From b72eaee84c82fef63609b37a33f6ddbf5c501122 Mon Sep 17 00:00:00 2001 From: id4vip Date: Thu, 11 Dec 2025 14:50:37 -0700 Subject: [PATCH 1/2] Create pocketid.subdomain.conf.sample --- pocketid.subdomain.conf.sample | 67 ++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 pocketid.subdomain.conf.sample diff --git a/pocketid.subdomain.conf.sample b/pocketid.subdomain.conf.sample new file mode 100644 index 00000000..bfeb0dd2 --- /dev/null +++ b/pocketid.subdomain.conf.sample @@ -0,0 +1,67 @@ +## Version 2025/07/18 +# make sure that your pocketid container is named pocketid +# make sure that your dns has a cname set for pocketid + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name pocketid.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + if ($lan-ip = yes) { set $geo-whitelist yes; } + if ($geo-whitelist = no) { return 404; } + + + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app pocketid; + set $upstream_port 1411; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + +# proxy_set_header X-Forwarded-Host $http_host; +# proxy_set_header X-Scheme $scheme; + +# proxy_buffer_size 256k; +# proxy_buffers 4 512k; +# proxy_busy_buffers_size 512k; + + + } +} From 182365824818941b288d0ceb3f58690cbeafe438 Mon Sep 17 00:00:00 2001 From: id4vip Date: Fri, 19 Dec 2025 12:55:34 -0700 Subject: [PATCH 2/2] Update pocketid.subdomain.conf.sample --- pocketid.subdomain.conf.sample | 61 ++++++++++++++++++++++++++-------- 1 file changed, 48 insertions(+), 13 deletions(-) diff --git a/pocketid.subdomain.conf.sample b/pocketid.subdomain.conf.sample index bfeb0dd2..90607692 100644 --- a/pocketid.subdomain.conf.sample +++ b/pocketid.subdomain.conf.sample @@ -4,9 +4,9 @@ server { listen 443 ssl; -# listen 443 quic; + listen 443 quic; listen [::]:443 ssl; -# listen [::]:443 quic; + listen [::]:443 quic; server_name pocketid.*; @@ -28,10 +28,7 @@ server { if ($lan-ip = yes) { set $geo-whitelist yes; } if ($geo-whitelist = no) { return 404; } - - - - location / { + location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; @@ -48,20 +45,58 @@ server { # enable for Tinyauth (requires tinyauth-server.conf in the server block) #include /config/nginx/tinyauth-location.conf; - include /config/nginx/proxy.conf; +# include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app pocketid; set $upstream_port 1411; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; -# proxy_set_header X-Forwarded-Host $http_host; -# proxy_set_header X-Scheme $scheme; - -# proxy_buffer_size 256k; -# proxy_buffers 4 512k; -# proxy_busy_buffers_size 512k; +## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample + +# Timeout if the real server is dead + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; + +# Proxy Connection Settings +#### proxy_buffers 32 4k; + proxy_connect_timeout 240; + proxy_headers_hash_bucket_size 128; + proxy_headers_hash_max_size 1024; + proxy_http_version 1.1; + proxy_read_timeout 240; + proxy_redirect http:// $scheme://; + proxy_send_timeout 240; + +# Proxy Cache and Cookie Settings + proxy_cache_bypass $cookie_session; +#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps + proxy_no_cache $cookie_session; +# Proxy Header Settings + proxy_set_header Connection $connection_upgrade; + proxy_set_header Early-Data $ssl_early_data; + proxy_set_header Host $host; + proxy_set_header Proxy ""; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header X-Forwarded-Uri $request_uri; + proxy_set_header X-Original-Method $request_method; + proxy_set_header X-Original-URL $scheme://$http_host$request_uri; + proxy_set_header X-Real-IP $remote_addr; + + proxy_buffer_size 256k; + proxy_buffers 4 512k; + proxy_busy_buffers_size 512k; } } + + + +