-
-
Notifications
You must be signed in to change notification settings - Fork 309
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
1 changed file
with
55 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| ## Version 2024/10/26 | ||
| # make sure that your romM container is named romm | ||
| # make sure that your dns has a cname set for romm | ||
|
|
||
| server { | ||
| listen 443 ssl; | ||
| listen [::]:443 ssl; | ||
|
|
||
| server_name romm.*; | ||
|
|
||
| include /config/nginx/ssl.conf; | ||
|
|
||
| client_max_body_size 0; | ||
|
|
||
| # enable for ldap auth (requires ldap-location.conf in the location block) | ||
| #include /config/nginx/ldap-server.conf; | ||
|
|
||
| # enable for Authelia (requires authelia-location.conf in the location block) | ||
| #include /config/nginx/authelia-server.conf; | ||
|
|
||
| # enable for Authentik (requires authentik-location.conf in the location block) | ||
| #include /config/nginx/authentik-server.conf; | ||
|
|
||
| location / { | ||
| # enable the next two lines for http auth | ||
| #auth_basic "Restricted"; | ||
| #auth_basic_user_file /config/nginx/.htpasswd; | ||
|
|
||
| # enable for ldap auth (requires ldap-server.conf in the server block) | ||
| #include /config/nginx/ldap-location.conf; | ||
|
|
||
| # enable for Authelia (requires authelia-server.conf in the server block) | ||
| #include /config/nginx/authelia-location.conf; | ||
|
|
||
| # enable for Authentik (requires authentik-server.conf in the server block) | ||
| #include /config/nginx/authentik-location.conf; | ||
|
|
||
| include /config/nginx/proxy.conf; | ||
| include /config/nginx/resolver.conf; | ||
| set $upstream_app romm; | ||
| set $upstream_port 8080; | ||
| set $upstream_proto http; | ||
| proxy_pass $upstream_proto://$upstream_app:$upstream_port; | ||
|
|
||
| # Hide version | ||
| server_tokens off; | ||
|
|
||
| # Security headers | ||
| add_header X-Frame-Options "SAMEORIGIN" always; | ||
| add_header X-Content-Type-Options "nosniff" always; | ||
| add_header X-XSS-Protection "1; mode=block" always; | ||
| add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; | ||
| add_header Referrer-Policy "no-referrer-when-downgrade" always; | ||
| } | ||
| } |