djekl
8/17/2012 - 4:42 AM

nginx reverse proxy for sickbeard, couchpotato etc.

nginx reverse proxy for sickbeard, couchpotato etc.

ssl on;
ssl_certificate /etc/ssl/server.cer;
ssl_certificate_key /etc/ssl/server.key;

#ssl_session_timeout 5m;

ssl_protocols SSLv3 TLSv1;
ssl_ciphers ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
server {
        listen 443;

        include ssl.conf;
        include services.conf;
}
location /monit {
        rewrite           ^/monit$      https://example.net/monit/         permanent;
        rewrite           ^/monit/(.*)  /$1                             break;

        proxy_pass        http://localhost:2812/;
        include           proxy-control.conf;
        include           auth-basic.conf;
}

location /sickbeard {
        proxy_pass        http://localhost:8081/sickbeard;
        include           proxy-control.conf;
        include           auth-basic.conf;
}

location /sabnzbd {
        proxy_pass        http://localhost:8080/sabnzbd;
        include           proxy-control.conf;
        include           auth-basic.conf;
}

location /couchpotato {
        proxy_pass        http://localhost:5050/couchpotato;
        include           proxy-control.conf;
        include           auth-basic.conf;
        proxy_set_header  Host localhost:5050;
}

location /headphones {
        proxy_pass        http://localhost:8181/headphones;
        include           proxy-control.conf;
        include           auth-basic.conf;
}

location /deluge {
        proxy_pass        http://127.0.0.1:8112/;
        proxy_set_header  X-Deluge-Base "/deluge/";
        include           proxy-control.conf;
        include           auth-basic.conf;
}

location ~ ^/nzbget($|./*)  {
        rewrite           ^/nzbget/(.*) /$1 break;
        proxy_pass        http://127.0.0.1:6789;
        include           proxy-control.conf;
        include           auth-basic.conf;
}
location ~ ^/nzbget$ {
        return 302        $scheme://$host$request_uri/;
}

location /syncthing/ {
        proxy_pass        http://127.0.0.1:41111/;
        include           proxy-control.conf;
        include           auth-basic.conf;
}

location /sonarr {
        proxy_pass        http://127.0.0.1:8989/sonarr;
        include           proxy-control.conf;
        include           auth-basic.conf;
        proxy_set_header  Host localhost:8989;
}
proxy_connect_timeout   59s;
proxy_send_timeout      600;
proxy_read_timeout      600;
proxy_buffer_size       64k;
proxy_buffers           16 32k;
proxy_pass_header       Set-Cookie;
proxy_hide_header       Vary;

proxy_busy_buffers_size         64k;
proxy_temp_file_write_size      64k;

proxy_set_header        Accept-Encoding         '';
proxy_ignore_headers    Cache-Control           Expires;
proxy_set_header        Referer                 $http_referer;
proxy_set_header        Host                    $host;
proxy_set_header        Cookie                  $http_cookie;
proxy_set_header        X-Real-IP               $remote_addr;
proxy_set_header        X-Forwarded-Host        $host;
proxy_set_header        X-Forwarded-Server      $host;
proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;

proxy_set_header        X-Forwarded-Port        '443';
proxy_set_header        X-Forwarded-Ssl         on;
proxy_set_header        X-Forwarded-Proto       https;
proxy_set_header        Authorization           '';

proxy_redirect          default;
port_in_redirect        off;
auth_basic              "Restricted";
auth_basic_user_file    /etc/nginx/htpasswd;