From 8d6fb20c2c7affeae5e1474db94f6c2a9b698586 Mon Sep 17 00:00:00 2001
From: NebulaOnion <nebulaonion@noreply.anonymousland.org>
Date: Mon, 23 Jan 2023 15:23:38 +0000
Subject: [PATCH] Add njalla nginx files and organize into folders (#5)

Co-authored-by: NebulaOnion <nebulaonion@tutanota.com>
Reviewed-on: https://git.anonymousland.org/anonymousland/infrastructure/pulls/5
---
 {nginx => 1984vps/nginx}/Synapse/proxy.conf   |   0
 .../nginx}/Synapse/site-confs/default.conf    |   0
 .../nginx}/Synapse/site-confs/dimension.conf  |   0
 .../site-confs/matrix.anonymousland.org.conf  |   0
 .../nginx}/Synapse/site-confs/maubot.conf     |   0
 .../nginx}/Synapse/site-confs/tor.conf        |   0
 {nginx => 1984vps/nginx}/Synapse/ssl.conf     |   0
 .../scripts}/synapse/blockstatus.sh           |   0
 .../scripts}/synapse/delete_empty_rooms.py    |   0
 .../scripts}/synapse/getrooms.sh              |   0
 .../scripts}/synapse/populate.sh              |   0
 .../scripts}/synapse/removemedia.sh           |   0
 njallavps/swag/.donoteditthisfile.conf        |   1 +
 njallavps/swag/.migrations                    |   1 +
 njallavps/swag/crontabs/root                  |   9 +
 .../swag/dns-conf/acmedns-registration.json   |   9 +
 njallavps/swag/dns-conf/acmedns.ini           |   5 +
 njallavps/swag/dns-conf/aliyun.ini            |   6 +
 njallavps/swag/dns-conf/azure.ini             |  26 ++
 njallavps/swag/dns-conf/cloudflare.ini        |   9 +
 njallavps/swag/dns-conf/cloudxns.ini          |   4 +
 njallavps/swag/dns-conf/cpanel.ini            |   6 +
 njallavps/swag/dns-conf/desec.ini             |   4 +
 njallavps/swag/dns-conf/digitalocean.ini      |   3 +
 njallavps/swag/dns-conf/directadmin.ini       |  21 +
 njallavps/swag/dns-conf/dnsimple.ini          |   3 +
 njallavps/swag/dns-conf/dnsmadeeasy.ini       |   4 +
 njallavps/swag/dns-conf/dnspod.ini            |   5 +
 njallavps/swag/dns-conf/do.ini                |   3 +
 njallavps/swag/dns-conf/domeneshop.ini        |   4 +
 njallavps/swag/dns-conf/duckdns.ini           |   3 +
 njallavps/swag/dns-conf/dynu.ini              |   3 +
 njallavps/swag/dns-conf/gandi.ini             |   3 +
 njallavps/swag/dns-conf/gehirn.ini            |   4 +
 njallavps/swag/dns-conf/godaddy.ini           |   4 +
 njallavps/swag/dns-conf/google.json           |   6 +
 njallavps/swag/dns-conf/he.ini                |   4 +
 njallavps/swag/dns-conf/hetzner.ini           |   3 +
 njallavps/swag/dns-conf/infomaniak.ini        |   3 +
 njallavps/swag/dns-conf/inwx.ini              |   6 +
 njallavps/swag/dns-conf/ionos.ini             |   5 +
 njallavps/swag/dns-conf/linode.ini            |   3 +
 njallavps/swag/dns-conf/loopia.ini            |   3 +
 njallavps/swag/dns-conf/luadns.ini            |   4 +
 njallavps/swag/dns-conf/netcup.ini            |   3 +
 njallavps/swag/dns-conf/njalla.ini            |   2 +
 njallavps/swag/dns-conf/nsone.ini             |   3 +
 njallavps/swag/dns-conf/ovh.ini               |   6 +
 njallavps/swag/dns-conf/porkbun.ini           |   4 +
 njallavps/swag/dns-conf/rfc2136.ini           |  11 +
 njallavps/swag/dns-conf/route53.ini           |   5 +
 njallavps/swag/dns-conf/sakuracloud.ini       |   4 +
 njallavps/swag/dns-conf/standalone.ini        |   8 +
 njallavps/swag/dns-conf/transip.ini           |  30 ++
 njallavps/swag/dns-conf/vultr.ini             |   3 +
 njallavps/swag/etc/letsencrypt/note.txt       |   1 +
 .../swag/fail2ban/action.d/abuseipdb.conf     | 104 +++++
 njallavps/swag/fail2ban/action.d/apf.conf     |  25 ++
 njallavps/swag/fail2ban/action.d/apprise.conf |  49 +++
 njallavps/swag/fail2ban/action.d/badips.conf  |  19 +
 njallavps/swag/fail2ban/action.d/badips.py    | 391 ++++++++++++++++++
 .../swag/fail2ban/action.d/blocklist_de.conf  |  84 ++++
 .../swag/fail2ban/action.d/bsd-ipfw.conf      |  94 +++++
 .../fail2ban/action.d/cloudflare-token.conf   |  92 +++++
 .../swag/fail2ban/action.d/cloudflare.conf    |  88 ++++
 .../swag/fail2ban/action.d/complain.conf      | 121 ++++++
 njallavps/swag/fail2ban/action.d/dshield.conf | 207 ++++++++++
 njallavps/swag/fail2ban/action.d/dummy.conf   |  63 +++
 .../action.d/firewallcmd-allports.conf        |  45 ++
 .../fail2ban/action.d/firewallcmd-common.conf |  76 ++++
 .../fail2ban/action.d/firewallcmd-ipset.conf  | 121 ++++++
 .../action.d/firewallcmd-multiport.conf       |  26 ++
 .../fail2ban/action.d/firewallcmd-new.conf    |  47 +++
 .../action.d/firewallcmd-rich-logging.conf    |  29 ++
 .../action.d/firewallcmd-rich-rules.conf      |  44 ++
 .../fail2ban/action.d/helpers-common.conf     |  17 +
 .../swag/fail2ban/action.d/hostsdeny.conf     |  62 +++
 .../swag/fail2ban/action.d/ipfilter.conf      |  58 +++
 njallavps/swag/fail2ban/action.d/ipfw.conf    |  68 +++
 .../fail2ban/action.d/iptables-allports.conf  |  15 +
 .../fail2ban/action.d/iptables-common.conf    |  92 +++++
 .../action.d/iptables-ipset-proto4.conf       |  66 +++
 .../iptables-ipset-proto6-allports.conf       |  27 ++
 .../action.d/iptables-ipset-proto6.conf       |  27 ++
 .../fail2ban/action.d/iptables-ipset.conf     |  90 ++++
 .../action.d/iptables-multiport-log.conf      |  68 +++
 .../fail2ban/action.d/iptables-multiport.conf |  14 +
 .../swag/fail2ban/action.d/iptables-new.conf  |  15 +
 .../action.d/iptables-xt_recent-echo.conf     |  87 ++++
 .../swag/fail2ban/action.d/iptables.conf      | 162 ++++++++
 .../swag/fail2ban/action.d/ipthreat.conf      | 107 +++++
 .../swag/fail2ban/action.d/mail-buffered.conf |  86 ++++
 .../fail2ban/action.d/mail-whois-common.conf  |  28 ++
 .../fail2ban/action.d/mail-whois-lines.conf   |  92 +++++
 .../swag/fail2ban/action.d/mail-whois.conf    |  71 ++++
 njallavps/swag/fail2ban/action.d/mail.conf    |  65 +++
 .../swag/fail2ban/action.d/mynetwatchman.conf | 143 +++++++
 .../swag/fail2ban/action.d/netscaler.conf     |  33 ++
 .../fail2ban/action.d/nftables-allports.conf  |  17 +
 .../fail2ban/action.d/nftables-multiport.conf |  17 +
 .../swag/fail2ban/action.d/nftables.conf      | 203 +++++++++
 .../fail2ban/action.d/nginx-block-map.conf    | 117 ++++++
 njallavps/swag/fail2ban/action.d/npf.conf     |  61 +++
 .../swag/fail2ban/action.d/nsupdate.conf      | 114 +++++
 .../swag/fail2ban/action.d/osx-afctl.conf     |  16 +
 .../swag/fail2ban/action.d/osx-ipfw.conf      |  87 ++++
 njallavps/swag/fail2ban/action.d/pf.conf      | 124 ++++++
 njallavps/swag/fail2ban/action.d/route.conf   |  29 ++
 .../fail2ban/action.d/sendmail-buffered.conf  |  99 +++++
 .../fail2ban/action.d/sendmail-common.conf    |  77 ++++
 .../action.d/sendmail-geoip-lines.conf        |  59 +++
 .../sendmail-whois-ipjailmatches.conf         |  41 ++
 .../action.d/sendmail-whois-ipmatches.conf    |  41 ++
 .../action.d/sendmail-whois-lines.conf        |  52 +++
 .../action.d/sendmail-whois-matches.conf      |  41 ++
 .../fail2ban/action.d/sendmail-whois.conf     |  40 ++
 .../swag/fail2ban/action.d/sendmail.conf      |  37 ++
 .../action.d/shorewall-ipset-proto6.conf      |  93 +++++
 .../swag/fail2ban/action.d/shorewall.conf     |  73 ++++
 njallavps/swag/fail2ban/action.d/smtp.py      | 230 +++++++++++
 .../symbiosis-blacklist-allports.conf         |  60 +++
 njallavps/swag/fail2ban/action.d/ufw.conf     |  75 ++++
 .../fail2ban/action.d/xarf-login-attack.conf  | 143 +++++++
 njallavps/swag/fail2ban/filter.d/3proxy.conf  |  20 +
 .../fail2ban/filter.d/alpine-sshd-ddos.conf   |  26 ++
 .../swag/fail2ban/filter.d/alpine-sshd.conf   |  30 ++
 .../swag/fail2ban/filter.d/apache-auth.conf   |  71 ++++
 .../fail2ban/filter.d/apache-badbots.conf     |  24 ++
 .../fail2ban/filter.d/apache-botsearch.conf   |  39 ++
 .../swag/fail2ban/filter.d/apache-common.conf |  44 ++
 .../filter.d/apache-fakegooglebot.conf        |  16 +
 .../fail2ban/filter.d/apache-modsecurity.conf |  19 +
 .../swag/fail2ban/filter.d/apache-nohome.conf |  20 +
 .../fail2ban/filter.d/apache-noscript.conf    |  37 ++
 .../fail2ban/filter.d/apache-overflows.conf   |  40 ++
 .../swag/fail2ban/filter.d/apache-pass.conf   |  19 +
 .../fail2ban/filter.d/apache-shellshock.conf  |  28 ++
 njallavps/swag/fail2ban/filter.d/assp.conf    |  46 +++
 .../swag/fail2ban/filter.d/asterisk.conf      |  55 +++
 .../swag/fail2ban/filter.d/bitwarden.conf     |  13 +
 .../fail2ban/filter.d/botsearch-common.conf   |  19 +
 .../swag/fail2ban/filter.d/centreon.conf      |   9 +
 njallavps/swag/fail2ban/filter.d/common.conf  |  89 ++++
 .../fail2ban/filter.d/counter-strike.conf     |  15 +
 .../swag/fail2ban/filter.d/courier-auth.conf  |  21 +
 .../swag/fail2ban/filter.d/courier-smtp.conf  |  22 +
 .../swag/fail2ban/filter.d/cyrus-imap.conf    |  20 +
 .../swag/fail2ban/filter.d/directadmin.conf   |  22 +
 .../swag/fail2ban/filter.d/domino-smtp.conf   |  50 +++
 njallavps/swag/fail2ban/filter.d/dovecot.conf |  50 +++
 .../swag/fail2ban/filter.d/dropbear.conf      |  50 +++
 .../swag/fail2ban/filter.d/drupal-auth.conf   |  26 ++
 .../swag/fail2ban/filter.d/ejabberd-auth.conf |  40 ++
 .../swag/fail2ban/filter.d/exim-common.conf   |  20 +
 .../swag/fail2ban/filter.d/exim-spam.conf     |  50 +++
 njallavps/swag/fail2ban/filter.d/exim.conf    |  54 +++
 .../swag/fail2ban/filter.d/freeswitch.conf    |  58 +++
 .../swag/fail2ban/filter.d/froxlor-auth.conf  |  40 ++
 njallavps/swag/fail2ban/filter.d/gitea.conf   |   4 +
 njallavps/swag/fail2ban/filter.d/gitlab.conf  |   6 +
 njallavps/swag/fail2ban/filter.d/grafana.conf |   9 +
 .../swag/fail2ban/filter.d/groupoffice.conf   |  14 +
 njallavps/swag/fail2ban/filter.d/gssftpd.conf |  18 +
 .../swag/fail2ban/filter.d/guacamole.conf     |  51 +++
 .../fail2ban/filter.d/haproxy-http-auth.conf  |  37 ++
 njallavps/swag/fail2ban/filter.d/horde.conf   |  16 +
 .../ignorecommands/apache-fakegooglebot       |  49 +++
 njallavps/swag/fail2ban/filter.d/kerio.conf   |  24 ++
 .../swag/fail2ban/filter.d/lighttpd-auth.conf |  10 +
 .../swag/fail2ban/filter.d/mongodb-auth.conf  |  49 +++
 njallavps/swag/fail2ban/filter.d/monit.conf   |  25 ++
 .../swag/fail2ban/filter.d/monitorix.conf     |  25 ++
 .../swag/fail2ban/filter.d/mssql-auth.conf    |  15 +
 njallavps/swag/fail2ban/filter.d/murmur.conf  |  34 ++
 .../swag/fail2ban/filter.d/mysqld-auth.conf   |  32 ++
 njallavps/swag/fail2ban/filter.d/nagios.conf  |  17 +
 .../swag/fail2ban/filter.d/named-refused.conf |  53 +++
 .../fail2ban/filter.d/nginx-bad-request.conf  |  16 +
 .../swag/fail2ban/filter.d/nginx-badbots.conf |  21 +
 .../fail2ban/filter.d/nginx-botsearch.conf    |  25 ++
 .../swag/fail2ban/filter.d/nginx-deny.conf    |  15 +
 .../fail2ban/filter.d/nginx-http-auth.conf    |  34 ++
 .../fail2ban/filter.d/nginx-limit-req.conf    |  49 +++
 .../fail2ban/filter.d/nginx-unauthorized.conf |   7 +
 njallavps/swag/fail2ban/filter.d/nsd.conf     |  31 ++
 njallavps/swag/fail2ban/filter.d/openhab.conf |  15 +
 .../swag/fail2ban/filter.d/openwebmail.conf   |  15 +
 .../swag/fail2ban/filter.d/oracleims.conf     |  63 +++
 .../swag/fail2ban/filter.d/pam-generic.conf   |  33 ++
 .../swag/fail2ban/filter.d/perdition.conf     |  18 +
 .../swag/fail2ban/filter.d/php-url-fopen.conf |  23 ++
 .../fail2ban/filter.d/phpmyadmin-syslog.conf  |  18 +
 .../swag/fail2ban/filter.d/portsentry.conf    |  15 +
 njallavps/swag/fail2ban/filter.d/postfix.conf |  81 ++++
 njallavps/swag/fail2ban/filter.d/proftpd.conf |  33 ++
 .../swag/fail2ban/filter.d/pure-ftpd.conf     |  40 ++
 njallavps/swag/fail2ban/filter.d/qmail.conf   |  31 ++
 .../swag/fail2ban/filter.d/recidive.conf      |  38 ++
 .../fail2ban/filter.d/roundcube-auth.conf     |  39 ++
 .../swag/fail2ban/filter.d/scanlogd.conf      |  17 +
 .../fail2ban/filter.d/screensharingd.conf     |  31 ++
 .../fail2ban/filter.d/selinux-common.conf     |  23 ++
 .../swag/fail2ban/filter.d/selinux-ssh.conf   |  25 ++
 .../swag/fail2ban/filter.d/sendmail-auth.conf |  25 ++
 .../fail2ban/filter.d/sendmail-reject.conf    |  68 +++
 njallavps/swag/fail2ban/filter.d/sieve.conf   |  18 +
 njallavps/swag/fail2ban/filter.d/slapd.conf   |  25 ++
 .../swag/fail2ban/filter.d/softethervpn.conf  |   9 +
 .../swag/fail2ban/filter.d/sogo-auth.conf     |  22 +
 .../swag/fail2ban/filter.d/solid-pop3d.conf   |  32 ++
 njallavps/swag/fail2ban/filter.d/squid.conf   |  16 +
 .../swag/fail2ban/filter.d/squirrelmail.conf  |  12 +
 njallavps/swag/fail2ban/filter.d/sshd.conf    | 138 +++++++
 njallavps/swag/fail2ban/filter.d/stunnel.conf |  13 +
 njallavps/swag/fail2ban/filter.d/suhosin.conf |  28 ++
 njallavps/swag/fail2ban/filter.d/tine20.conf  |  24 ++
 .../swag/fail2ban/filter.d/traefik-auth.conf  |  76 ++++
 .../swag/fail2ban/filter.d/uwimap-auth.conf   |  17 +
 njallavps/swag/fail2ban/filter.d/vsftpd.conf  |  22 +
 .../swag/fail2ban/filter.d/webmin-auth.conf   |  22 +
 njallavps/swag/fail2ban/filter.d/wuftpd.conf  |  22 +
 .../swag/fail2ban/filter.d/xinetd-fail.conf   |  29 ++
 .../swag/fail2ban/filter.d/znc-adminlog.conf  |  34 ++
 .../swag/fail2ban/filter.d/zoneminder.conf    |  27 ++
 njallavps/swag/fail2ban/jail.local            |  78 ++++
 njallavps/swag/nginx/authelia-location.conf   |  15 +
 .../swag/nginx/authelia-location.conf.sample  |  15 +
 njallavps/swag/nginx/authelia-server.conf     |  52 +++
 .../swag/nginx/authelia-server.conf.sample    |  50 +++
 njallavps/swag/nginx/default                  |   0
 njallavps/swag/nginx/dhparams.pem             |  13 +
 njallavps/swag/nginx/elementssl.conf          |  47 +++
 njallavps/swag/nginx/gitssl.conf              |  48 +++
 njallavps/swag/nginx/ldap-location.conf       |   4 +
 .../swag/nginx/ldap-location.conf.sample      |   4 +
 njallavps/swag/nginx/ldap-server.conf         |  92 +++++
 njallavps/swag/nginx/ldap-server.conf.sample  |  90 ++++
 njallavps/swag/nginx/ldap.conf                |  92 +++++
 njallavps/swag/nginx/nginx.conf               |  78 ++++
 njallavps/swag/nginx/nginx.conf.sample        |  81 ++++
 .../swag/nginx/proxy-confs/.editorconfig      |  13 +
 njallavps/swag/nginx/proxy-confs/README.md    |  50 +++
 .../_template.subdomain.conf.sample           |  56 +++
