoIP.dat;&lt;br /&gt;
 # map $geoip_country_code $allowed_country {default yes; US yes;}&lt;br /&gt;
 &lt;br /&gt;
 ## Settings&lt;br /&gt;
 include /etc/nginx/conf/settings.conf;&lt;br /&gt;
 &lt;br /&gt;
 ## Security stuff&lt;br /&gt;
 include /etc/nginx/conf/securitystuff.conf;&lt;br /&gt;
 &lt;br /&gt;
 ### Default port 80 when accessed by external IP&lt;br /&gt;
 server {listen 80 default_server; server_name &amp;quot;&amp;quot;; return 401;}&lt;br /&gt;
 &lt;br /&gt;
 ## local site&lt;br /&gt;
 include /etc/nginx/conf/localsite.conf;&lt;br /&gt;
 &lt;br /&gt;
 ## domains&lt;br /&gt;
 include /etc/nginx/conf/my-domains/*;&lt;br /&gt;
 &lt;br /&gt;
 }&lt;br /&gt;
 &lt;br /&gt;
 &amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;mkdir conf&amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;cd conf&amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;mkdir my-domains&amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;mkdir htpc&amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;nano settings.conf&amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;&lt;br /&gt;
 ## Basics&lt;br /&gt;
 sendfile on;&lt;br /&gt;
 tcp_nopush on;&lt;br /&gt;
 tcp_nodelay on;&lt;br /&gt;
 keepalive_timeout 65;&lt;br /&gt;
 types_hash_max_size 2048;&lt;br /&gt;
 server_names_hash_bucket_size 64;&lt;br /&gt;
 &lt;br /&gt;
 include /etc/nginx/mime.types;&lt;br /&gt;
 default_type application/octet-stream;&lt;br /&gt;
 &lt;br /&gt;
 ## ssl&lt;br /&gt;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE&lt;br /&gt;
 ssl_prefer_server_ciphers on;&lt;br /&gt;
 &lt;br /&gt;
 ## Logging&lt;br /&gt;
 access_log /var/log/nginx/access.log;&lt;br /&gt;
 error_log /var/log/nginx/error.log;&lt;br /&gt;
 &lt;br /&gt;
 ## Gzip&lt;br /&gt;
 gzip on;&lt;br /&gt;
 gzip_disable &amp;quot;msie6&amp;quot;;&lt;br /&gt;
 &lt;br /&gt;
 ## Perfect Forward Secrecy&lt;br /&gt;
 # requires openssl dhparam -out dh4096.pem 4096&lt;br /&gt;
 # include /etc/nginx/perfect-forward-secrecy.conf;&lt;br /&gt;
 &amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;nano securitystuff.conf&amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;&lt;br /&gt;
 # don&amp;#039;t send the nginx version number in error pages and Server header&lt;br /&gt;
 server_tokens off;&lt;br /&gt;
 &lt;br /&gt;
 # config to don&amp;#039;t allow the browser to render the page inside an frame or iframe&lt;br /&gt;
 # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking&lt;br /&gt;
 # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri&lt;br /&gt;
 # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options&lt;br /&gt;
 add_header X-Frame-Options SAMEORIGIN;&lt;br /&gt;
 &lt;br /&gt;
 # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,&lt;br /&gt;
 # to disable content-type sniffing on some browsers.&lt;br /&gt;
 # https://www.owasp.org/index.php/List_of_useful_HTTP_headers&lt;br /&gt;
 # currently suppoorted in IE &amp;gt; 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx&lt;br /&gt;
 # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx&lt;br /&gt;
 # &amp;#039;soon&amp;#039; on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020&lt;br /&gt;
 add_header X-Content-Type-Options nosniff;&lt;br /&gt;
