1+ ## Version 2024/10/26
2+ # make sure that your romM container is named romm
3+ # make sure that your dns has a cname set for romm
4+
5+ server {
6+ listen 443 ssl;
7+ listen [::]:443 ssl;
8+
9+ server_name romm.*;
10+
11+ include /config/nginx/ssl.conf;
12+
13+ client_max_body_size 0;
14+
15+ # enable for ldap auth (requires ldap-location.conf in the location block)
16+ #include /config/nginx/ldap-server.conf;
17+
18+ # enable for Authelia (requires authelia-location.conf in the location block)
19+ #include /config/nginx/authelia-server.conf;
20+
21+ # enable for Authentik (requires authentik-location.conf in the location block)
22+ #include /config/nginx/authentik-server.conf;
23+
24+ location / {
25+ # enable the next two lines for http auth
26+ #auth_basic "Restricted";
27+ #auth_basic_user_file /config/nginx/.htpasswd;
28+
29+ # enable for ldap auth (requires ldap-server.conf in the server block)
30+ #include /config/nginx/ldap-location.conf;
31+
32+ # enable for Authelia (requires authelia-server.conf in the server block)
33+ #include /config/nginx/authelia-location.conf;
34+
35+ # enable for Authentik (requires authentik-server.conf in the server block)
36+ #include /config/nginx/authentik-location.conf;
37+
38+ include /config/nginx/proxy.conf;
39+ include /config/nginx/resolver.conf;
40+ set $upstream_app romm;
41+ set $upstream_port 8080;
42+ set $upstream_proto http;
43+ proxy_pass $upstream_proto://$upstream_app:$upstream_port;
44+
45+ # Hide version
46+ server_tokens off;
47+
48+ # Security headers
49+ add_header X-Frame-Options "SAMEORIGIN" always;
50+ add_header X-Content-Type-Options "nosniff" always;
51+ add_header X-XSS-Protection "1; mode=block" always;
52+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
53+ add_header Referrer-Policy "no-referrer-when-downgrade" always;
54+ }
55+ }
0 commit comments