(security_headers) { header { X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Referrer-Policy strict-origin-when-cross-origin X-XSS-Protection "1; mode=block" -Server } } (authelia) { forward_auth 100.78.131.124:9092 { uri /api/verify?rd=https://auth.jimmygan.com copy_headers Remote-User Remote-Groups Remote-Name Remote-Email } } # Authelia portal (no forward_auth on itself) auth.jimmygan.com { import security_headers reverse_proxy 100.78.131.124:9092 } # Protected services nas.jimmygan.com { import security_headers import authelia reverse_proxy 100.78.131.124:4000 } dev.nas.jimmygan.com { import security_headers import authelia reverse_proxy 100.78.131.124:4001 } music.jimmygan.com { import security_headers import authelia reverse_proxy 100.78.131.124:4533 { flush_interval -1 } } photos.jimmygan.com { import security_headers import authelia reverse_proxy 100.78.131.124:2283 { header_up X-Forwarded-Proto https header_up X-Forwarded-Host {host} } } photos-app.jimmygan.com { import security_headers reverse_proxy 100.78.131.124:2283 { header_up X-Forwarded-Proto https header_up X-Forwarded-Host {host} } }