From b72eaee84c82fef63609b37a33f6ddbf5c501122 Mon Sep 17 00:00:00 2001
From: id4vip <id4vip@yahoo.com>
Date: Thu, 11 Dec 2025 14:50:37 -0700
Subject: [PATCH] Create pocketid.subdomain.conf.sample

---
 pocketid.subdomain.conf.sample | 67 ++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 pocketid.subdomain.conf.sample

diff --git a/pocketid.subdomain.conf.sample b/pocketid.subdomain.conf.sample
new file mode 100644
index 00000000..bfeb0dd2
--- /dev/null
+++ b/pocketid.subdomain.conf.sample
@@ -0,0 +1,67 @@
+## Version 2025/07/18
+# make sure that your pocketid container is named pocketid
+# make sure that your dns has a cname set for pocketid
+
+server {
+    listen 443 ssl;
+#    listen 443 quic;
+    listen [::]:443 ssl;
+#    listen [::]:443 quic;
+
+    server_name pocketid.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
+    # enable for Tinyauth (requires tinyauth-location.conf in the location block)
+    #include /config/nginx/tinyauth-server.conf;
+
+    if ($lan-ip = yes) { set $geo-whitelist yes; }
+    if ($geo-whitelist = no) { return 404; }
+
+
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
+        # enable for Tinyauth (requires tinyauth-server.conf in the server block)
+        #include /config/nginx/tinyauth-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app pocketid;
+        set $upstream_port 1411;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+#        proxy_set_header X-Forwarded-Host $http_host;
+#        proxy_set_header X-Scheme $scheme;
+
+#        proxy_buffer_size 256k;
+#        proxy_buffers 4 512k;
+#        proxy_busy_buffers_size 512k;
+
+
+    }
+}