# DEPLOYMENT LOCATION: /etc/nginx/sites-available/homelab # Final working config with all services and fixed WebDAV server { listen 80 default_server; server_name ak-homelab.duckdns.org _; # Redirect HTTP to HTTPS return 301 https://$host$request_uri; } server { listen 443 ssl default_server; server_name ak-homelab.duckdns.org _; # Critical: Disable automatic redirects for WebDAV merge_slashes off; # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; # qBittorrent Web UI location /qbt/ { proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; # WebSocket support for real-time updates proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # qBittorrent specific settings proxy_cookie_path / "/qbt/"; proxy_redirect off; } # Main landing page - highest priority location / { root /var/www/homelab; index index.html; try_files $uri $uri/ =404; } # Custom error pages to prevent fallback to default nginx html error_page 404 /404.html; location = /404.html { root /var/www/homelab; internal; } # Gitea reverse proxy location /gitea/ { proxy_pass http://127.0.0.1:3000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Handle websockets for live updates proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Increase timeout for large repos proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } # Copyparty file server - WORKING WebDAV config location ~ ^/files(/.*)?$ { # Explicitly allow WebDAV methods limit_except GET POST PUT DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK { deny all; } # Pass original request URI to preserve URL encoding proxy_pass http://127.0.0.1:8082; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebDAV specific headers proxy_set_header Depth $http_depth; proxy_set_header Destination $http_destination; proxy_set_header Overwrite $http_overwrite; proxy_set_header If $http_if; proxy_set_header Lock-Token $http_lock_token; # Large file upload support client_max_body_size 10G; client_body_buffer_size 128k; # Upload timeout settings proxy_connect_timeout 300s; proxy_send_timeout 300s; proxy_read_timeout 300s; # Critical: Streaming uploads for WebDAV proxy_buffering off; proxy_request_buffering off; # Critical: Use HTTP/1.1 and fix connection headers proxy_http_version 1.1; proxy_set_header Connection ""; # Critical: Disable nginx response modifications proxy_redirect off; } # Jellyfin media server location /media/ { proxy_pass http://127.0.0.1:8096/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Handle websockets for real-time updates proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Jellyfin specific headers proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; # Increase timeouts for streaming proxy_connect_timeout 300s; proxy_send_timeout 300s; proxy_read_timeout 300s; # Large file support for video streaming client_max_body_size 0; proxy_buffering off; proxy_request_buffering off; } # System monitoring with basic auth (Glances) location /glances/ { auth_basic "Homelab Admin Access"; auth_basic_user_file /etc/nginx/auth/glances; proxy_pass http://127.0.0.1:61208/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # System monitoring (Netdata) - Real-time system metrics location /netdata/ { auth_basic "Homelab Admin Access"; auth_basic_user_file /etc/nginx/auth/glances; proxy_pass http://127.0.0.1:19999/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # Docker management (Portainer) location /portainer/ { proxy_pass http://127.0.0.1:9000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } ssl_certificate /etc/letsencrypt/live/ak-homelab.duckdns.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/ak-homelab.duckdns.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }