diff --git a/docs/extend/reverse-proxy-examples.md b/docs/extend/reverse-proxy-examples.md deleted file mode 100644 index a107fb030..000000000 --- a/docs/extend/reverse-proxy-examples.md +++ /dev/null @@ -1,135 +0,0 @@ -# Reverse Proxy Examples - -## Note: Base URLs cannot be configured in Overseerr. With this limitation, only subdomain configurations are supported. - -## Reverse Proxies: - -- [LE/SWAG](#leswag) -- [Traefik (v2)](#traefik-v2) -- [LE/NGINX](#lenginx) - -### LE/SWAG - -#### Subdomain - -Place in the `proxy-confs` folder as `overseerr.subdomain.conf` - -Example Configuration: - -``` -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name overseerr.*; - - include /config/nginx/ssl.conf; - - client_max_body_size 0; - - location / { - - include /config/nginx/proxy.conf; - resolver 127.0.0.11 valid=30s; - set $upstream_app overseerr; - set $upstream_port 5055; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; - - } - -} -``` - -### Traefik (v2) - -Add the labels to the Overseerr service in your `docker-compose` file. A basic example for a `docker-compose` file using Traefik can be found [here](https://doc.traefik.io/traefik/user-guides/docker-compose/basic-example/). - -#### Subdomain - -Example Configuration: - -``` -labels: - - "traefik.enable=true" - ## HTTP Routers - - "traefik.http.routers.overseerr-rtr.entrypoints=https" - - "traefik.http.routers.overseerr-rtr.rule=Host(`overseerr.domain.com`)" - - "traefik.http.routers.overseerr-rtr.tls=true" - ## HTTP Services - - "traefik.http.routers.overseerr-rtr.service=overseerr-svc" - - "traefik.http.services.overseerr-svc.loadbalancer.server.port=5055" -``` - -### LE/NGINX - -#### Subdomain - -Take the configuration below and place it in `/etc/nginx/sites-available/overseerr.example.com.conf`. - -Create a symlink to `/etc/nginx/sites-enabled`: - -``` -sudo ln -s /etc/nginx/sites-available/overseerr.example.com.conf /etc/nginx/sites-enabled/overseerr.example.com.conf -``` - -Test the configuration: - -``` -sudo nginx -t -``` - -Reload your configuration for NGINX: - -``` -sudo systemctl reload nginx -``` - -Example Configuration: - -``` -server { - listen 80; - server_name overseerr.example.com; - return 301 https://$server_name$request_uri; -} - -server { - listen 443 ssl http2; - server_name overseerr.example.com; - - ssl_certificate /etc/letsencrypt/live/overseerr.example.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/overseerr.example.com/privkey.pem; - - proxy_set_header Referer $http_referer; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Real-Port $remote_port; - proxy_set_header X-Forwarded-Host $host:$remote_port; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-Port $remote_port; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Ssl on; - real_ip_header CF-Connecting-IP; - # Control the behavior of the Referer header (Referrer-Policy) - add_header Referrer-Policy "no-referrer"; - # HTTP Strict Transport Security - add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; - # Reduce XSS risks (Content-Security-Policy) - add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://plex.tv; style-src 'self' 'unsafe-inline' https://rsms.me/inter/inter.css; script-src 'self'; img-src 'self' data: https://plex.tv https://assets.plex.tv https://secure.gravatar.com https://i2.wp.com https://image.tmdb.org; font-src 'self' https://rsms.me/inter/font-files/" always; - # Prevent some categories of XSS attacks (X-XSS-Protection) - add_header X-XSS-Protection "1; mode=block" always; - # Provide clickjacking protection (X-Frame-Options) - add_header X-Frame-Options "SAMEORIGIN" always; - # Prevent Sniff Mimetype (X-Content-Type-Options) - add_header X-Content-Type-Options "nosniff" always; - - access_log /var/log/nginx/overseerr.example.com-access.log; - error_log /var/log/nginx/overseerr.example.com-error.log; - - location / { - proxy_pass http://127.0.0.1:5055; - } -} -```