Cleanup redundant headers from proxy.conf

adguard.subdomain.conf.sample

@@ -44,6 +44,6 @@ server {
         set $upstream_port 80;
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
-        
+
     }
 }

adminer.subfolder.conf.sample

@@ -3,6 +3,7 @@
 location /adminer {
     return 301 $scheme://$host/adminer/;
 }
+
 location ^~ /adminer/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";

bazarr.subdomain.conf.sample

@@ -35,8 +35,6 @@ server {
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "Upgrade";
     }
 
     location ~ (/bazarr)?/api {
@@ -47,7 +45,5 @@ server {
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "Upgrade";
     }
 }

bazarr.subfolder.conf.sample

@@ -3,6 +3,7 @@
 location /bazarr {
     return 301 $scheme://$host/bazarr/;
 }
+
 location ^~ /bazarr/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";
@@ -22,8 +23,6 @@ location ^~ /bazarr/ {
     set $upstream_proto http;
     proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "Upgrade";
 }
 
 location ^~ /bazarr/api {
@@ -34,6 +33,4 @@ location ^~ /bazarr/api {
     set $upstream_proto http;
     proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "Upgrade";
 }

beets.subfolder.conf.sample

@@ -19,8 +19,6 @@ location /beets {
     set $upstream_proto http;
     proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Scheme $scheme;
     proxy_set_header X-Script-Name /beets;
 }

bitwarden.subdomain.conf.sample

@@ -1,5 +1,6 @@
 # make sure that your dns has a cname set for bitwarden and that your bitwarden container is not using a base url
 # make sure your bitwarden container is named "bitwarden"
+# set the environment variable WEBSOCKET_ENABLED=true on your bitwarden container
 
 server {
     listen 443 ssl;
@@ -38,16 +39,35 @@ server {
 
     }
 
-    location /notifications/hub {
+    location /admin {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
         include /config/nginx/proxy.conf;
         resolver 127.0.0.11 valid=30s;
         set $upstream_app bitwarden;
         set $upstream_port 80;
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "Upgrade";
+    }
+
+    location /notifications/hub {
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app bitwarden;
+        set $upstream_port 3012;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
     }
 
     location /notifications/hub/negotiate {
@@ -59,5 +79,4 @@ server {
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
     }
-
 }

bookstack.subdomain.conf.sample

@@ -37,5 +37,5 @@ server {
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-    }   
+    }
 }

calibre-web.subfolder.conf.sample

@@ -3,6 +3,7 @@
 location /calibre-web {
     return 301 $scheme://$host/calibre-web/;
 }
+
 location ^~ /calibre-web/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";

calibre.subdomain.conf.sample

@@ -35,7 +35,5 @@ server {
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
         proxy_buffering off;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $http_connection;
     }
 }

calibre.subfolder.conf.sample

@@ -3,6 +3,7 @@
 location /calibre {
     return 301 $scheme://$host/calibre/;
 }
+
 location ^~ /calibre/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";

code-server.subdomain.conf.sample

@@ -35,7 +35,5 @@ server {
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection upgrade;
     }
 }

collabora.subdomain.conf.sample

@@ -49,8 +49,6 @@ server {
         set $upstream_proto https;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "Upgrade";
         proxy_set_header Host $http_host;
         proxy_read_timeout 36000s;
     }
@@ -74,8 +72,6 @@ server {
         set $upstream_proto https;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "Upgrade";
         proxy_set_header Host $http_host;
         proxy_read_timeout 36000s;
     }

deluge.subfolder.conf.sample

@@ -3,6 +3,7 @@
 location /deluge {
     return 301 $scheme://$host/deluge/;
 }
+
 location ^~ /deluge/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";

documentserver.subdomain.conf.sample

@@ -35,9 +35,6 @@ server {
         set $upstream_port 80;
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
-
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection upgrade;
 
     }
 }

dozzle.subfolder.conf.sample

@@ -3,6 +3,7 @@
 location /dozzle {
     return 301 $scheme://$host/dozzle/;
 }
+
 location ^~ /dozzle/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";

duplicati.subfolder.conf.sample

@@ -3,6 +3,7 @@
 location /duplicati {
     return 301 $scheme://$host/duplicati/;
 }
+
 location ^~ /duplicati/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";

emby.subdomain.conf.sample

@@ -25,8 +25,5 @@ server {
 
         proxy_set_header Range $http_range;
         proxy_set_header If-Range $http_if_range;
-
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $http_connection;
-   }
+    }
 }

