a50b6df21b
Fedimint UI HTML/CSS reference absolute /assets/* paths; under /app/fedimint/ those hit the main SPA, not the fedimint container, so the UI renders unstyled. Add the proven sub_filter asset-rewrite pattern (as indeedhub/ botfights use) to the /app/fedimint/ block in the nginx template + https snippet (also rewrites url(...) for the CSS background image). Bootstrap self-heal for already-deployed nodes is the documented resume point. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
367 lines
15 KiB
Plaintext
367 lines
15 KiB
Plaintext
# App proxies for HTTPS - avoids mixed content when embedding apps from HTTPS page
|
|
# Complete list for all apps that may be launched from the UI
|
|
location /app/grafana/ {
|
|
proxy_pass http://127.0.0.1:3000/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location = /app/uptime-kuma/ {
|
|
return 302 /app/uptime-kuma/dashboard;
|
|
}
|
|
location /app/uptime-kuma/ {
|
|
proxy_pass http://127.0.0.1:3002/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Prefix /app/uptime-kuma;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_redirect / /app/uptime-kuma/;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/gitea/ {
|
|
proxy_pass http://127.0.0.1:3001/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
proxy_hide_header Content-Security-Policy;
|
|
}
|
|
location /app/searxng/ {
|
|
proxy_pass http://127.0.0.1:8888/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/portainer/ {
|
|
proxy_pass http://127.0.0.1:9000/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/filebrowser/ {
|
|
client_max_body_size 10G;
|
|
proxy_pass http://127.0.0.1:8083/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_request_buffering off;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/endurain/ {
|
|
proxy_pass http://127.0.0.1:8080/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/lnd/ {
|
|
proxy_pass http://127.0.0.1:18083/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_read_timeout 300s;
|
|
proxy_send_timeout 300s;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/jellyfin/ {
|
|
proxy_pass http://127.0.0.1:8096/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/photoprism/ {
|
|
proxy_pass http://127.0.0.1:2342/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/mempool/ {
|
|
proxy_pass http://127.0.0.1:4080/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_read_timeout 300s;
|
|
proxy_send_timeout 300s;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/fedimint/ {
|
|
proxy_pass http://127.0.0.1:8175/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_read_timeout 300s;
|
|
proxy_send_timeout 300s;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_types text/css application/javascript application/json;
|
|
sub_filter_once off;
|
|
sub_filter 'href="/' 'href="/app/fedimint/';
|
|
sub_filter 'src="/' 'src="/app/fedimint/';
|
|
sub_filter "href='/" "href='/app/fedimint/";
|
|
sub_filter "src='/" "src='/app/fedimint/";
|
|
sub_filter 'url("/' 'url("/app/fedimint/';
|
|
sub_filter "url('/" "url('/app/fedimint/";
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/fedimint-gateway/ {
|
|
proxy_pass http://127.0.0.1:8176/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_read_timeout 300s;
|
|
proxy_send_timeout 300s;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/tailscale/ {
|
|
# Tailscale has no web UI — managed via CLI/Tailscale app
|
|
default_type application/json;
|
|
return 503 '{"error":{"code":"NO_WEB_UI","message":"Tailscale is managed via CLI"}}';
|
|
}
|
|
location /app/routstr/ {
|
|
proxy_pass http://127.0.0.1:8200/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/nostr-vpn/ {
|
|
proxy_pass http://127.0.0.1:8201/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
}
|
|
location /app/fips/ {
|
|
proxy_pass http://127.0.0.1:8202/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
}
|
|
location /app/ollama/ {
|
|
proxy_pass http://127.0.0.1:11434/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/bitcoin-ui/ {
|
|
proxy_pass http://127.0.0.1:8334/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/botfights/api/ {
|
|
proxy_pass http://127.0.0.1:9100/api/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_read_timeout 300s;
|
|
proxy_send_timeout 300s;
|
|
}
|
|
location /app/botfights/ {
|
|
proxy_pass http://127.0.0.1:9100/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_hide_header Cross-Origin-Embedder-Policy;
|
|
proxy_hide_header Cross-Origin-Opener-Policy;
|
|
proxy_hide_header Cross-Origin-Resource-Policy;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_types text/css application/javascript application/json;
|
|
sub_filter_once off;
|
|
sub_filter 'href="/' 'href="/app/botfights/';
|
|
sub_filter 'src="/' 'src="/app/botfights/';
|
|
sub_filter "href='/" "href='/app/botfights/";
|
|
sub_filter "src='/" "src='/app/botfights/";
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script><script>window.addEventListener("message",function(e){var d=e.data;if(d&&d.type==="arcade-input"&&d.key){var t=d.action==="up"?"keyup":"keydown";document.dispatchEvent(new KeyboardEvent(t,{key:d.key,bubbles:true}))}})</script></head>';
|
|
}
|
|
location /app/electrumx/ {
|
|
proxy_pass http://127.0.0.1:50002/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/indeedhub/_next/ {
|
|
proxy_pass http://127.0.0.1:7777/_next/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_cache_valid 200 30d;
|
|
add_header Cache-Control "public, max-age=2592000, immutable";
|
|
}
|
|
location /app/indeedhub/ws/ {
|
|
proxy_pass http://127.0.0.1:7777/ws/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_read_timeout 86400s;
|
|
}
|
|
location /app/indeedhub/ {
|
|
proxy_pass http://127.0.0.1:7777/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_types text/css application/javascript application/json;
|
|
sub_filter_once off;
|
|
sub_filter 'href="/' 'href="/app/indeedhub/';
|
|
sub_filter 'src="/' 'src="/app/indeedhub/';
|
|
sub_filter "href='/" "href='/app/indeedhub/";
|
|
sub_filter "src='/" "src='/app/indeedhub/";
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|
|
location /app/nginx-proxy-manager/ {
|
|
proxy_pass http://127.0.0.1:8081/;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_hide_header X-Frame-Options;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_set_header Accept-Encoding "";
|
|
sub_filter_once on;
|
|
sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
|
|
}
|