 &lt;br /&gt;
 # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.&lt;br /&gt;
 # It&amp;#039;s usually enabled by default anyway, so the role of this header is to re-enable the filter for&lt;br /&gt;
 # this particular website if it was disabled by the user.&lt;br /&gt;
 # https://www.owasp.org/index.php/List_of_useful_HTTP_headers&lt;br /&gt;
 add_header X-XSS-Protection &amp;quot;1; mode=block&amp;quot;;&lt;br /&gt;
 &lt;br /&gt;
 # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy),&lt;br /&gt;
 # you can tell the browser that it can only download content from the domains you explicitly allow&lt;br /&gt;
 # http://www.html5rocks.com/en/tutorials/security/content-security-policy/&lt;br /&gt;
 # https://www.owasp.org/index.php/Content_Security_Policy&lt;br /&gt;
 # I need to change our application code so we can increase security by disabling &amp;#039;unsafe-inline&amp;#039; &amp;#039;unsafe-eval&amp;#039;&lt;br /&gt;
 # directives for css and js(if you have inline css or js, you will need to keep it too).&lt;br /&gt;
 # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful&lt;br /&gt;
 #add_header Content-Security-Policy &amp;quot;default-src &amp;#039;self&amp;#039;; script-src &amp;#039;self&amp;#039; &amp;#039;unsafe-inline&amp;#039; &amp;#039;unsafe-eval&amp;#039; https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src &amp;#039;self&amp;#039; https://ssl.google-analyti$&lt;br /&gt;
 &lt;br /&gt;
 ## Refer&lt;br /&gt;
 add_header Referrer-Policy &amp;quot;no-referrer&amp;quot;;&lt;br /&gt;
 &amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;nano localsite.conf&amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;&lt;br /&gt;
 server {&lt;br /&gt;
 listen 85;&lt;br /&gt;
 &lt;br /&gt;
 # localsite location&lt;br /&gt;
 root /var/www/deathbybandaid/;&lt;br /&gt;
 index index.html index.php;&lt;br /&gt;
 &lt;br /&gt;
 # if you have htpc configs like /radarr&lt;br /&gt;
 include /etc/nginx/conf/htpc/*.conf;&lt;br /&gt;
 &lt;br /&gt;
 # custom error pages&lt;br /&gt;
 # include /etc/nginx/conf/errorpages.conf;&lt;br /&gt;
 &lt;br /&gt;
 # proxy settings&lt;br /&gt;
 include /etc/nginx/conf/proxysettings.conf;&lt;br /&gt;
 &lt;br /&gt;
 # php&lt;br /&gt;
 include /etc/nginx/include/php;&lt;br /&gt;
 }&lt;br /&gt;
 &amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;nano proxysettings.conf&amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;&lt;br /&gt;
 ## Proxy Settings&lt;br /&gt;
 proxy_set_header Host $host;&lt;br /&gt;
 proxy_set_header X-Real-IP $remote_addr;&lt;br /&gt;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;&lt;br /&gt;
 proxy_connect_timeout 1;&lt;br /&gt;
 proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;&lt;br /&gt;
 proxy_intercept_errors on;&lt;br /&gt;
 &amp;lt;/nowiki&amp;gt;&lt;br /&gt;
=Domains stuff=&lt;br /&gt;
==letsencrypt==&lt;br /&gt;
learn how to use it, and point at your keys&lt;br /&gt;
==basic subdomain layout==&lt;br /&gt;
This is an example subdomain fie&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;&lt;br /&gt;
 ## 80&lt;br /&gt;
 server {listen 80;&lt;br /&gt;
 server_name chat.spicebot.net;&lt;br /&gt;
 root /var/www/deathbybandaid/;&lt;br /&gt;