 .../_template.subfolder.conf.sample           |  43 ++
 .../proxy-confs/adguard.subdomain.conf.sample |  61 +++
 .../proxy-confs/adminer.subfolder.conf.sample |  26 ++
 .../adminmongo.subdomain.conf.sample          |  38 ++
 .../airsonic.subdomain.conf.sample            |  40 ++
 .../airsonic.subfolder.conf.sample            |  22 +
 .../apprise-api.subdomain.conf.sample         |  41 ++
 .../archisteamfarm.subdomain.conf.sample      |  39 ++
 .../aria2-with-webui.subdomain.conf.sample    |  63 +++
 .../audiobookshelf.subdomain.conf.sample      |  39 ++
 .../audiobookshelf.subfolder.conf.sample      |  22 +
 .../authelia.subdomain.conf.sample            |  28 ++
 .../babybuddy.subdomain.conf.sample           |  39 ++
 .../proxy-confs/bazarr.subdomain.conf.sample  |  49 +++
 .../proxy-confs/bazarr.subfolder.conf.sample  |  36 ++
 .../proxy-confs/beets.subdomain.conf.sample   |  40 ++
 .../proxy-confs/beets.subfolder.conf.sample   |  24 ++
 .../bitwarden.subdomain.conf.sample           |  81 ++++
 .../bitwarden.subfolder.conf.sample           |  67 +++
 .../proxy-confs/boinc.subdomain.conf.sample   |  40 ++
 .../proxy-confs/boinc.subfolder.conf.sample   |  27 ++
 .../booksonic.subdomain.conf.sample           |  39 ++
 .../booksonic.subfolder.conf.sample           |  22 +
 .../bookstack.subdomain.conf.sample           |  41 ++
 .../proxy-confs/budge.subdomain.conf.sample   |  41 ++
 .../calibre-web.subdomain.conf.sample         |  57 +++
 .../calibre-web.subfolder.conf.sample         |  46 +++
 .../proxy-confs/calibre.subdomain.conf.sample |  66 +++
 .../proxy-confs/calibre.subfolder.conf.sample |  53 +++
 .../castopod.subdomain.conf.sample            |  38 ++
 .../changedetection.subdomain.conf.sample     |  39 ++
 .../chevereto.subdomain.conf.sample           |  38 ++
 .../chronograf.subdomain.conf.sample          |  39 ++
 .../chronograf.subfolder.conf.sample          |  27 ++
 .../cloudbeaver.subdomain.conf.sample         |  42 ++
 .../code-server.subdomain.conf.sample         |  39 ++
 .../proxy-confs/codimd.subdomain.conf.sample  |  41 ++
 .../collabora.subdomain.conf.sample           |  39 ++
 .../commento.subdomain.conf.sample            |  39 ++
 .../couchpotato.subdomain.conf.sample         |  39 ++
 .../couchpotato.subfolder.conf.sample         |  22 +
 .../crontabui.subfolder.conf.sample           |  27 ++
 .../crowdsec-dashboard.subdomain.conf.sample  |  43 ++
 .../crowdsec.subdomain.conf.sample            |  40 ++
 .../proxy-confs/dashy.subdomain.conf.sample   |  38 ++
 .../proxy-confs/deluge.subdomain.conf.sample  |  39 ++
 .../proxy-confs/deluge.subfolder.conf.sample  |  28 ++
 .../dillinger.subdomain.conf.sample           |  39 ++
 .../documentserver.subdomain.conf.sample      |  40 ++
 .../dokuwiki.subdomain.conf.sample            |  40 ++
 .../dokuwiki.subfolder.conf.sample            |  27 ++
 .../domoticz.subdomain.conf.sample            |  39 ++
 .../domoticz.subfolder.conf.sample            |  22 +
 .../proxy-confs/dozzle.subdomain.conf.sample  |  39 ++
 .../proxy-confs/dozzle.subfolder.conf.sample  |  29 ++
 .../proxy-confs/drone.subdomain.conf.sample   |  36 ++
 .../duplicati.subdomain.conf.sample           |  39 ++
 .../duplicati.subfolder.conf.sample           |  27 ++
 .../element.anonymousland.org.conf            |  30 ++
 .../proxy-confs/emby.subdomain.conf.sample    |  30 ++
 .../proxy-confs/emby.subfolder.conf.sample    |  33 ++
 .../embystat.subdomain.conf.sample            |  39 ++
 .../emulatorjs.subdomain.conf.sample          |  64 +++
 .../proxy-confs/filebot.subdomain.conf.sample |  47 +++
 .../proxy-confs/filebot.subfolder.conf.sample |  27 ++
 .../filebrowser.subdomain.conf.sample         |  65 +++
 .../filebrowser.subfolder.conf.sample         |  56 +++
 .../proxy-confs/firefly.subdomain.conf.sample |  38 ++
 .../proxy-confs/firefox.subdomain.conf.sample |  39 ++
 .../proxy-confs/flexget.subdomain.conf.sample |  39 ++
 .../proxy-confs/flexget.subfolder.conf.sample |  34 ++
 .../proxy-confs/flood.subdomain.conf.sample   |  39 ++
 .../proxy-confs/flood.subfolder.conf.sample   |  27 ++
 .../foldingathome.subdomain.conf.sample       |  40 ++
 .../foundryvtt.subdomain.conf.sample          |  48 +++
 .../freshrss.subdomain.conf.sample            |  44 ++
 .../freshrss.subfolder.conf.sample            |  32 ++
 .../proxy-confs/gaps.subdomain.conf.sample    |  40 ++
 .../proxy-confs/gaps.subfolder.conf.sample    |  28 ++
 .../get_iplayer.subdomain.conf.sample         |  39 ++
 .../proxy-confs/ghost.subdomain.conf.sample   |  39 ++
 .../proxy-confs/ghost.subfolder.conf.sample   |  23 ++
 .../proxy-confs/gitea.subdomain.conf.sample   |  43 ++
 .../proxy-confs/gitea.subfolder.conf.sample   |  21 +
 .../proxy-confs/glances.subdomain.conf.sample |  39 ++
 .../proxy-confs/glances.subfolder.conf.sample |  27 ++
 .../proxy-confs/gotify.subdomain.conf.sample  |  39 ++
 .../proxy-confs/gotify.subfolder.conf.sample  |  26 ++
 .../proxy-confs/grafana.subdomain.conf.sample |  42 ++
 .../proxy-confs/grafana.subfolder.conf.sample |  30 ++
 .../proxy-confs/graylog.subdomain.conf.sample |  42 ++
 .../proxy-confs/grocy.subdomain.conf.sample   |  48 +++
 .../guacamole.subdomain.conf.sample           |  40 ++
 .../guacamole.subfolder.conf.sample           |  28 ++
 .../hass-configurator.subdomain.conf.sample   |  40 ++
 .../headphones.subdomain.conf.sample          |  39 ++
 .../headphones.subfolder.conf.sample          |  22 +
 .../healthchecks.subdomain.conf.sample        |  39 ++
 .../hedgedoc.subdomain.conf.sample            |  42 ++
 .../heimdall.subdomain.conf.sample            |  39 ++
 .../heimdall.subfolder.conf.sample            |  22 +
 .../homeassistant.subdomain.conf.sample       |  57 +++
 .../homebridge.subdomain.conf.sample          |  39 ++
 .../proxy-confs/homer.subdomain.conf.sample   |  38 ++
 .../proxy-confs/huginn.subdomain.conf.sample  |  39 ++
 .../influxdb.subdomain.conf.sample            |  39 ++
 .../proxy-confs/jackett.subdomain.conf.sample |  59 +++
 .../proxy-confs/jackett.subfolder.conf.sample |  42 ++
 .../jdownloader.subdomain.conf.sample         |  47 +++
 .../jellyfin.subdomain.conf.sample            |  40 ++
 .../jellyfin.subfolder.conf.sample            |  23 ++
 .../jellyseerr.subdomain.conf.sample          |  39 ++
 .../proxy-confs/jenkins.subfolder.conf.sample |  34 ++
 .../proxy-confs/kanzi.subdomain.conf.sample   |  39 ++
 .../proxy-confs/kanzi.subfolder.conf.sample   |  27 ++
 .../proxy-confs/kavita.subdomain.conf.sample  |  40 ++
 .../proxy-confs/komga.subdomain.conf.sample   |  49 +++
 .../proxy-confs/komga.subfolder.conf.sample   |  35 ++
 .../lazylibrarian.subdomain.conf.sample       |  39 ++
 .../lazylibrarian.subfolder.conf.sample       |  22 +
 .../librespeed.subdomain.conf.sample          |  39 ++
 .../proxy-confs/lidarr.subdomain.conf.sample  |  49 +++
 .../proxy-confs/lidarr.subfolder.conf.sample  |  32 ++
 .../proxy-confs/lldap.subdomain.conf.sample   |  40 ++
 .../proxy-confs/lychee.subdomain.conf.sample  |  39 ++
 .../proxy-confs/lychee.subfolder.conf.sample  |  27 ++
 .../proxy-confs/mailu.subdomain.conf.sample   |  39 ++
 .../proxy-confs/mailu.subfolder.conf.sample   |  53 +++
 .../mastodon.subdomain.conf.sample            |  43 ++
 .../proxy-confs/matomo.subdomain.conf.sample  |  39 ++
 .../proxy-confs/matrix.anonymousland.org.conf |  43 ++
 .../matrix.anonymousland.org.confy            |  42 ++
 .../mattermost.subdomain.conf.sample          |  40 ++
 .../proxy-confs/mealie.subdomain.conf.sample  |  39 ++
 .../proxy-confs/medusa.subdomain.conf.sample  |  39 ++
 .../proxy-confs/medusa.subfolder.conf.sample  |  22 +
 .../proxy-confs/metube.subdomain.conf.sample  |  39 ++
 .../proxy-confs/metube.subfolder.conf.sample  |  22 +
 .../miniflux.subdomain.conf.sample            |  39 ++
 .../miniflux.subfolder.conf.sample            |  26 ++
 .../proxy-confs/monica.subdomain.conf.sample  |  38 ++
 .../proxy-confs/monica.subfolder.conf.sample  |  26 ++
 .../monitorr.subdomain.conf.sample            |  39 ++
 .../monitorr.subfolder.conf.sample            |  26 ++
 .../proxy-confs/mstream.subdomain.conf.sample |  39 ++
 .../proxy-confs/mylar.subdomain.conf.sample   |  39 ++
 .../proxy-confs/mylar.subfolder.conf.sample   |  22 +
 .../mytinytodo.subfolder.conf.sample          |  27 ++
 .../proxy-confs/n8n.subdomain.conf.sample     |  40 ++
 .../navidrome.subdomain.conf.sample           |  39 ++
 .../proxy-confs/netboot.subdomain.conf.sample |  39 ++
 .../proxy-confs/netdata.subdomain.conf.sample |  39 ++
 .../proxy-confs/netdata.subfolder.conf.sample |  27 ++
 .../nextcloud.subdomain.conf.sample           |  37 ++
 .../nextcloud.subfolder.conf.sample           |  40 ++
 .../proxy-confs/ntfy.subdomain.conf.sample    |  41 ++
 .../proxy-confs/nzbget.subdomain.conf.sample  |  69 ++++
 .../proxy-confs/nzbget.subfolder.conf.sample  |  52 +++
 .../nzbhydra.subdomain.conf.sample            |  89 ++++
 .../nzbhydra.subfolder.conf.sample            |  72 ++++
 .../octoprint.subdomain.conf.sample           |  40 ++
 .../proxy-confs/ombi.subdomain.conf.sample    |  65 +++
 .../proxy-confs/ombi.subfolder.conf.sample    |  56 +++
 .../proxy-confs/openhab.subdomain.conf.sample |  38 ++
 .../openvpn-as.subdomain.conf.sample          |  59 +++
 .../openvscode-server.subdomain.conf.sample   | 114 +++++
 .../organizr-auth.subfolder.conf.sample       |  40 ++
 .../organizr.subdomain.conf.sample            |  43 ++
 .../organizr.subfolder.conf.sample            |  25 ++
 .../osticket.subdomain.conf.sample            |  39 ++
 .../overseerr.subdomain.conf.sample           |  39 ++
 .../papermerge.subdomain.conf.sample          |  39 ++
 .../proxy-confs/petio.subdomain.conf.sample   |  38 ++
 .../proxy-confs/petio.subfolder.conf.sample   |  26 ++
 .../proxy-confs/pgadmin.subdomain.conf.sample |  41 ++
 .../photoprism.subdomain.conf.sample          |  39 ++
 .../phpmyadmin.subdomain.conf.sample          |  39 ++
 .../phpmyadmin.subfolder.conf.sample          |  27 ++
 .../proxy-confs/picard.subfolder.conf.sample  |  27 ++
 .../proxy-confs/pihole.subdomain.conf.sample  |  61 +++
 .../proxy-confs/pihole.subfolder.conf.sample  |  54 +++
 .../proxy-confs/pinry.subdomain.conf.sample   |  39 ++
 .../proxy-confs/piwigo.subdomain.conf.sample  |  39 ++
 .../pixelfed.subdomain.conf.sample            |  38 ++
 .../proxy-confs/plex.subdomain.conf.sample    |  56 +++
 .../proxy-confs/plex.subfolder.conf.sample    |  50 +++
 .../plexwebtools.subdomain.conf.sample        |  39 ++
 .../plexwebtools.subfolder.conf.sample        |  26 ++
 .../proxy-confs/podgrab.subdomain.conf.sample |  39 ++
 .../portainer.subdomain.conf.sample           |  61 +++
 .../portainer.subfolder.conf.sample           |  40 ++
 .../privatebin.subdomain.conf.sample          |  39 ++
 .../prometheus.subdomain.conf.sample          |  39 ++
 .../prowlarr.subdomain.conf.sample            |  47 +++
 .../prowlarr.subfolder.conf.sample            |  32 ++
 .../proxy-confs/pwndrop.subdomain.conf.sample |  39 ++
 .../pydio-cells.subdomain.conf.sample         |  60 +++
 .../proxy-confs/pydio.subdomain.conf.sample   |  39 ++
 .../proxy-confs/pyload.subdomain.conf.sample  |  39 ++
 .../proxy-confs/pyload.subfolder.conf.sample  |  23 ++
 .../qbittorrent.subdomain.conf.sample         | 132 ++++++
 .../qbittorrent.subfolder.conf.sample         | 121 ++++++
 .../quassel-web.subdomain.conf.sample         |  40 ++
 .../quassel-web.subfolder.conf.sample         |  23 ++
 .../proxy-confs/radarr.subdomain.conf.sample  |  49 +++
 .../proxy-confs/radarr.subfolder.conf.sample  |  32 ++
 .../proxy-confs/raneto.subdomain.conf.sample  |  38 ++
 .../proxy-confs/rclone.subfolder.conf.sample  |  38 ++
 .../proxy-confs/readarr.subdomain.conf.sample |  49 +++
 .../proxy-confs/readarr.subfolder.conf.sample |  32 ++
 .../proxy-confs/recipes.subdomain.conf.sample |  48 +++
 .../requestrr.subdomain.conf.sample           |  39 ++
 .../resilio-sync.subdomain.conf.sample        |  39 ++
 .../rutorrent.subdomain.conf.sample           |  63 +++
 .../rutorrent.subfolder.conf.sample           |  52 +++
 .../proxy-confs/sabnzbd.subdomain.conf.sample |  51 +++
 .../proxy-confs/sabnzbd.subfolder.conf.sample |  32 ++
 .../proxy-confs/scope.subfolder.conf.sample   |  27 ++
 .../scrutiny.subdomain.conf.sample            |  39 ++
 .../proxy-confs/shinobi.subdomain.conf.sample |  39 ++
 .../proxy-confs/shinobi.subfolder.conf.sample |  27 ++
 .../sickchill.subdomain.conf.sample           |  39 ++
 .../sickchill.subfolder.conf.sample           |  22 +
 .../sickrage.subdomain.conf.sample            |  39 ++
 .../sickrage.subfolder.conf.sample            |  22 +
 .../proxy-confs/skyhook.subdomain.conf.sample |  39 ++
 .../proxy-confs/slskd.subdomain.conf.sample   |  22 +
 .../smokeping.subdomain.conf.sample           |  39 ++
 .../smokeping.subfolder.conf.sample           |  22 +
 .../proxy-confs/sonarr.subdomain.conf.sample  |  49 +++
 .../proxy-confs/sonarr.subfolder.conf.sample  |  32 ++
 .../statping.subdomain.conf.sample            |  41 ++
 .../proxy-confs/synapse.subdomain.conf.sample |  41 ++
 .../synclounge.subdomain.conf.sample          |  50 +++
 .../synclounge.subfolder.conf.sample          |  54 +++
 .../syncthing.subdomain.conf.sample           |  39 ++
 .../syncthing.subfolder.conf.sample           |  27 ++
 .../proxy-confs/taisun.subdomain.conf.sample  |  40 ++
 .../tasmobackup.subdomain.conf.sample         |  39 ++
 .../tautulli.subdomain.conf.sample            |  69 ++++
 .../tautulli.subfolder.conf.sample            |  52 +++
 .../proxy-confs/tdarr.subdomain.conf.sample   |  39 ++
 .../thelounge.subdomain.conf.sample           |  39 ++
 .../thelounge.subfolder.conf.sample           |  27 ++
 .../themepark.subdomain.conf.sample           |  45 ++
 .../themepark.subfolder.conf.sample           |  35 ++
 .../transmission.subdomain.conf.sample        |  60 +++
 .../transmission.subfolder.conf.sample        |  43 ++
 .../tvheadend.subfolder.conf.sample           |  38 ++
 .../ubooquity.subdomain.conf.sample           |  69 ++++
