server { listen 0.0.0.0:80 default_server; location /deluge { return 302 $scheme://$host/deluge/; } location /deluge/ { proxy_pass http://localhost:8001/; proxy_set_header X-Deluge-Base "/deluge/"; include restrict-auth.conf; include proxy-control.conf; add_header X-Frame-Options SAMEORIGIN; } location /radarr { proxy_pass http://localhost:8002/radarr; include restrict-auth.conf; include proxy-control.conf; add_header X-Frame-Options SAMEORIGIN; } # allow radarr api to be reached location /radarr/api { proxy_pass http://localhost:8002/radarr/api; include restrict-auth.conf; include proxy-control.conf; add_header X-Frame-Options SAMEORIGIN; } location /sonarr { proxy_pass http://localhost:8003/sonarr; include restrict-auth.conf; include proxy-control.conf; add_header X-Frame-Options SAMEORIGIN; } # allow sonarr api to be reached location /sonarr/api { proxy_pass http://localhost:8003/sonarr/api; include restrict-auth.conf; include proxy-control.conf; add_header X-Frame-Options SAMEORIGIN; } location /openbooks { proxy_pass http://localhost:8004/openbooks/; include restrict-auth.conf; include proxy-control.conf; add_header X-Frame-Options SAMEORIGIN; } # openbooks uses a subdirectory for websocket connections location /openbooks/ws { proxy_pass http://localhost:8004/openbooks/ws; include restrict-auth.conf; include proxy-control.conf; add_header X-Frame-Options SAMEORIGIN; } location /jackett { proxy_pass http://localhost:8005/jackett; include restrict-auth.conf; include proxy-control.conf; add_header X-Frame-Options SAMEORIGIN; } # jellyfin doesn't require auth headers (it has its own authentication system) location /jellyfin { return 302 $scheme://$host/jellyfin/; } location /jellyfin/ { proxy_pass http://localhost:8006; include proxy-control.conf; } location / { proxy_pass http://localhost:8000/; include restrict-auth.conf; include proxy-control.conf; add_header X-Frame-Options SAMEORIGIN; } }