 location / {alias /var/deathbybandaid/;}&lt;br /&gt;
 location ~ /.well-known {allow all;}&lt;br /&gt;
 return 301 https://$server_name$request_uri;&lt;br /&gt;
 }&lt;br /&gt;
 &lt;br /&gt;
 &lt;br /&gt;
 ## 443&lt;br /&gt;
 server {listen 443 ssl;&lt;br /&gt;
 server_name chat.spicebot.net;&lt;br /&gt;
 &lt;br /&gt;
 ## location&lt;br /&gt;
 root /var/www/deathbybandaid;&lt;br /&gt;
 index index.php index.html index.htm;&lt;br /&gt;
 &lt;br /&gt;
 location / {proxy_pass http://192.168.2.219:8065;&lt;br /&gt;
 proxy_http_version 1.1;&lt;br /&gt;
 proxy_set_header Upgrade $http_upgrade;&lt;br /&gt;
 proxy_set_header Connection &amp;quot;upgrade&amp;quot;;&lt;br /&gt;
 proxy_set_header Host $http_host;&lt;br /&gt;
 proxy_set_header X-Real-IP $remote_addr;&lt;br /&gt;
 proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;&lt;br /&gt;
 proxy_set_header X-Forward-Proto http;&lt;br /&gt;
 proxy_set_header X-Nginx-Proxy true;&lt;br /&gt;
 proxy_redirect off;}&lt;br /&gt;
 &lt;br /&gt;
 ## error&lt;br /&gt;
 include /etc/nginx/conf/errorpages.conf;&lt;br /&gt;
 &lt;br /&gt;
 ## htpc configs&lt;br /&gt;
 # include /etc/nginx/conf/htpc/*.conf;&lt;br /&gt;
 &lt;br /&gt;
 ## ssl&lt;br /&gt;
 ssl_certificate          /etc/letsencrypt/live/deathbybandaid.net/fullchain.pem;&lt;br /&gt;
 ssl_certificate_key      /etc/letsencrypt/live/deathbybandaid.net/privkey.pem;&lt;br /&gt;
 location ~ /.well-known {allow all;}&lt;br /&gt;
 &lt;br /&gt;
 ### End of Subdomain&lt;br /&gt;
 }&lt;br /&gt;
 &lt;br /&gt;
 &amp;lt;/nowiki&amp;gt;&lt;br /&gt;
=HTPC stuff=&lt;br /&gt;
Each of these is a file in the htpc folder&lt;br /&gt;
==Deluge==&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;&lt;br /&gt;
 ## deluge&lt;br /&gt;
 location /deluge {&lt;br /&gt;
 proxy_pass http://192.168.2.181:8112/;&lt;br /&gt;
 proxy_set_header X-Deluge-Base &amp;quot;/deluge/&amp;quot;;&lt;br /&gt;
 }&lt;br /&gt;
 &amp;lt;/nowiki&amp;gt;&lt;br /&gt;
==Jackett==&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;&lt;br /&gt;
 ## Jackett&lt;br /&gt;
 location /jackett {&lt;br /&gt;
 proxy_pass http://192.168.2.173:9117;&lt;br /&gt;
 proxy_set_header X-Deluge-Base &amp;quot;/deluge/&amp;quot;;&lt;br /&gt;
 }&lt;br /&gt;
 &amp;lt;/nowiki&amp;gt;&lt;br /&gt;
==Sonarr Radarr Lidarr==&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;&lt;br /&gt;
 ## Lidarr&lt;br /&gt;
 location /lidarr {&lt;br /&gt;
 proxy_pass http://192.168.2.192:8686;&lt;br /&gt;
 }&lt;br /&gt;
 &amp;lt;/nowiki&amp;gt;&lt;br /&gt;
==nzbhydra==&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;&lt;br /&gt;
 ## nzbhydra&lt;br /&gt;
 location /nzbhydra {&lt;br /&gt;
 proxy_pass http://192.168.2.170:5075;&lt;br /&gt;
 &amp;lt;/nowiki&amp;gt;&lt;br /&gt;
==Ombi==&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;&lt;br /&gt;
 ## Ombi&lt;br /&gt;
 #location /ombi {&lt;br /&gt;
 #proxy_pass http://192.168.2.161:5000;&lt;br /&gt;
 #include /etc/nginx/conf/proxy.conf;&lt;br /&gt;
 #}&lt;br /&gt;
 &lt;br /&gt;
 #OMBIV3 CONTAINER&lt;br /&gt;
 &lt;br /&gt;
 location /ombi {&lt;br /&gt;
 return 301 $scheme://$host/ombi/;&lt;br /&gt;
 }&lt;br /&gt;
 &lt;br /&gt;
 location /ombi/ {&lt;br /&gt;
 proxy_pass http://192.168.2.161:5000;&lt;br /&gt;