 .../ubooquity.subfolder.conf.sample           |  32 ++
 .../unifi-controller.subdomain.conf.sample    |  42 ++
 .../uptime-kuma.subdomain.conf.sample         |  39 ++
 .../vaultwarden.subdomain.conf.sample         |  81 ++++
 .../vaultwarden.subfolder.conf.sample         |  67 +++
 .../viewtube.subdomain.conf.sample            |  41 ++
 .../wallabag.subdomain.conf.sample            |  41 ++
 .../warpgate.subdomain.conf.sample            |  41 ++
 .../proxy-confs/webtop.subdomain.conf.sample  |  41 ++
 .../wordpress.subfolder.conf.sample           |  23 ++
 .../proxy-confs/yacht.subdomain.conf.sample   |  39 ++
 .../youtube-dl-server.subdomain.conf.sample   |  39 ++
 .../youtube-dl.subfolder.conf.sample          |  30 ++
 .../zigbee2mqtt.subdomain.conf.sample         |  40 ++
 .../proxy-confs/znc.subdomain.conf.sample     |  39 ++
 .../proxy-confs/znc.subfolder.conf.sample     |  22 +
 .../zwavejs2mqtt.subdomain.conf.sample        |  39 ++
 njallavps/swag/nginx/proxy.conf               |  31 ++
 njallavps/swag/nginx/proxy.conf.sample        |  35 ++
 njallavps/swag/nginx/registry-ssl.conf        |  62 +++
 njallavps/swag/nginx/resolver.conf            |   3 +
 njallavps/swag/nginx/site-confs/cinny.conf    |  19 +
 njallavps/swag/nginx/site-confs/default.conf  |  62 +++
 .../swag/nginx/site-confs/default.conf.sample |  62 +++
 njallavps/swag/nginx/site-confs/drone.conf    |  17 +
 .../site-confs/element.anonymousland.org.conf |  37 ++
 njallavps/swag/nginx/site-confs/git.conf      |  20 +
 njallavps/swag/nginx/site-confs/hydrogen.conf |  21 +
 njallavps/swag/nginx/site-confs/lemmy.conf    |  40 ++
 njallavps/swag/nginx/site-confs/mastodon.conf |  18 +
 njallavps/swag/nginx/site-confs/ots.conf      |  20 +
 njallavps/swag/nginx/site-confs/paste.conf    |  26 ++
 njallavps/swag/nginx/site-confs/schild.conf   |  26 ++
 njallavps/swag/nginx/site-confs/site.conf     |  33 ++
 njallavps/swag/nginx/site-confs/status.conf   |  17 +
 .../swag/nginx/site-confs/tor-element.conf    |  21 +
 njallavps/swag/nginx/ssl.conf                 |  59 +++
 njallavps/swag/nginx/ssl.conf.sample          |  39 ++
 njallavps/swag/nginx/status.anonymousland.org |  29 ++
 njallavps/swag/nginx/worker_processes.conf    |   3 +
 njallavps/swag/php/php-local.ini              |   3 +
 njallavps/swag/php/www2.conf                  |   5 +
 njallavps/swag/well-known/matrix/client       |   5 +
 njallavps/swag/well-known/matrix/server       |   1 +
 njallavps/swag/well-known/matrix/support      |  13 +
 538 files changed, 20972 insertions(+)
 rename {nginx => 1984vps/nginx}/Synapse/proxy.conf (100%)
 rename {nginx => 1984vps/nginx}/Synapse/site-confs/default.conf (100%)
 rename {nginx => 1984vps/nginx}/Synapse/site-confs/dimension.conf (100%)
 rename {nginx => 1984vps/nginx}/Synapse/site-confs/matrix.anonymousland.org.conf (100%)
 rename {nginx => 1984vps/nginx}/Synapse/site-confs/maubot.conf (100%)
 rename {nginx => 1984vps/nginx}/Synapse/site-confs/tor.conf (100%)
 rename {nginx => 1984vps/nginx}/Synapse/ssl.conf (100%)
 rename {scripts => 1984vps/scripts}/synapse/blockstatus.sh (100%)
 rename {scripts => 1984vps/scripts}/synapse/delete_empty_rooms.py (100%)
 rename {scripts => 1984vps/scripts}/synapse/getrooms.sh (100%)
 rename {scripts => 1984vps/scripts}/synapse/populate.sh (100%)
 rename {scripts => 1984vps/scripts}/synapse/removemedia.sh (100%)
 create mode 100644 njallavps/swag/.donoteditthisfile.conf
 create mode 100644 njallavps/swag/.migrations
 create mode 100644 njallavps/swag/crontabs/root
 create mode 100644 njallavps/swag/dns-conf/acmedns-registration.json
 create mode 100644 njallavps/swag/dns-conf/acmedns.ini
 create mode 100644 njallavps/swag/dns-conf/aliyun.ini
 create mode 100644 njallavps/swag/dns-conf/azure.ini
 create mode 100644 njallavps/swag/dns-conf/cloudflare.ini
 create mode 100644 njallavps/swag/dns-conf/cloudxns.ini
 create mode 100644 njallavps/swag/dns-conf/cpanel.ini
 create mode 100644 njallavps/swag/dns-conf/desec.ini
 create mode 100644 njallavps/swag/dns-conf/digitalocean.ini
 create mode 100644 njallavps/swag/dns-conf/directadmin.ini
 create mode 100644 njallavps/swag/dns-conf/dnsimple.ini
 create mode 100644 njallavps/swag/dns-conf/dnsmadeeasy.ini
 create mode 100644 njallavps/swag/dns-conf/dnspod.ini
 create mode 100644 njallavps/swag/dns-conf/do.ini
 create mode 100644 njallavps/swag/dns-conf/domeneshop.ini
 create mode 100644 njallavps/swag/dns-conf/duckdns.ini
 create mode 100644 njallavps/swag/dns-conf/dynu.ini
 create mode 100644 njallavps/swag/dns-conf/gandi.ini
 create mode 100644 njallavps/swag/dns-conf/gehirn.ini
 create mode 100644 njallavps/swag/dns-conf/godaddy.ini
 create mode 100644 njallavps/swag/dns-conf/google.json
 create mode 100644 njallavps/swag/dns-conf/he.ini
 create mode 100644 njallavps/swag/dns-conf/hetzner.ini
 create mode 100644 njallavps/swag/dns-conf/infomaniak.ini
 create mode 100644 njallavps/swag/dns-conf/inwx.ini
 create mode 100644 njallavps/swag/dns-conf/ionos.ini
 create mode 100644 njallavps/swag/dns-conf/linode.ini
 create mode 100644 njallavps/swag/dns-conf/loopia.ini
 create mode 100644 njallavps/swag/dns-conf/luadns.ini
 create mode 100644 njallavps/swag/dns-conf/netcup.ini
 create mode 100644 njallavps/swag/dns-conf/njalla.ini
 create mode 100644 njallavps/swag/dns-conf/nsone.ini
 create mode 100644 njallavps/swag/dns-conf/ovh.ini
 create mode 100644 njallavps/swag/dns-conf/porkbun.ini
 create mode 100644 njallavps/swag/dns-conf/rfc2136.ini
 create mode 100644 njallavps/swag/dns-conf/route53.ini
 create mode 100644 njallavps/swag/dns-conf/sakuracloud.ini
 create mode 100644 njallavps/swag/dns-conf/standalone.ini
 create mode 100644 njallavps/swag/dns-conf/transip.ini
 create mode 100644 njallavps/swag/dns-conf/vultr.ini
 create mode 100644 njallavps/swag/etc/letsencrypt/note.txt
 create mode 100644 njallavps/swag/fail2ban/action.d/abuseipdb.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/apf.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/apprise.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/badips.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/badips.py
 create mode 100644 njallavps/swag/fail2ban/action.d/blocklist_de.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/bsd-ipfw.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/cloudflare-token.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/cloudflare.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/complain.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/dshield.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/dummy.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/firewallcmd-allports.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/firewallcmd-common.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/firewallcmd-ipset.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/firewallcmd-multiport.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/firewallcmd-new.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/firewallcmd-rich-logging.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/firewallcmd-rich-rules.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/helpers-common.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/hostsdeny.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/ipfilter.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/ipfw.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/iptables-allports.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/iptables-common.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/iptables-ipset-proto4.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/iptables-ipset-proto6-allports.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/iptables-ipset-proto6.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/iptables-ipset.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/iptables-multiport-log.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/iptables-multiport.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/iptables-new.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/iptables-xt_recent-echo.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/iptables.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/ipthreat.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/mail-buffered.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/mail-whois-common.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/mail-whois-lines.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/mail-whois.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/mail.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/mynetwatchman.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/netscaler.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/nftables-allports.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/nftables-multiport.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/nftables.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/nginx-block-map.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/npf.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/nsupdate.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/osx-afctl.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/osx-ipfw.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/pf.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/route.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/sendmail-buffered.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/sendmail-common.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/sendmail-geoip-lines.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/sendmail-whois-ipjailmatches.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/sendmail-whois-ipmatches.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/sendmail-whois-lines.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/sendmail-whois-matches.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/sendmail-whois.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/sendmail.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/shorewall-ipset-proto6.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/shorewall.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/smtp.py
 create mode 100644 njallavps/swag/fail2ban/action.d/symbiosis-blacklist-allports.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/ufw.conf
 create mode 100644 njallavps/swag/fail2ban/action.d/xarf-login-attack.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/3proxy.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/alpine-sshd-ddos.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/alpine-sshd.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/apache-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/apache-badbots.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/apache-botsearch.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/apache-common.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/apache-fakegooglebot.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/apache-modsecurity.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/apache-nohome.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/apache-noscript.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/apache-overflows.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/apache-pass.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/apache-shellshock.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/assp.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/asterisk.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/bitwarden.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/botsearch-common.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/centreon.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/common.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/counter-strike.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/courier-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/courier-smtp.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/cyrus-imap.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/directadmin.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/domino-smtp.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/dovecot.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/dropbear.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/drupal-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/ejabberd-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/exim-common.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/exim-spam.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/exim.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/freeswitch.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/froxlor-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/gitea.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/gitlab.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/grafana.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/groupoffice.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/gssftpd.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/guacamole.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/haproxy-http-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/horde.conf
 create mode 100755 njallavps/swag/fail2ban/filter.d/ignorecommands/apache-fakegooglebot
