overseerr/docs/extending-overseerr/reverse-proxy-examples.md

# Reverse Proxy Examples

{% hint style="warning" %}
Base URLs cannot be configured in Overseerr. With this limitation, only subdomain configurations are supported.
{% endhint %}

## LE/SWAG

### Subdomain

A sample is bundled in SWAG. This page is still the only source of truth, so the sample is not guaranteed to be up to date. If you catch an inconsistency, report it to the linuxserver team, or do a pull-request against the proxy-confs repository to update the sample.

Rename the sample file `overseerr.subdomain.conf.sample` to `overseerr.subdomain.conf` in the `proxy-confs`folder, or create `overseerr.subdomain.conf` in the same folder with the example below.

Example Configuration:

```nginx
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name overseerr.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app overseerr;
        set $upstream_port 5055;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

}
```

## Traefik \(v2\)

Add the labels to the Overseerr service in your `docker-compose` file. A basic example for a `docker-compose` file using Traefik can be found [here](https://doc.traefik.io/traefik/user-guides/docker-compose/basic-example/).

### Subdomain

Example Configuration:

```text
labels:
  - "traefik.enable=true"
  ## HTTP Routers
  - "traefik.http.routers.overseerr-rtr.entrypoints=https"
  - "traefik.http.routers.overseerr-rtr.rule=Host(`overseerr.domain.com`)"
  - "traefik.http.routers.overseerr-rtr.tls=true"
  ## HTTP Services
  - "traefik.http.routers.overseerr-rtr.service=overseerr-svc"
  - "traefik.http.services.overseerr-svc.loadbalancer.server.port=5055"
```

## LE/NGINX

### Subdomain

Take the configuration below and place it in `/etc/nginx/sites-available/overseerr.example.com.conf`.

Create a symlink to `/etc/nginx/sites-enabled`:

```text
sudo ln -s /etc/nginx/sites-available/overseerr.example.com.conf /etc/nginx/sites-enabled/overseerr.example.com.conf
```

Test the configuration:

```text
sudo nginx -t
```

Reload your configuration for NGINX:

```text
sudo systemctl reload nginx
```

Example Configuration:

```text
server {
    listen 80;
    server_name overseerr.example.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name overseerr.example.com;

    ssl_certificate /etc/letsencrypt/live/overseerr.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/overseerr.example.com/privkey.pem;

    proxy_set_header Referer $http_referer;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-Port $remote_port;
    proxy_set_header X-Forwarded-Host $host:$remote_port;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-Port $remote_port;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Ssl on;
    real_ip_header CF-Connecting-IP;
    # Control the behavior of the Referer header (Referrer-Policy)
    add_header Referrer-Policy "no-referrer";
    # HTTP Strict Transport Security
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
    # Reduce XSS risks (Content-Security-Policy) - uncomment to use and add URLs whenever necessary
    # add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://plex.tv; style-src 'self' 'unsafe-inline' https://rsms.me/inter/inter.css; script-src 'self' 'unsafe-inline'; img-src 'self' data: https://plex.tv https://assets.plex.tv https://gravatar.com https://secure.gravatar.com https://i2.wp.com https://image.tmdb.org; font-src 'self' https://rsms.me/inter/font-files/" always;
    # Prevent some categories of XSS attacks (X-XSS-Protection)
    add_header X-XSS-Protection "1; mode=block" always;
    # Provide clickjacking protection (X-Frame-Options)
    add_header X-Frame-Options "SAMEORIGIN" always;
    # Prevent Sniff Mimetype (X-Content-Type-Options)
    add_header X-Content-Type-Options "nosniff" always;
    # Tell crawling bots to not index the site
    add_header X-Robots-Tag "noindex, nofollow" always;

    access_log /var/log/nginx/overseerr.example.com-access.log;
    error_log /var/log/nginx/overseerr.example.com-error.log;

    location / {
        proxy_pass http://127.0.0.1:5055;
    }
}
```
docs: documentation update (#516) [skip ci] * docs: testing docs with gitbook * GitBook: [docs] 3 pages modified * GitBook: [docs] one page modified * docs: migrate more wiki docs * docs: Update gmail. Add 4k FAQ * GitBook: [docs] 6 pages modified * docs: add media missing in overseerr to faq * GitBook: [docs] one page modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 2 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] one page modified * GitBook: [docs] 2 pages modified Co-authored-by: samwiseg0 <2241731+samwiseg0@users.noreply.github.com> Co-authored-by: samwiseg0 <phillipah@gmail.com> 4 years ago			`# Reverse Proxy Examples`