emby.subfolder.conf.sample

@@ -8,6 +8,7 @@
 location /emby {
     return 301 $scheme://$host/emby/;
 }
+
 location ^~ /emby/ {
     include /config/nginx/proxy.conf;
     resolver 127.0.0.11 valid=30s;
@@ -28,6 +29,4 @@ location ^~ /embywebsocket {
     set $upstream_proto http;
     proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection $http_connection;
 }

flood.subfolder.conf.sample

@@ -3,6 +3,7 @@
 location /flood {
     return 301 $scheme://$host/flood/;
 }
+
 location ^~ /flood/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";

glances.subfolder.conf.sample

@@ -3,6 +3,7 @@
 location /glances {
     return 301 $scheme://$host/glances/;
 }
+
 location ^~ /glances/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";

gotify.subdomain.conf.sample

@@ -34,7 +34,6 @@ server {
         set $upstream_port 80;
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
+
     }
-}
+}

grocy.subdomain.conf.sample

@@ -36,5 +36,4 @@ server {
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
     }
-
 }

guacamole.subfolder.conf.sample

@@ -3,6 +3,7 @@
 location /guacamole {
     return 301 $scheme://$host/guacamole/;
 }
+
 location ^~ /guacamole/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";

homeassistant.subdomain.conf.sample

@@ -36,18 +36,4 @@ server {
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
     }
-
-    location /api/websocket {
-        resolver 127.0.0.11 valid=30s;
-        set $upstream_app homeassistant;
-        set $upstream_port 8123;
-        set $upstream_proto http;
-        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
-
-        proxy_set_header Host $host;
-
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-    }
 }

jellyfin.subdomain.conf.sample

@@ -35,7 +35,5 @@ server {
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $http_connection;
-   }
+    }
 }

jellyfin.subfolder.conf.sample

@@ -8,6 +8,7 @@
 location /jellyfin {
     return 301 $scheme://$host/jellyfin/;
 }
+
 location ^~ /jellyfin/ {
     include /config/nginx/proxy.conf;
     resolver 127.0.0.11 valid=30s;
@@ -18,6 +19,4 @@ location ^~ /jellyfin/ {
 
     proxy_set_header Range $http_range;
     proxy_set_header If-Range $http_if_range;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection $http_connection;
 }

jenkins.subfolder.conf.sample

@@ -4,6 +4,7 @@
 location /jenkins {
     return 301 $scheme://$host/jenkins/;
 }
+
 location ^~ /jenkins/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";

kanzi.subfolder.conf.sample

@@ -3,6 +3,7 @@
 location /kanzi {
     return 301 $scheme://$host/kanzi/;
 }
+
 location ^~ /kanzi/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";

mailu.subfolder.conf.sample

@@ -6,6 +6,7 @@
 location /admin{
     return 301 $scheme://$host/admin/;
 }
+
 location ^~ /admin/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";
@@ -17,7 +18,7 @@ location ^~ /admin/ {
 
     # enable for Authelia, also enable authelia-server.conf in the default site config
     #include /config/nginx/authelia-location.conf;
-    
+
     include /config/nginx/proxy.conf;
     resolver 127.0.0.11 valid=30s;
     set $upstream_app front;
@@ -30,6 +31,7 @@ location ^~ /admin/ {
 location /webmail{
     return 301 $scheme://$host/webmail/;
 }
+
 location ^~ /webmail/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";
@@ -41,7 +43,7 @@ location ^~ /webmail/ {
 
     # enable for Authelia, also enable authelia-server.conf in the default site config
     #include /config/nginx/authelia-location.conf;
-    
+
     include /config/nginx/proxy.conf;
     resolver 127.0.0.11 valid=30s;
     set $upstream_app front;

medusa.subdomain.conf.sample

@@ -29,8 +29,6 @@ server {
         #include /config/nginx/authelia-location.conf;
 
         include /config/nginx/proxy.conf;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
         resolver 127.0.0.11 valid=30s;
         set $upstream_app medusa;
         set $upstream_port 8081;

medusa.subfolder.conf.sample

@@ -13,8 +13,6 @@ location ^~ /medusa {
     #include /config/nginx/authelia-location.conf;
 
     include /config/nginx/proxy.conf;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
     resolver 127.0.0.11 valid=30s;
     set $upstream_app medusa;
     set $upstream_port 8081;

monitorr.subfolder.conf.sample

@@ -3,6 +3,7 @@
 location /monitorr {
     return 301 $scheme://$host/monitorr/;
 }
+
 location ^~ /monitorr/ {
     # enable the next two lines for http auth
     #auth_basic "Restricted";