 create mode 100644 njallavps/swag/fail2ban/filter.d/kerio.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/lighttpd-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/mongodb-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/monit.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/monitorix.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/mssql-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/murmur.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/mysqld-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/nagios.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/named-refused.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/nginx-bad-request.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/nginx-badbots.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/nginx-botsearch.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/nginx-deny.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/nginx-http-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/nginx-limit-req.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/nginx-unauthorized.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/nsd.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/openhab.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/openwebmail.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/oracleims.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/pam-generic.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/perdition.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/php-url-fopen.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/phpmyadmin-syslog.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/portsentry.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/postfix.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/proftpd.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/pure-ftpd.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/qmail.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/recidive.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/roundcube-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/scanlogd.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/screensharingd.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/selinux-common.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/selinux-ssh.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/sendmail-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/sendmail-reject.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/sieve.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/slapd.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/softethervpn.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/sogo-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/solid-pop3d.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/squid.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/squirrelmail.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/sshd.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/stunnel.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/suhosin.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/tine20.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/traefik-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/uwimap-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/vsftpd.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/webmin-auth.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/wuftpd.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/xinetd-fail.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/znc-adminlog.conf
 create mode 100644 njallavps/swag/fail2ban/filter.d/zoneminder.conf
 create mode 100644 njallavps/swag/fail2ban/jail.local
 create mode 100644 njallavps/swag/nginx/authelia-location.conf
 create mode 100644 njallavps/swag/nginx/authelia-location.conf.sample
 create mode 100644 njallavps/swag/nginx/authelia-server.conf
 create mode 100644 njallavps/swag/nginx/authelia-server.conf.sample
 create mode 100644 njallavps/swag/nginx/default
 create mode 100644 njallavps/swag/nginx/dhparams.pem
 create mode 100644 njallavps/swag/nginx/elementssl.conf
 create mode 100644 njallavps/swag/nginx/gitssl.conf
 create mode 100644 njallavps/swag/nginx/ldap-location.conf
 create mode 100644 njallavps/swag/nginx/ldap-location.conf.sample
 create mode 100644 njallavps/swag/nginx/ldap-server.conf
 create mode 100644 njallavps/swag/nginx/ldap-server.conf.sample
 create mode 100644 njallavps/swag/nginx/ldap.conf
 create mode 100644 njallavps/swag/nginx/nginx.conf
 create mode 100644 njallavps/swag/nginx/nginx.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/.editorconfig
 create mode 100644 njallavps/swag/nginx/proxy-confs/README.md
 create mode 100644 njallavps/swag/nginx/proxy-confs/_template.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/_template.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/adguard.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/adminer.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/adminmongo.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/airsonic.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/airsonic.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/apprise-api.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/archisteamfarm.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/aria2-with-webui.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/audiobookshelf.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/audiobookshelf.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/authelia.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/babybuddy.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/bazarr.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/bazarr.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/beets.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/beets.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/bitwarden.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/bitwarden.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/boinc.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/boinc.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/booksonic.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/booksonic.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/bookstack.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/budge.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/calibre-web.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/calibre-web.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/calibre.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/calibre.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/castopod.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/changedetection.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/chevereto.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/chronograf.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/chronograf.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/cloudbeaver.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/code-server.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/codimd.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/collabora.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/commento.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/couchpotato.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/couchpotato.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/crontabui.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/crowdsec-dashboard.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/crowdsec.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/dashy.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/deluge.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/deluge.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/dillinger.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/documentserver.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/dokuwiki.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/dokuwiki.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/domoticz.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/domoticz.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/dozzle.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/dozzle.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/drone.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/duplicati.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/duplicati.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/element.anonymousland.org.conf
 create mode 100644 njallavps/swag/nginx/proxy-confs/emby.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/emby.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/embystat.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/emulatorjs.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/filebot.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/filebot.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/filebrowser.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/filebrowser.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/firefly.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/firefox.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/flexget.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/flexget.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/flood.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/flood.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/foldingathome.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/foundryvtt.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/freshrss.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/freshrss.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/gaps.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/gaps.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/get_iplayer.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/ghost.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/ghost.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/gitea.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/gitea.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/glances.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/glances.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/gotify.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/gotify.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/grafana.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/grafana.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/graylog.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/grocy.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/guacamole.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/guacamole.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/hass-configurator.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/headphones.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/headphones.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/healthchecks.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/hedgedoc.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/heimdall.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/heimdall.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/homeassistant.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/homebridge.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/homer.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/huginn.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/influxdb.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/jackett.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/jackett.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/jdownloader.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/jellyfin.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/jellyfin.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/jellyseerr.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/jenkins.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/kanzi.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/kanzi.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/kavita.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/komga.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/komga.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/lazylibrarian.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/lazylibrarian.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/librespeed.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/lidarr.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/lidarr.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/lldap.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/lychee.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/lychee.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/mailu.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/mailu.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/mastodon.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/matomo.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/matrix.anonymousland.org.conf
 create mode 100644 njallavps/swag/nginx/proxy-confs/matrix.anonymousland.org.confy