 proxy_set_header Host $host;&lt;br /&gt;
 proxy_set_header X-Forwarded-Host $server_name;&lt;br /&gt;
 proxy_set_header X-Real-IP $remote_addr;&lt;br /&gt;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;&lt;br /&gt;
 proxy_set_header X-Forwarded-Ssl on;&lt;br /&gt;
 proxy_set_header X-Forwarded-Proto $scheme;&lt;br /&gt;
 proxy_read_timeout  90;&lt;br /&gt;
 proxy_redirect http://192.168.1.161:5000 https://$host;&lt;br /&gt;
 }&lt;br /&gt;
 &lt;br /&gt;
 #The below is required after version 3.0.2517. This basically rewrites the requests to /dist/1.js to&lt;br /&gt;
 #/ombi/dist/1.js where the number 1 could be any number&lt;br /&gt;
 &lt;br /&gt;
 if ($http_referer ~* /ombi/) {rewrite ^/dist/(.*) $scheme://$host/ombi/dist/$1 permanent;}&lt;br /&gt;
 #If you use a custom URL base remember the change it on the rewrite.&lt;br /&gt;
 &lt;br /&gt;
 &amp;lt;/nowiki&amp;gt;&lt;br /&gt;
==nzbhydra==&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;&lt;br /&gt;
 ## nzbhydra&lt;br /&gt;
 location /nzbhydra {&lt;br /&gt;
 proxy_pass http://192.168.2.170:5075;&lt;br /&gt;
 &amp;lt;/nowiki&amp;gt;&lt;br /&gt;
=Custom error pages=&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;nano errorpages.conf&amp;lt;/nowiki&amp;gt;&lt;br /&gt;
&lt;br /&gt;
 &amp;lt;nowiki&amp;gt;&lt;br /&gt;
 # Error &amp;amp; Access logs&lt;br /&gt;
 error_log /var/www/deathbybandaid/logs/error.log error;&lt;br /&gt;
 access_log /var/www/deathbybandaid/logs/access.log;&lt;br /&gt;
 &lt;br /&gt;
 ## Error Pages&lt;br /&gt;
 error_page   400 /400.html;&lt;br /&gt;
 error_page   401 /401.html;&lt;br /&gt;
 error_page   403 /403.html;&lt;br /&gt;
 error_page   404 /404.html;&lt;br /&gt;
 error_page   408 /408.html;&lt;br /&gt;
 error_page   410 /410.html;&lt;br /&gt;
 error_page   500 /500.html;&lt;br /&gt;
 error_page   502 /502.html;&lt;br /&gt;
 error_page   503 /503.html;&lt;br /&gt;
 error_page   504 /504.html;&lt;br /&gt;
 #400&lt;br /&gt;
 location = /400.html {&lt;br /&gt;
 root   /var/www/deathbybandaid/errorpages/nginx;}&lt;br /&gt;
 #401&lt;br /&gt;
 location = /401.html {&lt;br /&gt;
 root   /var/www/deathbybandaid/errorpages/nginx;}&lt;br /&gt;
 ## 403&lt;br /&gt;
 location = /403.html {&lt;br /&gt;
 root   /var/www/deathbybandaid/errorpages/nginx;}&lt;br /&gt;
 #404&lt;br /&gt;
 location = /404.html {&lt;br /&gt;
 root   /var/www/deathbybandaid/errorpages/nginx;}&lt;br /&gt;
 #408&lt;br /&gt;
 location = /408.html {&lt;br /&gt;
 root   /var/www/deathbybandaid/errorpages/nginx;}&lt;br /&gt;
 #410&lt;br /&gt;
 location = /410.html {&lt;br /&gt;
 root   /var/www/deathbybandaid/errorpages/nginx;}&lt;br /&gt;
 #500&lt;br /&gt;
 location = /500.html {&lt;br /&gt;
 root   /var/www/deathbybandaid/errorpages/nginx;}&lt;br /&gt;
 #502&lt;br /&gt;
 location = /502.html {&lt;br /&gt;
 root   /var/www/deathbybandaid/errorpages/nginx;}&lt;br /&gt;
 #503&lt;br /&gt;
 location = /503.html {&lt;br /&gt;
 root   /var/www/deathbybandaid/errorpages/nginx;}&lt;br /&gt;
 #504&lt;br /&gt;
 location = /504.html {&lt;br /&gt;
 root   /var/www/deathbybandaid/errorpages/nginx;}&lt;br /&gt;
 &amp;lt;/nowiki&amp;gt;&lt;/div&gt;</summary>
		<author><name>Deathbybandaid</name></author>
	</entry>
</feed>