docs: removed duplicate page (#522) [skip ci]
* docs(reverse-proxy-examples): removed duplicate text in hint * docs(extending-overseerr): removed duplicate pagepull/527/head
parent
d53d61014f
commit
7d6c6cb2a1
@ -1,135 +0,0 @@
|
|||||||
# Reverse Proxy Examples
|
|
||||||
|
|
||||||
## Note: Base URLs cannot be configured in Overseerr. With this limitation, only subdomain configurations are supported.
|
|
||||||
|
|
||||||
## Reverse Proxies:
|
|
||||||
|
|
||||||
- [LE/SWAG](#leswag)
|
|
||||||
- [Traefik (v2)](#traefik-v2)
|
|
||||||
- [LE/NGINX](#lenginx)
|
|
||||||
|
|
||||||
### LE/SWAG
|
|
||||||
|
|
||||||
#### Subdomain
|
|
||||||
|
|
||||||
Place in the `proxy-confs` folder as `overseerr.subdomain.conf`
|
|
||||||
|
|
||||||
Example Configuration:
|
|
||||||
|
|
||||||
```
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
|
|
||||||
server_name overseerr.*;
|
|
||||||
|
|
||||||
include /config/nginx/ssl.conf;
|
|
||||||
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
|
|
||||||
include /config/nginx/proxy.conf;
|
|
||||||
resolver 127.0.0.11 valid=30s;
|
|
||||||
set $upstream_app overseerr;
|
|
||||||
set $upstream_port 5055;
|
|
||||||
set $upstream_proto http;
|
|
||||||
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
### Traefik (v2)
|
|
||||||
|
|
||||||
Add the labels to the Overseerr service in your `docker-compose` file. A basic example for a `docker-compose` file using Traefik can be found [here](https://doc.traefik.io/traefik/user-guides/docker-compose/basic-example/).
|
|
||||||
|
|
||||||
#### Subdomain
|
|
||||||
|
|
||||||
Example Configuration:
|
|
||||||
|
|
||||||
```
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
## HTTP Routers
|
|
||||||
- "traefik.http.routers.overseerr-rtr.entrypoints=https"
|
|
||||||
- "traefik.http.routers.overseerr-rtr.rule=Host(`overseerr.domain.com`)"
|
|
||||||
- "traefik.http.routers.overseerr-rtr.tls=true"
|
|
||||||
## HTTP Services
|
|
||||||
- "traefik.http.routers.overseerr-rtr.service=overseerr-svc"
|
|
||||||
- "traefik.http.services.overseerr-svc.loadbalancer.server.port=5055"
|
|
||||||
```
|
|
||||||
|
|
||||||
### LE/NGINX
|
|
||||||
|
|
||||||
#### Subdomain
|
|
||||||
|
|
||||||
Take the configuration below and place it in `/etc/nginx/sites-available/overseerr.example.com.conf`.
|
|
||||||
|
|
||||||
Create a symlink to `/etc/nginx/sites-enabled`:
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo ln -s /etc/nginx/sites-available/overseerr.example.com.conf /etc/nginx/sites-enabled/overseerr.example.com.conf
|
|
||||||
```
|
|
||||||
|
|
||||||
Test the configuration:
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo nginx -t
|
|
||||||
```
|
|
||||||
|
|
||||||
Reload your configuration for NGINX:
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo systemctl reload nginx
|
|
||||||
```
|
|
||||||
|
|
||||||
Example Configuration:
|
|
||||||
|
|
||||||
```
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name overseerr.example.com;
|
|
||||||
return 301 https://$server_name$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
server_name overseerr.example.com;
|
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/overseerr.example.com/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/overseerr.example.com/privkey.pem;
|
|
||||||
|
|
||||||
proxy_set_header Referer $http_referer;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Real-Port $remote_port;
|
|
||||||
proxy_set_header X-Forwarded-Host $host:$remote_port;
|
|
||||||
proxy_set_header X-Forwarded-Server $host;
|
|
||||||
proxy_set_header X-Forwarded-Port $remote_port;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header X-Forwarded-Ssl on;
|
|
||||||
real_ip_header CF-Connecting-IP;
|
|
||||||
# Control the behavior of the Referer header (Referrer-Policy)
|
|
||||||
add_header Referrer-Policy "no-referrer";
|
|
||||||
# HTTP Strict Transport Security
|
|
||||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
|
|
||||||
# Reduce XSS risks (Content-Security-Policy)
|
|
||||||
add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://plex.tv; style-src 'self' 'unsafe-inline' https://rsms.me/inter/inter.css; script-src 'self'; img-src 'self' data: https://plex.tv https://assets.plex.tv https://secure.gravatar.com https://i2.wp.com https://image.tmdb.org; font-src 'self' https://rsms.me/inter/font-files/" always;
|
|
||||||
# Prevent some categories of XSS attacks (X-XSS-Protection)
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
# Provide clickjacking protection (X-Frame-Options)
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
# Prevent Sniff Mimetype (X-Content-Type-Options)
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/overseerr.example.com-access.log;
|
|
||||||
error_log /var/log/nginx/overseerr.example.com-error.log;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://127.0.0.1:5055;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
Loading…
Reference in new issue