 create mode 100644 njallavps/swag/nginx/proxy-confs/mattermost.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/mealie.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/medusa.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/medusa.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/metube.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/metube.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/miniflux.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/miniflux.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/monica.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/monica.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/monitorr.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/monitorr.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/mstream.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/mylar.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/mylar.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/mytinytodo.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/n8n.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/navidrome.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/netboot.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/netdata.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/netdata.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/nextcloud.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/nextcloud.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/ntfy.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/nzbget.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/nzbget.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/nzbhydra.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/nzbhydra.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/octoprint.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/ombi.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/ombi.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/openhab.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/openvpn-as.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/openvscode-server.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/organizr-auth.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/organizr.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/organizr.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/osticket.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/overseerr.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/papermerge.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/petio.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/petio.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/pgadmin.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/photoprism.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/phpmyadmin.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/phpmyadmin.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/picard.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/pihole.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/pihole.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/pinry.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/piwigo.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/pixelfed.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/plex.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/plex.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/plexwebtools.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/plexwebtools.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/podgrab.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/portainer.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/portainer.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/privatebin.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/prometheus.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/prowlarr.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/prowlarr.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/pwndrop.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/pydio-cells.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/pydio.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/pyload.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/pyload.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/qbittorrent.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/qbittorrent.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/quassel-web.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/quassel-web.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/radarr.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/radarr.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/raneto.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/rclone.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/readarr.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/readarr.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/recipes.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/requestrr.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/resilio-sync.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/rutorrent.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/rutorrent.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/sabnzbd.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/sabnzbd.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/scope.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/scrutiny.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/shinobi.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/shinobi.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/sickchill.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/sickchill.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/sickrage.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/sickrage.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/skyhook.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/slskd.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/smokeping.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/smokeping.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/sonarr.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/sonarr.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/statping.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/synapse.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/synclounge.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/synclounge.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/syncthing.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/syncthing.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/taisun.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/tasmobackup.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/tautulli.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/tautulli.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/tdarr.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/thelounge.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/thelounge.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/themepark.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/themepark.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/transmission.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/transmission.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/tvheadend.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/ubooquity.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/ubooquity.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/unifi-controller.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/uptime-kuma.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/vaultwarden.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/vaultwarden.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/viewtube.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/wallabag.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/warpgate.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/webtop.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/wordpress.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/yacht.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/youtube-dl-server.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/youtube-dl.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/zigbee2mqtt.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/znc.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/znc.subfolder.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy-confs/zwavejs2mqtt.subdomain.conf.sample
 create mode 100644 njallavps/swag/nginx/proxy.conf
 create mode 100644 njallavps/swag/nginx/proxy.conf.sample
 create mode 100644 njallavps/swag/nginx/registry-ssl.conf
 create mode 100644 njallavps/swag/nginx/resolver.conf
 create mode 100644 njallavps/swag/nginx/site-confs/cinny.conf
 create mode 100644 njallavps/swag/nginx/site-confs/default.conf
 create mode 100644 njallavps/swag/nginx/site-confs/default.conf.sample
 create mode 100644 njallavps/swag/nginx/site-confs/drone.conf
 create mode 100644 njallavps/swag/nginx/site-confs/element.anonymousland.org.conf
 create mode 100644 njallavps/swag/nginx/site-confs/git.conf
 create mode 100644 njallavps/swag/nginx/site-confs/hydrogen.conf
 create mode 100644 njallavps/swag/nginx/site-confs/lemmy.conf
 create mode 100644 njallavps/swag/nginx/site-confs/mastodon.conf
 create mode 100644 njallavps/swag/nginx/site-confs/ots.conf
 create mode 100644 njallavps/swag/nginx/site-confs/paste.conf
 create mode 100644 njallavps/swag/nginx/site-confs/schild.conf
 create mode 100644 njallavps/swag/nginx/site-confs/site.conf
 create mode 100644 njallavps/swag/nginx/site-confs/status.conf
 create mode 100644 njallavps/swag/nginx/site-confs/tor-element.conf
 create mode 100644 njallavps/swag/nginx/ssl.conf
 create mode 100644 njallavps/swag/nginx/ssl.conf.sample
 create mode 100644 njallavps/swag/nginx/status.anonymousland.org
 create mode 100644 njallavps/swag/nginx/worker_processes.conf
 create mode 100644 njallavps/swag/php/php-local.ini
 create mode 100644 njallavps/swag/php/www2.conf
 create mode 100644 njallavps/swag/well-known/matrix/client
 create mode 100644 njallavps/swag/well-known/matrix/server
 create mode 100644 njallavps/swag/well-known/matrix/support

diff --git a/nginx/Synapse/proxy.conf b/1984vps/nginx/Synapse/proxy.conf
similarity index 100%
rename from nginx/Synapse/proxy.conf
rename to 1984vps/nginx/Synapse/proxy.conf
diff --git a/nginx/Synapse/site-confs/default.conf b/1984vps/nginx/Synapse/site-confs/default.conf
similarity index 100%
rename from nginx/Synapse/site-confs/default.conf
rename to 1984vps/nginx/Synapse/site-confs/default.conf
diff --git a/nginx/Synapse/site-confs/dimension.conf b/1984vps/nginx/Synapse/site-confs/dimension.conf
similarity index 100%
rename from nginx/Synapse/site-confs/dimension.conf
rename to 1984vps/nginx/Synapse/site-confs/dimension.conf
diff --git a/nginx/Synapse/site-confs/matrix.anonymousland.org.conf b/1984vps/nginx/Synapse/site-confs/matrix.anonymousland.org.conf
similarity index 100%
rename from nginx/Synapse/site-confs/matrix.anonymousland.org.conf
rename to 1984vps/nginx/Synapse/site-confs/matrix.anonymousland.org.conf
diff --git a/nginx/Synapse/site-confs/maubot.conf b/1984vps/nginx/Synapse/site-confs/maubot.conf
similarity index 100%
rename from nginx/Synapse/site-confs/maubot.conf
rename to 1984vps/nginx/Synapse/site-confs/maubot.conf
diff --git a/nginx/Synapse/site-confs/tor.conf b/1984vps/nginx/Synapse/site-confs/tor.conf
similarity index 100%
rename from nginx/Synapse/site-confs/tor.conf
rename to 1984vps/nginx/Synapse/site-confs/tor.conf
diff --git a/nginx/Synapse/ssl.conf b/1984vps/nginx/Synapse/ssl.conf
similarity index 100%
rename from nginx/Synapse/ssl.conf
rename to 1984vps/nginx/Synapse/ssl.conf
diff --git a/scripts/synapse/blockstatus.sh b/1984vps/scripts/synapse/blockstatus.sh
similarity index 100%
rename from scripts/synapse/blockstatus.sh
rename to 1984vps/scripts/synapse/blockstatus.sh
diff --git a/scripts/synapse/delete_empty_rooms.py b/1984vps/scripts/synapse/delete_empty_rooms.py
similarity index 100%
rename from scripts/synapse/delete_empty_rooms.py
rename to 1984vps/scripts/synapse/delete_empty_rooms.py
diff --git a/scripts/synapse/getrooms.sh b/1984vps/scripts/synapse/getrooms.sh
similarity index 100%
rename from scripts/synapse/getrooms.sh
rename to 1984vps/scripts/synapse/getrooms.sh
diff --git a/scripts/synapse/populate.sh b/1984vps/scripts/synapse/populate.sh
similarity index 100%
rename from scripts/synapse/populate.sh
rename to 1984vps/scripts/synapse/populate.sh
diff --git a/scripts/synapse/removemedia.sh b/1984vps/scripts/synapse/removemedia.sh
similarity index 100%
rename from scripts/synapse/removemedia.sh
rename to 1984vps/scripts/synapse/removemedia.sh
diff --git a/njallavps/swag/.donoteditthisfile.conf b/njallavps/swag/.donoteditthisfile.conf
new file mode 100644
index 0000000..30a44f6
--- /dev/null
+++ b/njallavps/swag/.donoteditthisfile.conf
@@ -0,0 +1 @@
+ORIGURL="anonymousland.org" ORIGSUBDOMAINS="element, forum, status, hydrogen, cinny, git, drone, site, schild, ots, www, paste, mastodon, lemmy" ORIGONLY_SUBDOMAINS="false" ORIGEXTRA_DOMAINS="" ORIGVALIDATION="http" ORIGDNSPLUGIN="" ORIGPROPAGATION="" ORIGSTAGING="" ORIGCERTPROVIDER="" ORIGEMAIL="admin@anonymousland.org"
diff --git a/njallavps/swag/.migrations b/njallavps/swag/.migrations
new file mode 100644
index 0000000..1e3c378
--- /dev/null
+++ b/njallavps/swag/.migrations
@@ -0,0 +1 @@
+01-nginx-site-confs-default
diff --git a/njallavps/swag/crontabs/root b/njallavps/swag/crontabs/root
new file mode 100644
index 0000000..c24fea0
--- /dev/null
+++ b/njallavps/swag/crontabs/root
@@ -0,0 +1,9 @@
+# do daily/weekly/monthly maintenance
+# min   hour    day     month   weekday command
+*/15    *       *       *       *       run-parts /etc/periodic/15min
+0       *       *       *       *       run-parts /etc/periodic/hourly
+0       2       *       *       *       run-parts /etc/periodic/daily
+0       3       *       *       6       run-parts /etc/periodic/weekly
+0       5       1       *       *       run-parts /etc/periodic/monthly
+# renew letsencrypt certs
+8       2       *       *       *       /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1
diff --git a/njallavps/swag/dns-conf/acmedns-registration.json b/njallavps/swag/dns-conf/acmedns-registration.json
new file mode 100644
index 0000000..997955d
--- /dev/null
+++ b/njallavps/swag/dns-conf/acmedns-registration.json
@@ -0,0 +1,9 @@
+{
+    "yourdomain.com": {
+      "username":"yourusername",
+      "password":"yourpassword",
+      "fulldomain":"<guid>.acme.yourdomain.com",
+      "subdomain":"<guid>",
+      "allowfrom":[]
+    }
+  }
diff --git a/njallavps/swag/dns-conf/acmedns.ini b/njallavps/swag/dns-conf/acmedns.ini
new file mode 100644
index 0000000..4523ffd
--- /dev/null
+++ b/njallavps/swag/dns-conf/acmedns.ini
@@ -0,0 +1,5 @@
+# See https://pypi.org/project/certbot-dns-acmedns/
+#     https://github.com/joohoi/acme-dns
+#     
+dns_acmedns_api_url = http://your-acme-dns-server.example.com/
+dns_acmedns_registration_file = /config/dns-conf/acmedns-registration.json
diff --git a/njallavps/swag/dns-conf/aliyun.ini b/njallavps/swag/dns-conf/aliyun.ini
new file mode 100644
index 0000000..f1121d4
--- /dev/null
+++ b/njallavps/swag/dns-conf/aliyun.ini
@@ -0,0 +1,6 @@
+# Obtain Aliyun RAM AccessKey
+# https://ram.console.aliyun.com/
+# And ensure your RAM account has AliyunDNSFullAccess permission.
