server { listen %%interface%%:%%port%% default_server; include /etc/nginx/includes/server_params.conf; include /etc/nginx/includes/proxy_params.conf; proxy_buffering off; gzip_static off; client_max_body_size 0; location ^~ / { set $app '%%ingress_entry%%'; # Forward the raw request URI exactly as received by this nginx. # This is the safest way to preserve query-string encoding. proxy_pass http://127.0.0.1:5055$request_uri; proxy_http_version 1.1; proxy_set_header Referer $http_referer; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-Port $remote_port; proxy_set_header X-Forwarded-Host $host:$remote_port; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Port $remote_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Accept-Encoding ""; proxy_hide_header X-Powered-By; proxy_read_timeout 90; add_header X-Frame-Options "SAMEORIGIN"; add_header Referrer-Policy "no-referrer"; absolute_redirect off; proxy_redirect ^ $app; proxy_redirect /setup $app/setup; proxy_redirect /login $app/login; sub_filter_once off; # Do not rewrite every response type blindly. sub_filter_types text/html application/javascript text/javascript application/json; sub_filter 'href="/"' 'href="$app"'; sub_filter 'href="/login"' 'href="$app/login"'; sub_filter 'href:"/"' 'href:"$app"'; sub_filter '\/_next' '%%ingress_entry_escaped%%\/_next'; sub_filter '/_next' '$app/_next'; sub_filter '/api/v1' '$app/api/v1'; sub_filter '/login/plex/loading' '$app/login/plex/loading'; sub_filter '/images/' '$app/images/'; sub_filter '/imageproxy/' '$app/imageproxy/'; sub_filter '/avatarproxy/' '$app/avatarproxy/'; sub_filter '/android-' '$app/android-'; sub_filter '/apple-' '$app/apple-'; sub_filter '/favicon' '$app/favicon'; sub_filter '/logo_' '$app/logo_'; sub_filter '/site.webmanifest' '$app/site.webmanifest'; } }