linuxserver · nemchik · Feb 10, 2023 · Feb 5, 2023 · Feb 8, 2023
diff --git a/_template.subdomain.conf.sample b/_template.subdomain.conf.sample
@@ -1,8 +1,9 @@
-## Version 2022/09/08
+## Version 2023/02/05
 # REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template.
 # REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done.
 # REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings.
-# make sure that your dns has a cname set for <container_name> and that your <container_name> container is not using a base url
+# make sure that your <container_name> container is named <container_name>
+# make sure that your dns has a cname set for <container_name>
 
 server {
     listen 443 ssl;
@@ -20,6 +21,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -31,6 +35,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app <container_name>;

diff --git a/_template.subfolder.conf.sample b/_template.subfolder.conf.sample
@@ -1,8 +1,10 @@
-## Version 2022/09/08
+## Version 2023/02/05
 # REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template.
 # REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done.
 # REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings.
-# first go into <container_name> settings, under "General" set the URL Base to /<container_name>/ and restart the <container_name> container
+# make sure that your <container_name> container is named <container_name>
+# make sure that <container_name> is set to work with the base url /<container_name>/
+
 
 location /<container_name> {
     return 301 $scheme://$host/<container_name>/;
@@ -19,6 +21,9 @@ location ^~ /<container_name>/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app <container_name>;

diff --git a/adguard.subdomain.conf.sample b/adguard.subdomain.conf.sample
@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for adguard and that your adguard container is named adguard
+## Version 2023/02/05
+# make sure that your adguard container is named adguard
+# make sure that your dns has a cname set for adguard
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app adguard;

diff --git a/adminer.subfolder.conf.sample b/adminer.subfolder.conf.sample
@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# adminer does not require a base url setting, but the container needs to be named adminer
+## Version 2023/02/05
+# make sure that your adminer container is named adminer
+# adminer does not require a base url setting
 
 location /adminer {
     return 301 $scheme://$host/adminer/;
@@ -16,6 +17,9 @@ location ^~ /adminer/ {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app adminer;

diff --git a/adminmongo.subdomain.conf.sample b/adminmongo.subdomain.conf.sample
@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for adminmongo and that your adminmongo container is not using a base url
+## Version 2023/02/05
+# make sure that your adminmongo container is named adminmongo
+# make sure that your dns has a cname set for adminmongo
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app adminmongo;

diff --git a/airsonic.subdomain.conf.sample b/airsonic.subdomain.conf.sample
@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for airsonic and that your airsonic container is not using a base url
+## Version 2023/02/05
+# make sure that your airsonic container is named airsonic
+# make sure that your dns has a cname set for airsonic
 # add `server.use-forward-headers=true` to `/config/application.properties` to ensure logs contain real source IP
 
 server {
@@ -18,6 +19,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -29,6 +33,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app airsonic;

diff --git a/airsonic.subfolder.conf.sample b/airsonic.subfolder.conf.sample
@@ -1,4 +1,6 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your airsonic container is named airsonic
+# make sure that airsonic is set to work with the base url /airsonic/
 # set the CONTEXT_PATH variable to /airsonic in airsonic container.
 
 location ^~ /airsonic {
@@ -12,6 +14,9 @@ location ^~ /airsonic {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app airsonic;

diff --git a/apprise-api.subdomain.conf.sample b/apprise-api.subdomain.conf.sample
@@ -1,5 +1,6 @@
-## Version 2022/08/16
-# make sure that your dns has a cname set for apprise-api and that your apprise-api container is not using a base url
+## Version 2023/02/05
+# make sure that your apprise-api container is named apprise-api
+# make sure that your dns has a cname set for apprise-api
 
 server {
     listen 443 ssl;
@@ -11,24 +12,29 @@ server {
 
     client_max_body_size 0;
 
-    # enable for ldap auth, fill in ldap details in ldap.conf
-    #include /config/nginx/ldap.conf;
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
 
-    # enable for Authelia
+    # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
         #auth_basic_user_file /config/nginx/.htpasswd;
 
-        # enable the next two lines for ldap auth
-        #auth_request /auth;
-        #error_page 401 =200 /ldaplogin;
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
 