+
+dns_aliyun_access_key = 12345678
+dns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef
diff --git a/njallavps/swag/dns-conf/azure.ini b/njallavps/swag/dns-conf/azure.ini
new file mode 100644
index 0000000..3edbfe7
--- /dev/null
+++ b/njallavps/swag/dns-conf/azure.ini
@@ -0,0 +1,26 @@
+# Instructions: https://certbot-dns-azure.readthedocs.io/en/latest/
+# Replace with your values
+# dns_azure_environment can be one of the following: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud
+# Service Principal with Client Secret
+dns_azure_sp_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5
+dns_azure_sp_client_secret = E-xqXU83Y-jzTI6xe9fs2YC~mck3ZzUih9
+dns_azure_tenant_id = ed1090f3-ab18-4b12-816c-599af8a88cf7
+dns_azure_environment = "AzurePublicCloud"
+dns_azure_zone1 = example.com:/subscriptions/c135abce-d87d-48df-936c-15596c6968a5/resourceGroups/dns1
+
+
+# Service Prinicipal with Certificate
+#dns_azure_sp_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5
+#dns_azure_sp_certificate_path = /path/to/certificate.pem
+#dns_azure_tenant_id = ed1090f3-ab18-4b12-816c-599af8a88cf7
+#dns_azure_environment = "AzurePublicCloud"
+#dns_azure_zone1 = example.com:/subscriptions/c135abce-d87d-48df-936c-15596c6968a5/resourceGroups/dns1
+
+# Azure Managed Identity
+#dns_azure_msi_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5
+#dns_azure_zone1 = example.com:/subscriptions/c135abce-d87d-48df-936c-15596c6968a5/resourceGroups/dns1
+
+# System Assigned Azure Managed Identity
+#dns_azure_msi_system_assigned = true
+#dns_azure_environment = "AzurePublicCloud"
+#dns_azure_zone1 = example.com:/subscriptions/c135abce-d87d-48df-936c-15596c6968a5/resourceGroups/dns1
diff --git a/njallavps/swag/dns-conf/cloudflare.ini b/njallavps/swag/dns-conf/cloudflare.ini
new file mode 100644
index 0000000..af7194b
--- /dev/null
+++ b/njallavps/swag/dns-conf/cloudflare.ini
@@ -0,0 +1,9 @@
+# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-cloudflare/certbot_dns_cloudflare/__init__.py#L20
+# Replace with your values
+
+# With global api key:
+dns_cloudflare_email = cloudflare@example.com
+dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234567
+
+# With token (comment out both lines above and uncomment below):
+#dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567
diff --git a/njallavps/swag/dns-conf/cloudxns.ini b/njallavps/swag/dns-conf/cloudxns.ini
new file mode 100644
index 0000000..a86f7d7
--- /dev/null
+++ b/njallavps/swag/dns-conf/cloudxns.ini
@@ -0,0 +1,4 @@
+# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-cloudxns/certbot_dns_cloudxns/__init__.py#L20
+# Replace with your values
+dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef
+dns_cloudxns_secret_key = 1122334455667788
diff --git a/njallavps/swag/dns-conf/cpanel.ini b/njallavps/swag/dns-conf/cpanel.ini
new file mode 100644
index 0000000..d6f600e
--- /dev/null
+++ b/njallavps/swag/dns-conf/cpanel.ini
@@ -0,0 +1,6 @@
+# Instructions: https://github.com/badjware/certbot-dns-cpanel#credentials
+# Replace with your values
+# include the scheme and the port number (usually 2083 for https)
+cpanel_url = https://cpanel.example.com:2083
+cpanel_username = username
+cpanel_password = 1234567890abcdef
diff --git a/njallavps/swag/dns-conf/desec.ini b/njallavps/swag/dns-conf/desec.ini
new file mode 100644
index 0000000..4ac7a66
--- /dev/null
+++ b/njallavps/swag/dns-conf/desec.ini
@@ -0,0 +1,4 @@
+# Instructions: https://pypi.org/project/certbot-dns-desec/
+# Replace with your Desec V1 API Token
+dns_desec_token=YOUR_TOKEN_HERE
+dns_desec_endpoint=https://desec.io/api/v1/
\ No newline at end of file
diff --git a/njallavps/swag/dns-conf/digitalocean.ini b/njallavps/swag/dns-conf/digitalocean.ini
new file mode 100644
index 0000000..eff7677
--- /dev/null
+++ b/njallavps/swag/dns-conf/digitalocean.ini
@@ -0,0 +1,3 @@
+# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-digitalocean/certbot_dns_digitalocean/__init__.py#L21
+# Replace with your value
+dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff
diff --git a/njallavps/swag/dns-conf/directadmin.ini b/njallavps/swag/dns-conf/directadmin.ini
new file mode 100644
index 0000000..1561c06
--- /dev/null
+++ b/njallavps/swag/dns-conf/directadmin.ini
@@ -0,0 +1,21 @@
+# Instructions: https://github.com/cybercinch/certbot-dns-directadmin/blob/master/certbot_dns_directadmin/__init__.py
+
+# It is recommended to create a login key in the DirectAdmin control panel to be used as value for directadmin_password.
+# Instructions on how to create such key can be found at https://help.directadmin.com/item.php?id=523.
+#
+# Make sure to grant the following permissions:
+# - CMD_API_LOGIN_TEST
+# - CMD_API_DNS_CONTROL
+# - CMD_API_SHOW_DOMAINS
+#
+# Username and password can also be used in case your DirectAdmin instance has no support for login keys.
+
+# The DirectAdmin Server url
+# include the scheme and the port number (Normally 2222)
+dns_directadmin_url = https://my.directadminserver.com:2222
+
+# The DirectAdmin username
+dns_directadmin_username = username
+
+# The DirectAdmin password
+dns_directadmin_password = aSuperStrongPassword
diff --git a/njallavps/swag/dns-conf/dnsimple.ini b/njallavps/swag/dns-conf/dnsimple.ini
new file mode 100644
index 0000000..8eedb63
--- /dev/null
+++ b/njallavps/swag/dns-conf/dnsimple.ini
@@ -0,0 +1,3 @@
+# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-dnsimple/certbot_dns_dnsimple/__init__.py#L20
+# Replace with your value
+dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
diff --git a/njallavps/swag/dns-conf/dnsmadeeasy.ini b/njallavps/swag/dns-conf/dnsmadeeasy.ini
new file mode 100644
index 0000000..942c403
--- /dev/null
+++ b/njallavps/swag/dns-conf/dnsmadeeasy.ini
@@ -0,0 +1,4 @@
+# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-dnsmadeeasy/certbot_dns_dnsmadeeasy/__init__.py#L20
+# Replace with your values
+dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a
+dns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55
diff --git a/njallavps/swag/dns-conf/dnspod.ini b/njallavps/swag/dns-conf/dnspod.ini
new file mode 100644
index 0000000..e5a4630
--- /dev/null
+++ b/njallavps/swag/dns-conf/dnspod.ini
@@ -0,0 +1,5 @@
+# Instructions: https://github.com/SkyLothar/certbot-dns-dnspod#create-a-credentials-file
+# Obtain your own DNSPod API token at DNSPod console: https://console.dnspod.cn/account/token/token
+# Replace with your own email, id and token
+dns_dnspod_email = "me@example.com"
+dns_dnspod_api_token = "12345,1234567890abcdef1234567890abcdef"
diff --git a/njallavps/swag/dns-conf/do.ini b/njallavps/swag/dns-conf/do.ini
new file mode 100644
index 0000000..4a170b5
--- /dev/null
+++ b/njallavps/swag/dns-conf/do.ini
@@ -0,0 +1,3 @@
+# Instructions: https://github.com/georgeto/certbot-dns-do/blob/master/certbot_dns_do/__init__.py#L32
+# Replace with your values
+dns_do_api_token = YOUR_DO_LETSENCRYPT_API_KEY
diff --git a/njallavps/swag/dns-conf/domeneshop.ini b/njallavps/swag/dns-conf/domeneshop.ini
new file mode 100644
index 0000000..0bd1d0d
--- /dev/null
+++ b/njallavps/swag/dns-conf/domeneshop.ini
@@ -0,0 +1,4 @@
+# Instructions: https://github.com/domeneshop/certbot-dns-domeneshop#credentials
+# Replace with your values
+dns_domeneshop_client_token=1234567890abcdef
+dns_domeneshop_client_secret=1234567890abcdefghijklmnopqrstuvxyz1234567890abcdefghijklmnopqrs
diff --git a/njallavps/swag/dns-conf/duckdns.ini b/njallavps/swag/dns-conf/duckdns.ini
new file mode 100644
index 0000000..f0f1508
--- /dev/null
+++ b/njallavps/swag/dns-conf/duckdns.ini
@@ -0,0 +1,3 @@
+# Instructions: https://github.com/infinityofspace/certbot_dns_duckdns#credentials-file-or-cli-parameters
+# Replace with your API token from your duckdns account.
+dns_duckdns_token=<your-duckdns-token>
diff --git a/njallavps/swag/dns-conf/dynu.ini b/njallavps/swag/dns-conf/dynu.ini
new file mode 100644
index 0000000..9bcd4b8
--- /dev/null
+++ b/njallavps/swag/dns-conf/dynu.ini
@@ -0,0 +1,3 @@
+# Instructions: https://github.com/bikram990/certbot-dns-dynu#configuration
+# Replace with your API token from your dynu account.
+dns_dynu_auth_token = AbCbASsd!@34
\ No newline at end of file
diff --git a/njallavps/swag/dns-conf/gandi.ini b/njallavps/swag/dns-conf/gandi.ini
new file mode 100644
index 0000000..ba43a2b
--- /dev/null
+++ b/njallavps/swag/dns-conf/gandi.ini
@@ -0,0 +1,3 @@
+# Instructions: https://github.com/obynio/certbot-plugin-gandi#usage
+# Replace with your value
+dns_gandi_api_key=APIKEY
diff --git a/njallavps/swag/dns-conf/gehirn.ini b/njallavps/swag/dns-conf/gehirn.ini
new file mode 100644
index 0000000..e1ac409
--- /dev/null
+++ b/njallavps/swag/dns-conf/gehirn.ini
@@ -0,0 +1,4 @@
+# Instructions: https://certbot-dns-gehirn.readthedocs.io/en/stable/
+# Replace with your values
+dns_gehirn_api_token  = 00000000-0000-0000-0000-000000000000
+dns_gehirn_api_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
diff --git a/njallavps/swag/dns-conf/godaddy.ini b/njallavps/swag/dns-conf/godaddy.ini
new file mode 100644
index 0000000..c1b37eb
--- /dev/null
+++ b/njallavps/swag/dns-conf/godaddy.ini
@@ -0,0 +1,4 @@
+# Instructions: https://github.com/miigotu/certbot-dns-godaddy
+# Replace with your values
+dns_godaddy_secret      = 0123456789abcdef0123456789abcdef01234567
+dns_godaddy_key = abcdef0123456789abcdef01234567abcdef0123
diff --git a/njallavps/swag/dns-conf/google.json b/njallavps/swag/dns-conf/google.json
new file mode 100644
index 0000000..67f0050
--- /dev/null
+++ b/njallavps/swag/dns-conf/google.json
@@ -0,0 +1,6 @@
+{
+  "instructions": "https://github.com/certbot/certbot/blob/master/certbot-dns-google/certbot_dns_google/__init__.py",
+  "_comment": "Replace with your values",
+  "type": "service_account",
+  "rest": "..."