			`{% hint style="warning" %}`
docs(reverse-proxy-examples): removed duplicate text in hint (#520) [skip ci] 4 years ago			`Base URLs cannot be configured in Overseerr. With this limitation, only subdomain configurations are supported.`
docs: documentation update (#516) [skip ci] * docs: testing docs with gitbook * GitBook: [docs] 3 pages modified * GitBook: [docs] one page modified * docs: migrate more wiki docs * docs: Update gmail. Add 4k FAQ * GitBook: [docs] 6 pages modified * docs: add media missing in overseerr to faq * GitBook: [docs] one page modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 2 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] one page modified * GitBook: [docs] 2 pages modified Co-authored-by: samwiseg0 <2241731+samwiseg0@users.noreply.github.com> Co-authored-by: samwiseg0 <phillipah@gmail.com> 4 years ago			`{% endhint %}`

			`## LE/SWAG`

			`### Subdomain`

docs(reverse-proxy): Add note for bundled sample SWAG (#681) [skip ci] Co-authored-by: samwiseg0 <2241731+samwiseg0@users.noreply.github.com> 3 years ago			`A sample is bundled in SWAG. This page is still the only source of truth, so the sample is not guaranteed to be up to date. If you catch an inconsistency, report it to the linuxserver team, or do a pull-request against the proxy-confs repository to update the sample.`

fix(ip logging): add env var for proxy to fix ip logging on failed logins (#756) 3 years ago			Rename the sample file `overseerr.subdomain.conf.sample` to `overseerr.subdomain.conf` in the `proxy-confs`folder, or create `overseerr.subdomain.conf` in the same folder with the example below.
docs: documentation update (#516) [skip ci] * docs: testing docs with gitbook * GitBook: [docs] 3 pages modified * GitBook: [docs] one page modified * docs: migrate more wiki docs * docs: Update gmail. Add 4k FAQ * GitBook: [docs] 6 pages modified * docs: add media missing in overseerr to faq * GitBook: [docs] one page modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 2 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] one page modified * GitBook: [docs] 2 pages modified Co-authored-by: samwiseg0 <2241731+samwiseg0@users.noreply.github.com> Co-authored-by: samwiseg0 <phillipah@gmail.com> 4 years ago
			`Example Configuration:`

docs(reverse-proxy): Add note for bundled sample SWAG (#681) [skip ci] Co-authored-by: samwiseg0 <2241731+samwiseg0@users.noreply.github.com> 3 years ago			```nginx
docs: documentation update (#516) [skip ci] * docs: testing docs with gitbook * GitBook: [docs] 3 pages modified * GitBook: [docs] one page modified * docs: migrate more wiki docs * docs: Update gmail. Add 4k FAQ * GitBook: [docs] 6 pages modified * docs: add media missing in overseerr to faq * GitBook: [docs] one page modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 2 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] one page modified * GitBook: [docs] 2 pages modified Co-authored-by: samwiseg0 <2241731+samwiseg0@users.noreply.github.com> Co-authored-by: samwiseg0 <phillipah@gmail.com> 4 years ago			`server {`
			`listen 443 ssl http2;`
			`listen [::]:443 ssl http2;`

			`server_name overseerr.*;`

			`include /config/nginx/ssl.conf;`

			`client_max_body_size 0;`

			`location / {`

			`include /config/nginx/proxy.conf;`
			`resolver 127.0.0.11 valid=30s;`
			`set $upstream_app overseerr;`
			`set $upstream_port 5055;`
			`set $upstream_proto http;`
			`proxy_pass $upstream_proto://$upstream_app:$upstream_port;`