-        # enable for Authelia
+        # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app apprise-api;

diff --git a/archisteamfarm.subdomain.conf.sample b/archisteamfarm.subdomain.conf.sample
@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your archisteamfarm container is named archisteamfarm
 # make sure that your dns has a cname set for archisteamfarm
 
 server {
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app archisteamfarm;

diff --git a/aria2-with-webui.subdomain.conf.sample b/aria2-with-webui.subdomain.conf.sample
@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# Make sure that your dns has a cname set for aria2 and that your aria2-with-webui container is not using a base url
+## Version 2023/02/05
+# make sure that your aria2 container is named aria2-with-webui
+# make sure that your dns has a cname set for aria2
 #
 # The RPC port will need to be changed to 443 in the AriaNg/WebUI-Aria2 settings or by using the AriaNg command api
 # e.g. https://aria2.example.com/#!/settings/rpc/set/https/aria2.example.com/443/jsonrpc
@@ -21,6 +22,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -32,6 +36,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app aria2-with-webui;

diff --git a/audiobookshelf.subdomain.conf.sample b/audiobookshelf.subdomain.conf.sample
@@ -1,5 +1,6 @@
-## Version 2022/09/08
-# make sure that your dns has a cname set for audiobookshelf and that your audiobookshelf container is not using a base url
+## Version 2023/02/05
+# make sure that your audiobookshelf container is named audiobookshelf
+# make sure that your dns has a cname set for audiobookshelf
 
 server {
     listen 443 ssl;
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app audiobookshelf;

diff --git a/audiobookshelf.subfolder.conf.sample b/audiobookshelf.subfolder.conf.sample
@@ -1,4 +1,6 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your audiobookshelf container is named audiobookshelf
+# make sure that audiobookshelf is set to work with the base url /audiobookshelf/
 # set the CONTEXT_PATH variable to /audiobookshelf in audiobookshelf container.
 
 location ^~ /audiobookshelf {
@@ -12,6 +14,9 @@ location ^~ /audiobookshelf {
     # enable for Authelia (requires authelia-server.conf in the server block)
     #include /config/nginx/authelia-location.conf;
 
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_app audiobookshelf;

diff --git a/authelia.subdomain.conf.sample b/authelia.subdomain.conf.sample
@@ -1,9 +1,10 @@
-## Version 2021/05/18
+## Version 2023/02/05
+# make sure that your authelia container is named authelia
 # make sure that your dns has a cname set for authelia
-# the default authelia-server and authelia-location confs included with letsencrypt rely on
-# subfolder proxy at "/authelia" and enabling of this proxy conf is not necessary.
-# But if you'd like to use authelia via subdomain, you can enable this proxy and set up your own
-# authelia-server and authelia-location confs as described in authelia docs.
+# the default authelia-server and authelia-location confs included with swag rely on
+# a built-in subfolder proxy at "/authelia" and enabling this proxy conf is not necessary.
+# But if you'd like to use authelia via subdomain, you can enable this proxy and set
+# the $authelia_backed variable in the authelia-server.conf.
 
 server {
     listen 443 ssl;

diff --git a/authentik.subdomain.conf.sample b/authentik.subdomain.conf.sample
@@ -0,0 +1,25 @@
+## Version 2023/02/05
+# make sure that your authentik container is named authentik-server
+# make sure that your dns has a cname set for authentik
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name authentik.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app authentik-server;
+        set $upstream_port 9000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/babybuddy.subdomain.conf.sample b/babybuddy.subdomain.conf.sample
@@ -1,4 +1,5 @@
-## Version 2022/09/08
+## Version 2023/02/05
+# make sure that your babybuddy container is named babybuddy
 # make sure that your dns has a cname set for babybuddy
 
 server {
@@ -17,6 +18,9 @@ server {
     # enable for Authelia (requires authelia-location.conf in the location block)
     #include /config/nginx/authelia-server.conf;
 
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
     location / {
         # enable the next two lines for http auth
         #auth_basic "Restricted";
@@ -28,6 +32,9 @@ server {
         # enable for Authelia (requires authelia-server.conf in the server block)
         #include /config/nginx/authelia-location.conf;
 
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app babybuddy;