+}
diff --git a/njallavps/swag/dns-conf/he.ini b/njallavps/swag/dns-conf/he.ini
new file mode 100644
index 0000000..b3898d8
--- /dev/null
+++ b/njallavps/swag/dns-conf/he.ini
@@ -0,0 +1,4 @@
+# Instructions: https://github.com/TSaaristo/certbot-dns-he#example-usage
+# Replace with your values
+dns_he_user = Me
+dns_he_pass = my HE password
diff --git a/njallavps/swag/dns-conf/hetzner.ini b/njallavps/swag/dns-conf/hetzner.ini
new file mode 100644
index 0000000..23be699
--- /dev/null
+++ b/njallavps/swag/dns-conf/hetzner.ini
@@ -0,0 +1,3 @@
+# Instructions: https://github.com/ctrlaltcoop/certbot-dns-hetzner
+# Replace with your values
+dns_hetzner_api_token = nohnah4zoo9Kiejee9aGh0thoopee2sa
diff --git a/njallavps/swag/dns-conf/infomaniak.ini b/njallavps/swag/dns-conf/infomaniak.ini
new file mode 100644
index 0000000..039d261
--- /dev/null
+++ b/njallavps/swag/dns-conf/infomaniak.ini
@@ -0,0 +1,3 @@
+ Instructions: https://github.com/Infomaniak/certbot-dns-infomaniak#via-ini-file
+# Replace with your values
+dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
diff --git a/njallavps/swag/dns-conf/inwx.ini b/njallavps/swag/dns-conf/inwx.ini
new file mode 100644
index 0000000..086d866
--- /dev/null
+++ b/njallavps/swag/dns-conf/inwx.ini
@@ -0,0 +1,6 @@
+# Instructions: https://github.com/oGGy990/certbot-dns-inwx
+# Replace with your values
+dns_inwx_url           = https://api.domrobot.com/xmlrpc/
+dns_inwx_username      = your_username
+dns_inwx_password      = your_password
+dns_inwx_shared_secret = your_shared_secret optional
diff --git a/njallavps/swag/dns-conf/ionos.ini b/njallavps/swag/dns-conf/ionos.ini
new file mode 100644
index 0000000..ebb09e8
--- /dev/null
+++ b/njallavps/swag/dns-conf/ionos.ini
@@ -0,0 +1,5 @@
+# Instructions: https://github.com/helgeerbe/certbot-dns-ionos
+# Replace with your values
+dns_ionos_prefix = myapikeyprefix
+dns_ionos_secret = verysecureapikeysecret
+dns_ionos_endpoint = https://api.hosting.ionos.com
\ No newline at end of file
diff --git a/njallavps/swag/dns-conf/linode.ini b/njallavps/swag/dns-conf/linode.ini
new file mode 100644
index 0000000..2d434a1
--- /dev/null
+++ b/njallavps/swag/dns-conf/linode.ini
@@ -0,0 +1,3 @@
+# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-linode/certbot_dns_linode/__init__.py#L25
+# Replace with your values
+dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64
diff --git a/njallavps/swag/dns-conf/loopia.ini b/njallavps/swag/dns-conf/loopia.ini
new file mode 100644
index 0000000..93e2a4f
--- /dev/null
+++ b/njallavps/swag/dns-conf/loopia.ini
@@ -0,0 +1,3 @@
+# Replace with your values
+dns_loopia_user = user@loopiaapi
+dns_loopia_password = passwordgoeshere
diff --git a/njallavps/swag/dns-conf/luadns.ini b/njallavps/swag/dns-conf/luadns.ini
new file mode 100644
index 0000000..01de1dd
--- /dev/null
+++ b/njallavps/swag/dns-conf/luadns.ini
@@ -0,0 +1,4 @@
+# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-luadns/certbot_dns_luadns/__init__.py#L20
+# Replace with your values
+dns_luadns_email = user@example.com
+dns_luadns_token = 0123456789abcdef0123456789abcdef
diff --git a/njallavps/swag/dns-conf/netcup.ini b/njallavps/swag/dns-conf/netcup.ini
new file mode 100644
index 0000000..a3a1e90
--- /dev/null
+++ b/njallavps/swag/dns-conf/netcup.ini
@@ -0,0 +1,3 @@
+dns_netcup_customer_id  = 123456
+dns_netcup_api_key      = 0123456789abcdef0123456789abcdef01234567
+dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123
diff --git a/njallavps/swag/dns-conf/njalla.ini b/njallavps/swag/dns-conf/njalla.ini
new file mode 100644
index 0000000..4b2a930
--- /dev/null
+++ b/njallavps/swag/dns-conf/njalla.ini
@@ -0,0 +1,2 @@
+# Generate your API token here: https://njal.la/settings/api/
+dns_njalla_token=0000000000000000000000000000000000000000
diff --git a/njallavps/swag/dns-conf/nsone.ini b/njallavps/swag/dns-conf/nsone.ini
new file mode 100644
index 0000000..f1858ca
--- /dev/null
+++ b/njallavps/swag/dns-conf/nsone.ini
@@ -0,0 +1,3 @@
+# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-nsone/certbot_dns_nsone/__init__.py#L20
+# Replace with your value
+dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw
diff --git a/njallavps/swag/dns-conf/ovh.ini b/njallavps/swag/dns-conf/ovh.ini
new file mode 100644
index 0000000..f8fef57
--- /dev/null
+++ b/njallavps/swag/dns-conf/ovh.ini
@@ -0,0 +1,6 @@
+# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-ovh/certbot_dns_ovh/__init__.py#L20
+# Replace with your values
+dns_ovh_endpoint = ovh-eu
+dns_ovh_application_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
+dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
+dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
diff --git a/njallavps/swag/dns-conf/porkbun.ini b/njallavps/swag/dns-conf/porkbun.ini
new file mode 100644
index 0000000..6f3cb3d
--- /dev/null
+++ b/njallavps/swag/dns-conf/porkbun.ini
@@ -0,0 +1,4 @@
+# Instructions: https://github.com/infinityofspace/certbot_dns_porkbun
+# Replace with your values
+dns_porkbun_key=<your-porkbun-api-key>
+dns_porkbun_secret=<your-porkbun-api-secret>
diff --git a/njallavps/swag/dns-conf/rfc2136.ini b/njallavps/swag/dns-conf/rfc2136.ini
new file mode 100644
index 0000000..75b6c7a
--- /dev/null
+++ b/njallavps/swag/dns-conf/rfc2136.ini
@@ -0,0 +1,11 @@
+# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-rfc2136/certbot_dns_rfc2136/__init__.py#L20
+# Replace with your values
+# Target DNS server
+dns_rfc2136_server = 192.0.2.1
+# TSIG key name
+dns_rfc2136_name = keyname.
+# TSIG key secret
+dns_rfc2136_secret = 4q4wM/2I180UXoMyN4INVhJNi8V9BCV+jMw2mXgZw/CSuxUT8C7NKKFs \
+AmKd7ak51vWKgSl12ib86oQRPkpDjg==
+# TSIG key algorithm
+dns_rfc2136_algorithm = HMAC-SHA512
diff --git a/njallavps/swag/dns-conf/route53.ini b/njallavps/swag/dns-conf/route53.ini
new file mode 100644
index 0000000..18ce326
--- /dev/null
+++ b/njallavps/swag/dns-conf/route53.ini
@@ -0,0 +1,5 @@
+# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-route53/certbot_dns_route53/__init__.py#L18
+# Replace with your values
+[default]
+aws_access_key_id=AKIAIOSFODNN7EXAMPLE
+aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
diff --git a/njallavps/swag/dns-conf/sakuracloud.ini b/njallavps/swag/dns-conf/sakuracloud.ini
new file mode 100644
index 0000000..17f3ac8
--- /dev/null
+++ b/njallavps/swag/dns-conf/sakuracloud.ini
@@ -0,0 +1,4 @@
+# Instructions: https://certbot-dns-sakuracloud.readthedocs.io/en/stable/
+# Replace with your values
+dns_sakuracloud_api_token  = 00000000-0000-0000-0000-000000000000
+dns_sakuracloud_api_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
diff --git a/njallavps/swag/dns-conf/standalone.ini b/njallavps/swag/dns-conf/standalone.ini
new file mode 100644
index 0000000..559a8af
--- /dev/null
+++ b/njallavps/swag/dns-conf/standalone.ini
@@ -0,0 +1,8 @@
+# Instructions: https://github.com/siilike/certbot-dns-standalone/blob/master/README.rst
+# Make sure to expose UDP port 53 from your swag container:
+# - for docker cli, add argument: `-p 53:53/udp`
+# - for docker-compose, add the following line under ports: `- 53:53/udp`
+# This file does not need to be changed:
+# - no credentials are required
+# - it's not used and only for informational purpose
+# - prepare the correct DNS records as described in the plugin instructions instead
diff --git a/njallavps/swag/dns-conf/transip.ini b/njallavps/swag/dns-conf/transip.ini
new file mode 100644
index 0000000..68d0b4f
--- /dev/null
+++ b/njallavps/swag/dns-conf/transip.ini
@@ -0,0 +1,30 @@
+# Instructions: https://readthedocs.org/projects/certbot-dns-transip/
+#
+# This DNS plugin can be used to generate SSL wildcard certificates via TransIP DNS TXT records
+#
+# Login with your TransIP account and go to My Account | API:
+# 1. API-settings: On
+#
+# 2. IP-address/ranges whitelist: Add a new authorized IP address (Swag Docker) to use the API
+#
+# 3. Generate a new Key Pair and copy the private key to a new transip.key file in the format:
+#    -----BEGIN PRIVATE KEY-----
+#    ...
+#    -----END PRIVATE KEY-----
+#
+# 4. Convert the key to an RSA key with command:
+#     openssl rsa -in transip.key -out /config/dns-conf/transip-rsa.key
+#
+# 5. Set permission
+#     chmod 600 /config/dns-conf/transip-rsa.key
+#
+# 6. Replace <transip_username> below with your TransIP username
+#
+# 7. Create wildcard certificate with Swag environment variables:
+#      SUBDOMAINS=wildcard
+#      VALIDATION=dns
+#      DNSPLUGIN=transip
+
+dns_transip_username = <transip_username>
+dns_transip_key_file = /config/dns-conf/transip-rsa.key
+
diff --git a/njallavps/swag/dns-conf/vultr.ini b/njallavps/swag/dns-conf/vultr.ini
new file mode 100644
index 0000000..901bdff
--- /dev/null
+++ b/njallavps/swag/dns-conf/vultr.ini
@@ -0,0 +1,3 @@
+# Instructions: https://github.com/lezgomatt/certbot-dns-vultr
+# Replace with your vultr Personal Access Token (see https://www.vultr.com/docs/how-to-setup-dynamic-dns).
+dns_vultr_key = YOUR_VULTR_API_KEY
diff --git a/njallavps/swag/etc/letsencrypt/note.txt b/njallavps/swag/etc/letsencrypt/note.txt
new file mode 100644
index 0000000..b4079bf
--- /dev/null
+++ b/njallavps/swag/etc/letsencrypt/note.txt
@@ -0,0 +1 @@
+This folder contained letsencrypt files which are important data that can't be uploaded
\ No newline at end of file
diff --git a/njallavps/swag/fail2ban/action.d/abuseipdb.conf b/njallavps/swag/fail2ban/action.d/abuseipdb.conf
new file mode 100644
index 0000000..ed958c8
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/abuseipdb.conf
@@ -0,0 +1,104 @@
+# Fail2ban configuration file
+#
+# Action to report IP address to abuseipdb.com
+# You must sign up to obtain an API key from abuseipdb.com.
+#
+# NOTE: These reports may include sensitive Info.
+# If you want cleaner reports that ensure no user data see the helper script at the below website.
+#
+# IMPORTANT:
+#
+# Reporting an IP of abuse is a serious complaint. Make sure that it is
+# serious. Fail2ban developers and network owners recommend you only use this
+# action for:
+#   * The recidive where the IP has been banned multiple times
+#   * Where maxretry has been set quite high, beyond the normal user typing
+#     password incorrectly.
+#   * For filters that have a low likelihood of receiving human errors
+#
+# This action relies on a api_key being added to the above action conf,
+# and the appropriate categories set.
+#
+# Example, for ssh bruteforce (in section [sshd] of `jail.local`): 
+#   action = %(known/action)s
+#            abuseipdb[abuseipdb_apikey="my-api-key", abuseipdb_category="18,22"]
+#
+# See below for categories.
+#
+# Added to fail2ban by Andrew James Collett (ajcollett)
+
+## abuseIPDB Categories, `the abuseipdb_category` MUST be set in the jail.conf action call.
+# Example, for ssh bruteforce: action = %(action_abuseipdb)s[abuseipdb_category="18,22"]
+# ID	Title	Description
+# 3	  Fraud Orders
+# 4	  DDoS Attack
+# 9	  Open Proxy
+# 10	Web Spam
+# 11	Email Spam
+# 14	Port Scan
+# 18	Brute-Force
+# 19	Bad Web Bot
+# 20	Exploited Host
+# 21	Web App Attack
+# 22	SSH	Secure Shell (SSH) abuse. Use this category in combination with more specific categories.
+# 23	IoT Targeted
+# See https://abuseipdb.com/categories for more descriptions
+
+[Definition]
+
+# bypass action for restored tickets
+norestored = 1
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+#
+#          ** IMPORTANT! **
+#
+#          By default, this posts directly to AbuseIPDB's API, unfortunately
+#          this results in a lot of backslashes/escapes appearing in the
+#          reports. This also may include info like your hostname.
+#          If you have your own web server with PHP available, you can
+#          use my (Shaun's) helper PHP script by commenting out the first #actionban
+#          line below, uncommenting the second one, and pointing the URL at
+#          wherever you install the helper script. For the PHP helper script, see
+#          <https://wiki.shaunc.com/wikka.php?wakka=ReportingToAbuseIPDBWithFail2Ban>
+#
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = lgm=$(printf '%%.1000s\n...' "<matches>"); curl -sSf "https://api.abuseipdb.com/api/v2/report" -H "Accept: application/json" -H "Key: <abuseipdb_apikey>" --data-urlencode "comment=$lgm" --data-urlencode "ip=<ip>" --data "categories=<abuseipdb_category>"
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban =
+
+[Init]
+# Option:  abuseipdb_apikey
+# Notes    Your API key from abuseipdb.com
+# Values:  STRING  Default: None
+# Register for abuseipdb [https://www.abuseipdb.com], get api key and set below.
+# You will need to set the category in the action call.
+abuseipdb_apikey =
diff --git a/njallavps/swag/fail2ban/action.d/apf.conf b/njallavps/swag/fail2ban/action.d/apf.conf
new file mode 100644
index 0000000..5c4a261
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/apf.conf
@@ -0,0 +1,25 @@
+# Fail2Ban configuration file
+# https://www.rfxn.com/projects/advanced-policy-firewall/
+#
+# Note: APF doesn't play nicely with other actions. It has been observed to
+# remove bans created by other iptables based actions. If you are going to use
+# this action, use it for all of your jails.
