- Download nginx and certbot with the nginx plugin
sudo apt install certbot python3-certbot-nginx nginx- Now make the file for the proxy
sudo nano /etc/nginx/sites-enabled/<your.domain>- The base file should look like this
server {
listen 80;
server_name yourdomain.com; # Replace with your domain or server IP
# Radarr Configuration
location ^~ /radarr {
proxy_pass http://127.0.0.1:7878;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
# Allow the API External Access via NGINX
location ^~ /radarr/api {
auth_basic off;
proxy_pass http://127.0.0.1:7878;
}
# [Rest of the location blocks from following examples go here]
}
- Settings --> General --> URL Base --> Add base (/radarr)
- Add below proxy in nginx configuration
location ^~ /radarr {
proxy_pass http://127.0.0.1:7878;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
# Allow the API External Access via NGINX
location ^~ /radarr/api {
auth_basic off;
proxy_pass http://127.0.0.1:7878;
}
- Restart containers.
- Settings --> General --> URL Base --> Add base (/sonarr)
- Add below proxy in nginx configuration
location ^~ /sonarr {
proxy_pass http://127.0.0.1:8989;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
# Allow the API External Access via NGINX
location ^~ /sonarr/api {
auth_basic off;
proxy_pass http://127.0.0.1:8989;
}
- Settings --> General --> URL Base --> Add base (/prowlarr)
- Add below proxy in nginx configuration
This may need to change configurations in indexers and base in URL.
location ^~ /prowlarr {
proxy_pass http://127.0.0.1:9696;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
# Allow the API/Indexer External Access via NGINX
location ^~ /prowlarr(/[0-9]+)?/api {
auth_basic off;
proxy_pass http://127.0.0.1:9696;
}
- Restart containers.
Note: If VPN is enabled, then Prowlarr is reachable on vpn's service name
location ^~ /qbt/ {
proxy_pass http://qbittorrent:5080/; # Comment this line if VPN is enabled.
# proxy_pass http://vpn:5080/; # Uncomment this line if VPN is enabled.
proxy_http_version 1.1;
proxy_set_header Host http://qbittorrent:5080; # Comment this line if VPN is enabled.
# proxy_set_header Host http://vpn:5080; # Uncomment this line if VPN is enabled.
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cookie_path / "/; Secure";
}
Note: If VPN is enabled, then qbittorrent is reachable on vpn's service name
- Add base URL, Admin Dashboard -> Networking -> Base URL (/jellyfin)
- Add below config in Ngix config
location ^~ /jellyfin {
return 302 $scheme://$host/jellyfin/;
}
location ^~ /jellyfin/ {
proxy_pass http://jellyfin:8096/jellyfin/;
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
Currently Jellyseerr/Overseerr doesnot officially support the subfolder/path reverse proxy. They have a workaround documented here without an official support. Find it here
location ^~ / {
proxy_pass http://127.0.0.1:5055;
proxy_set_header Referer $http_referer;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-Host $host:$remote_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
}
location ^~ /bazarr/ {
proxy_pass http://127.0.0.1:6767/bazarr/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_redirect off;
# Allow the Bazarr API through if you enable Auth on the block above
location ^~ /bazarr/api {
auth_request off;
proxy_pass http://127.0.0.1:6767/bazarr/api;
}
}
Optionally
server {
# other code here
# Increase http2 max sizes
large_client_header_buffers 4 16k;
}
- Open port 80 and 443.
- Add URL in server block. e.g.
server_name localhost mediastack.example.com;in /etc/nginx/conf.d/default.conf - Run
certbot --nginx -d <your.domain>and provide details asked.