			`}`

			`}`
			```

			`## Traefik \(v2\)`

			Add the labels to the Overseerr service in your `docker-compose` file. A basic example for a `docker-compose` file using Traefik can be found [here](https://doc.traefik.io/traefik/user-guides/docker-compose/basic-example/).

			`### Subdomain`

			`Example Configuration:`

			```text
			`labels:`
			`- "traefik.enable=true"`
			`## HTTP Routers`
			`- "traefik.http.routers.overseerr-rtr.entrypoints=https"`
			- "traefik.http.routers.overseerr-rtr.rule=Host(`overseerr.domain.com`)"
			`- "traefik.http.routers.overseerr-rtr.tls=true"`
			`## HTTP Services`
			`- "traefik.http.routers.overseerr-rtr.service=overseerr-svc"`
			`- "traefik.http.services.overseerr-svc.loadbalancer.server.port=5055"`
			```

			`## LE/NGINX`

			`### Subdomain`

			Take the configuration below and place it in `/etc/nginx/sites-available/overseerr.example.com.conf`.

			Create a symlink to `/etc/nginx/sites-enabled`:

			```text
			`sudo ln -s /etc/nginx/sites-available/overseerr.example.com.conf /etc/nginx/sites-enabled/overseerr.example.com.conf`
			```

			`Test the configuration:`

			```text
			`sudo nginx -t`
			```

			`Reload your configuration for NGINX:`

			```text
			`sudo systemctl reload nginx`
			```

			`Example Configuration:`

			```text
			`server {`
			`listen 80;`
			`server_name overseerr.example.com;`
			`return 301 https://$server_name$request_uri;`
			`}`

			`server {`
			`listen 443 ssl http2;`
			`server_name overseerr.example.com;`

			`ssl_certificate /etc/letsencrypt/live/overseerr.example.com/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/overseerr.example.com/privkey.pem;`

			`proxy_set_header Referer $http_referer;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Real-Port $remote_port;`
			`proxy_set_header X-Forwarded-Host $host:$remote_port;`
			`proxy_set_header X-Forwarded-Server $host;`
			`proxy_set_header X-Forwarded-Port $remote_port;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Forwarded-Ssl on;`
			`real_ip_header CF-Connecting-IP;`
			`# Control the behavior of the Referer header (Referrer-Policy)`
			`add_header Referrer-Policy "no-referrer";`
			`# HTTP Strict Transport Security`
			`add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;`
docs: Update LE/NGINX to remove CSP [skip ci] 3 years ago			`# Reduce XSS risks (Content-Security-Policy) - uncomment to use and add URLs whenever necessary`
docs: update LE/NGINX CSP to fix loading of resources (#797) 3 years ago			`# add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://plex.tv; style-src 'self' 'unsafe-inline' https://rsms.me/inter/inter.css; script-src 'self' 'unsafe-inline'; img-src 'self' data: https://plex.tv https://assets.plex.tv https://gravatar.com https://secure.gravatar.com https://i2.wp.com https://image.tmdb.org; font-src 'self' https://rsms.me/inter/font-files/" always;`
docs: documentation update (#516) [skip ci] * docs: testing docs with gitbook * GitBook: [docs] 3 pages modified * GitBook: [docs] one page modified * docs: migrate more wiki docs * docs: Update gmail. Add 4k FAQ * GitBook: [docs] 6 pages modified * docs: add media missing in overseerr to faq * GitBook: [docs] one page modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 2 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] one page modified * GitBook: [docs] 2 pages modified Co-authored-by: samwiseg0 <2241731+samwiseg0@users.noreply.github.com> Co-authored-by: samwiseg0 <phillipah@gmail.com> 4 years ago			`# Prevent some categories of XSS attacks (X-XSS-Protection)`
			`add_header X-XSS-Protection "1; mode=block" always;`
			`# Provide clickjacking protection (X-Frame-Options)`
			`add_header X-Frame-Options "SAMEORIGIN" always;`
			`# Prevent Sniff Mimetype (X-Content-Type-Options)`
			`add_header X-Content-Type-Options "nosniff" always;`
fix(ip logging): add env var for proxy to fix ip logging on failed logins (#756) 3 years ago			`# Tell crawling bots to not index the site`
			`add_header X-Robots-Tag "noindex, nofollow" always;`
docs: documentation update (#516) [skip ci] * docs: testing docs with gitbook * GitBook: [docs] 3 pages modified * GitBook: [docs] one page modified * docs: migrate more wiki docs * docs: Update gmail. Add 4k FAQ * GitBook: [docs] 6 pages modified * docs: add media missing in overseerr to faq * GitBook: [docs] one page modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 2 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] 5 pages modified * GitBook: [docs] one page modified * GitBook: [docs] 2 pages modified Co-authored-by: samwiseg0 <2241731+samwiseg0@users.noreply.github.com> Co-authored-by: samwiseg0 <phillipah@gmail.com> 4 years ago
			`access_log /var/log/nginx/overseerr.example.com-access.log;`
			`error_log /var/log/nginx/overseerr.example.com-error.log;`

			`location / {`
			`proxy_pass http://127.0.0.1:5055;`
			`}`
			`}`
			```