upstream backend { server [IP.des.Servers]:19999; keepalive 64; } server { listen 443 ssl default_server; listen 80 default_server; root /config/www; index index.html index.htm index.php; server_name [namedesservers].duckdns.org; ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; ### Ab hier Einbindung von Emby location /emby { include /config/nginx/proxy.conf; proxy_pass http://[IP.des.Servers]:8096; } ### Ab hier Einbindung von Airsonic location /airsonic { include /config/nginx/proxy.conf; proxy_pass http://[IP.des.Servers]:4040/airsonic; } location ~ /netdata/(?.*) { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backend/$ndpath$is_args$args; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } } ### Ab hier wird die GUI, das Web-Interface angesprochen ### Der erste Teil in eckigen Klammern entspricht einer Subdomain, ### die bei Installation unter "Subdomains" eingetragen wurde server { listen 443 ssl; server_name [GUI].[namedesservers].duckdns.org; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'MIIDMjCCAhoCCQDj1/RgLVgxzDANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQIDAJD QTERMA8GA1UEBwwIQ2FybHNiYWQxFzAVBgNVBAoMDkxpbnV4c2VydmVyLmlvMRQw EgYDVQQLDAtMU0lPIFNlcnZlcjEKMAgGA1UEAwwBKjAeFw0xODAxMTIyMDQ1MDla Fw0yODAxMTAyMDQ1MDlaMFsxCzAJBgNVBAgMAkNBMREwDwYDVQQHDAhDYXJsc2Jh ZDEXMBUGA1UECgwOTGludXhzZXJ2ZXIuaW8xFDASBgNVBAsMC0xTSU8gU2VydmVy MQowCAYDVQQDDAEqMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4rT nbga4kHCXI5hLB0yBj0PSGRTbFUFzC0vb9gAnJ6ZZny8lgYNNjBZVF15r/9rt7x9 xWMXaxIVA/G1gufYIwiTLtfgocu/Pf+FZ2QuV6zoq9AYtcapVcqPyzSIM0Gx0mmd VS9Zbb1VKXeO0MD4AIzjnfMpOMeoy/XrJOdsheW418GZAHe7CN1Lf6K8FQmK/s/W zwG/9jMrXoQ2NZTlG8QRe+yq0MJAXNmiIscod0BTtIJ5yu+c1jXal+bOkqzwwT/U AHSixt879jS8i8Vqs2Rj5LsX5vwV6OSxHECtwZ4GIRXPv1c92qrGD/2YmK17fs1Y 4mXrpJnUprwrvTW0NwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBFI6EuTSOlJCfx cyqTGcl+0C7IWEF7jysUAvl9yvZrbMDIIk7lAkdfrwMYhfLp9CfvWGyAe6XNKLPT SUOP1o3DZQfPjebbBFntI3vqjpKJn6LC9EP42H7ZoZ2LQTs1SHgIS3yxUm8FOsd1 l/8D//JjsYpd63aSDMDgJucOAbZrrIN1T+V+FvZwYPtTvZIiW9yhCV1KEhN7TwUY pXKyeTXZY6oin0viYebM5aCuFqO2HYLRCDkrJrhamvKkjW86O69AI8kiJUC3ciar ObwRBmJiB1fhZ5i9FpW8N8NPBQ2e3rNm9etoaJbw5edxmAfbhNYlQzLWDyeLlIKF JD4d+HsS'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; ### Ab hier Einbindung der GUI location / { include /config/nginx/proxy.conf; proxy_pass http://[IP.des.Servers]/; } } ### Beispiel für Einbindung von sicherheitskonformer nextcloud ### Der erste Teil in eckigen Klammern entspricht einer weiteren Subdomain, ### falls diese bei Installation unter "Subdomains" eingetragen wurde server { listen 443 ssl; server_name [nextcloud].[namedesservers].duckdns.org; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; ### Ab hier Einbindung von nextcloud location / { proxy_pass https://[IPdesServers]:444/; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; } }