hoborg/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fe9651f2fa34eef4b5a25da9fe11a00400dcc920
homelab/config/nginx/homelab.conf
Arpad Krejczinger fe9651f2fa Replace Cockpit with Netdata in nginx reverse proxy config 
- Remove Cockpit reverse proxy configuration
- Add Netdata reverse proxy with basic auth protection
- Configure same authentication as Glances for consistency
- Maintain security headers and WebSocket support
- Use port 19999 for Netdata service
2025-09-09 21:12:13 +02:00

164 lines
5.7 KiB
Plaintext
Raw Blame History

# DEPLOYMENT LOCATION: /etc/nginx/sites-available/homelab
# Final working config with all services and fixed WebDAV
server {
listen 80 default_server;
server_name ak-homelab.duckdns.org _;
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
server_name ak-homelab.duckdns.org _;
# Critical: Disable automatic redirects for WebDAV
merge_slashes off;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Main landing page - highest priority
location / {
root /var/www/homelab;
index index.html;
try_files $uri $uri/ =404;
}
# Custom error pages to prevent fallback to default nginx html
error_page 404 /404.html;
location = /404.html {
root /var/www/homelab;
internal;
}
# Gitea reverse proxy
location /gitea/ {
proxy_pass http://127.0.0.1:3000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Handle websockets for live updates
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Increase timeout for large repos
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# Copyparty file server - WORKING WebDAV config
location ~ ^/files(/.*)?$ {
# Explicitly allow WebDAV methods
limit_except GET POST PUT DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK { deny all; }
# Pass original request URI to preserve URL encoding
proxy_pass http://127.0.0.1:8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebDAV specific headers
proxy_set_header Depth $http_depth;
proxy_set_header Destination $http_destination;
proxy_set_header Overwrite $http_overwrite;
proxy_set_header If $http_if;
proxy_set_header Lock-Token $http_lock_token;
# Large file upload support
client_max_body_size 10G;
client_body_buffer_size 128k;
# Upload timeout settings
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# Critical: Streaming uploads for WebDAV
proxy_buffering off;
proxy_request_buffering off;
# Critical: Use HTTP/1.1 and fix connection headers
proxy_http_version 1.1;
proxy_set_header Connection "";
# Critical: Disable nginx response modifications
proxy_redirect off;
}
# Jellyfin media server
location /media/ {
proxy_pass http://127.0.0.1:8096/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Handle websockets for real-time updates
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Jellyfin specific headers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
# Increase timeouts for streaming
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# Large file support for video streaming
client_max_body_size 0;
proxy_buffering off;
proxy_request_buffering off;
}
# System monitoring with basic auth (Glances)
location /glances/ {
auth_basic "Homelab Admin Access";
auth_basic_user_file /etc/nginx/auth/glances;
proxy_pass http://127.0.0.1:61208/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# System monitoring (Netdata) - Real-time system metrics
location /netdata/ {
auth_basic "Homelab Admin Access";
auth_basic_user_file /etc/nginx/auth/glances;
proxy_pass http://127.0.0.1:19999/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# Docker management (Portainer)
location /portainer/ {
proxy_pass http://127.0.0.1:9000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
ssl_certificate /etc/letsencrypt/live/ak-homelab.duckdns.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ak-homelab.duckdns.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Reference in New Issue View Git Blame Copy Permalink