server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;

    server_name servarr.loadingm.xyz;
    acme_certificate      letsencrypt;
    ssl_certificate       $acme_certificate; 
    ssl_certificate_key   $acme_certificate_key; 
    ssl_certificate_cache max=2;

    include /etc/nginx/snippets/authelia-location.conf;

    location /qbt/ {
        # include /etc/nginx/snippets/proxy.conf;
        include /etc/nginx/snippets/authelia-authrequest.conf;
        # proxy_pass http://qbittorrent:8080/;
        proxy_pass http://gluetun:8080/;
        proxy_http_version 1.1;
        proxy_set_header   Host               $proxy_host;
        proxy_set_header   X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host   $http_host;
        proxy_set_header   X-Forwarded-Proto  $scheme;
        proxy_cookie_path  /                  "/; Secure";
    }

    location ^~ /sonarr {
        include /etc/nginx/snippets/authelia-authrequest.conf;
        proxy_pass http://sonarr:8989/sonarr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
    }
    # Allow the API External Access via NGINX
    location ^~ /sonarr/api {
        auth_basic off;
        include /etc/nginx/snippets/authelia-authrequest.conf;
        proxy_pass http://sonarr:8989/sonarr/api;
    }

    location ^~ /radarr {
        include /etc/nginx/snippets/authelia-authrequest.conf;
        proxy_pass http://radarr:7878/radarr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
    }
    # Allow the API External Access via NGINX
    location ^~ /radarr/api {
        auth_basic off;
        include /etc/nginx/snippets/authelia-authrequest.conf;
        proxy_pass http://radarr:7878/radarr/api;
    }

    location ^~ /jackett/ {
        include /etc/nginx/snippets/authelia-authrequest.conf;
        add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'";
        proxy_pass http://jackett:9117;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
    }
}