+#
+# DON'T MIX APF and other IPTABLES based actions
+[Definition]
+
+actionstart = 
+actionstop = 
+actioncheck = 
+actionban = apf --deny <ip> "banned by Fail2Ban <name>"
+actionunban = apf --remove <ip>
+
+[Init]
+
+# Name used in APF configuration
+#
+name = default
+
+# DEV NOTES:
+#
+# Author: Mark McKinstry
diff --git a/njallavps/swag/fail2ban/action.d/apprise.conf b/njallavps/swag/fail2ban/action.d/apprise.conf
new file mode 100644
index 0000000..37c42ea
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/apprise.conf
@@ -0,0 +1,49 @@
+# Fail2Ban configuration file
+#
+# Author: Chris Caron <lead2gold@gmail.com>
+#
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = printf %%b "The jail <name> as been started successfully." | <apprise> -t "[Fail2Ban] <name>: started on `uname -n`"
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = printf %%b "The jail <name> has been stopped." | <apprise> -t "[Fail2Ban] <name>: stopped on `uname -n`"
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>" | <apprise> -n "warning" -t "[Fail2Ban] <name>: banned <ip> from `uname -n`"
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban =
+
+[Init]
+
+# Define location of the default apprise configuration file to use
+#
+config = /etc/fail2ban/apprise.conf
+#
+apprise = apprise -c "<config>"
diff --git a/njallavps/swag/fail2ban/action.d/badips.conf b/njallavps/swag/fail2ban/action.d/badips.conf
new file mode 100644
index 0000000..6f9513f
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/badips.conf
@@ -0,0 +1,19 @@
+# Fail2ban reporting to badips.com
+#
+# Note: This reports an IP only and does not actually ban traffic. Use
+# another action in the same jail if you want bans to occur.
+#
+# Set the category to the appropriate value before use.
+#
+# To get see register and optional key to get personalised graphs see:
+# http://www.badips.com/blog/personalized-statistics-track-the-attackers-of-all-your-servers-with-one-key
+
+[Definition]
+
+actionban = curl --fail  --user-agent "<agent>" http://www.badips.com/add/<category>/<ip>
+
+[Init]
+
+# Option: category
+# Notes.: Values are from the list here: http://www.badips.com/get/categories
+category = 
diff --git a/njallavps/swag/fail2ban/action.d/badips.py b/njallavps/swag/fail2ban/action.d/badips.py
new file mode 100644
index 0000000..805120e
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/badips.py
@@ -0,0 +1,391 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+import sys
+if sys.version_info < (2, 7): # pragma: no cover
+	raise ImportError("badips.py action requires Python >= 2.7")
+import json
+import threading
+import logging
+if sys.version_info >= (3, ): # pragma: 2.x no cover
+	from urllib.request import Request, urlopen
+	from urllib.parse import urlencode
+	from urllib.error import HTTPError
+else: # pragma: 3.x no cover
+	from urllib2 import Request, urlopen, HTTPError
+	from urllib import urlencode
+
+from fail2ban.server.actions import Actions, ActionBase, BanTicket
+from fail2ban.helpers import splitwords, str2LogLevel
+
+
+
+class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
+	"""Fail2Ban action which reports bans to badips.com, and also
+	blacklist bad IPs listed on badips.com by using another action's
+	ban method.
+
+	Parameters
+	----------
+	jail : Jail
+		The jail which the action belongs to.
+	name : str
+		Name assigned to the action.
+	category : str
+		Valid badips.com category for reporting failures.
+	score : int, optional
+		Minimum score for bad IPs. Default 3.
+	age : str, optional
+		Age of last report for bad IPs, per badips.com syntax.
+		Default "24h" (24 hours)
+	banaction : str, optional
+		Name of banaction to use for blacklisting bad IPs. If `None`,
+		no blacklist of IPs will take place.
+		Default `None`.
+	bancategory : str, optional
+		Name of category to use for blacklisting, which can differ
+		from category used for reporting. e.g. may want to report
+		"postfix", but want to use whole "mail" category for blacklist.
+		Default `category`.
+	bankey : str, optional
+		Key issued by badips.com to retrieve personal list
+		of blacklist IPs.
+	updateperiod : int, optional
+		Time in seconds between updating bad IPs blacklist.
+		Default 900 (15 minutes)
+	loglevel : int/str, optional
+		Log level of the message when an IP is (un)banned.
+		Default `DEBUG`.
+		Can be also supplied as two-value list (comma- or space separated) to
+		provide level of the summary message when a group of IPs is (un)banned.
+		Example `DEBUG,INFO`.
+	agent : str, optional
+		User agent transmitted to server.
+		Default `Fail2Ban/ver.`
+
+	Raises
+	------
+	ValueError
+		If invalid `category`, `score`, `banaction` or `updateperiod`.
+	"""
+
+	TIMEOUT = 10
+	_badips = "https://www.badips.com"
+	def _Request(self, url, **argv):
+		return Request(url, headers={'User-Agent': self.agent}, **argv)
+
+	def __init__(self, jail, name, category, score=3, age="24h",
+		banaction=None, bancategory=None, bankey=None, updateperiod=900, 
+		loglevel='DEBUG', agent="Fail2Ban", timeout=TIMEOUT):
+		super(BadIPsAction, self).__init__(jail, name)
+
+		self.timeout = timeout
+		self.agent = agent
+		self.category = category
+		self.score = score
+		self.age = age
+		self.banaction = banaction
+		self.bancategory = bancategory or category
+		self.bankey = bankey
+		loglevel = splitwords(loglevel)
+		self.sumloglevel = str2LogLevel(loglevel[-1])
+		self.loglevel = str2LogLevel(loglevel[0])
+		self.updateperiod = updateperiod
+
+		self._bannedips = set()
+		# Used later for threading.Timer for updating badips
+		self._timer = None
+
+	@staticmethod
+	def isAvailable(timeout=1):
+		try:
+			response = urlopen(Request("/".join([BadIPsAction._badips]),
+					headers={'User-Agent': "Fail2Ban"}), timeout=timeout)
+			return True, ''
+		except Exception as e: # pragma: no cover
+			return False, e
+
+	def logError(self, response, what=''): # pragma: no cover - sporadical (502: Bad Gateway, etc)
+		messages = {}
+		try:
+			messages = json.loads(response.read().decode('utf-8'))
+		except:
+			pass
+		self._logSys.error(
+			"%s. badips.com response: '%s'", what,
+				messages.get('err', 'Unknown'))
+
+	def getCategories(self, incParents=False):
+		"""Get badips.com categories.
+
+		Returns
+		-------
+		set
+			Set of categories.
+
+		Raises
+		------
+		HTTPError
+			Any issues with badips.com request.
+		ValueError
+			If badips.com response didn't contain necessary information
+		"""
+		try:
+			response = urlopen(
+				self._Request("/".join([self._badips, "get", "categories"])), timeout=self.timeout)
+		except HTTPError as response: # pragma: no cover
+			self.logError(response, "Failed to fetch categories")
+			raise
+		else:
+			response_json = json.loads(response.read().decode('utf-8'))
+			if not 'categories' in response_json:
+				err = "badips.com response lacked categories specification. Response was: %s" \
+				  % (response_json,)
+				self._logSys.error(err)
+				raise ValueError(err)
+			categories = response_json['categories']
+			categories_names = set(
+				value['Name'] for value in categories)
+			if incParents:
+				categories_names.update(set(
+					value['Parent'] for value in categories
+					if "Parent" in value))
+			return categories_names
+
+	def getList(self, category, score, age, key=None):
+		"""Get badips.com list of bad IPs.
+
+		Parameters
+		----------
+		category : str
+			Valid badips.com category.
+		score : int
+			Minimum score for bad IPs.
+		age : str
+			Age of last report for bad IPs, per badips.com syntax.
+		key : str, optional
+			Key issued by badips.com to fetch IPs reported with the
+			associated key.
+
+		Returns
+		-------
+		set
+			Set of bad IPs.
+
+		Raises
+		------
+		HTTPError
+			Any issues with badips.com request.
+		"""
+		try:
+			url = "?".join([
+				"/".join([self._badips, "get", "list", category, str(score)]),
+				urlencode({'age': age})])
+			if key:
+				url = "&".join([url, urlencode({'key': key})])
+			self._logSys.debug('badips.com: get list, url: %r', url)
+			response = urlopen(self._Request(url), timeout=self.timeout)
+		except HTTPError as response: # pragma: no cover
+			self.logError(response, "Failed to fetch bad IP list")
+			raise
+		else:
+			return set(response.read().decode('utf-8').split())
+
+	@property
+	def category(self):
+		"""badips.com category for reporting IPs.
+		"""
+		return self._category
+
+	@category.setter
+	def category(self, category):
+		if category not in self.getCategories():
+			self._logSys.error("Category name '%s' not valid. "
+				"see badips.com for list of valid categories",
+				category)
+			raise ValueError("Invalid category: %s" % category)
+		self._category = category
+
+	@property
+	def bancategory(self):
+		"""badips.com bancategory for fetching IPs.
+		"""
+		return self._bancategory
+
+	@bancategory.setter
+	def bancategory(self, bancategory):
+		if bancategory != "any" and bancategory not in self.getCategories(incParents=True):
+			self._logSys.error("Category name '%s' not valid. "
+				"see badips.com for list of valid categories",
+				bancategory)
+			raise ValueError("Invalid bancategory: %s" % bancategory)
+		self._bancategory = bancategory
+
+	@property
+	def score(self):
+		"""badips.com minimum score for fetching IPs.
+		"""
+		return self._score
+
+	@score.setter
+	def score(self, score):
+		score = int(score)
+		if 0 <= score <= 5:
+			self._score = score
+		else:
+			raise ValueError("Score must be 0-5")
+
+	@property
+	def banaction(self):
+		"""Jail action to use for banning/unbanning.
+		"""
+		return self._banaction
+
+	@banaction.setter
+	def banaction(self, banaction):
+		if banaction is not None and banaction not in self._jail.actions:
+			self._logSys.error("Action name '%s' not in jail '%s'",
+				banaction, self._jail.name)
+			raise ValueError("Invalid banaction")
+		self._banaction = banaction
+
+	@property
+	def updateperiod(self):
+		"""Period in seconds between banned bad IPs will be updated.
+		"""
+		return self._updateperiod
+
+	@updateperiod.setter
+	def updateperiod(self, updateperiod):
+		updateperiod = int(updateperiod)
+		if updateperiod > 0:
+			self._updateperiod = updateperiod
+		else:
+			raise ValueError("Update period must be integer greater than 0")
+
+	def _banIPs(self, ips):
+		for ip in ips:
+			try:
+				ai = Actions.ActionInfo(BanTicket(ip), self._jail)
+				self._jail.actions[self.banaction].ban(ai)
+			except Exception as e:
+				self._logSys.error(
+					"Error banning IP %s for jail '%s' with action '%s': %s",
+					ip, self._jail.name, self.banaction, e,
+					exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG)
+			else:
+				self._bannedips.add(ip)
+				self._logSys.log(self.loglevel,
+					"Banned IP %s for jail '%s' with action '%s'",
+					ip, self._jail.name, self.banaction)
+
+	def _unbanIPs(self, ips):
+		for ip in ips:
+			try:
+				ai = Actions.ActionInfo(BanTicket(ip), self._jail)
+				self._jail.actions[self.banaction].unban(ai)
+			except Exception as e:
+				self._logSys.error(
+					"Error unbanning IP %s for jail '%s' with action '%s': %s",
+					ip, self._jail.name, self.banaction, e,
+					exc_info=self._logSys.getEffectiveLevel()<=logging.DEBUG)
+			else:
+				self._logSys.log(self.loglevel,
+					"Unbanned IP %s for jail '%s' with action '%s'",
+					ip, self._jail.name, self.banaction)
+			finally:
+				self._bannedips.remove(ip)
+
+	def start(self):
+		"""If `banaction` set, blacklists bad IPs.
+		"""
+		if self.banaction is not None:
+			self.update()
+
+	def update(self):
+		"""If `banaction` set, updates blacklisted IPs.
+
+		Queries badips.com for list of bad IPs, removing IPs from the
+		blacklist if no longer present, and adds new bad IPs to the
+		blacklist.
+		"""
+		if self.banaction is not None:
+			if self._timer:
+				self._timer.cancel()
+				self._timer = None
+
+			try:
+				ips = self.getList(
+					self.bancategory, self.score, self.age, self.bankey)
+				# Remove old IPs no longer listed
+				s = self._bannedips - ips
+				m = len(s)
+				self._unbanIPs(s)
+				# Add new IPs which are now listed
+				s = ips - self._bannedips
+				p = len(s)
+				self._banIPs(s)
+				if m != 0 or p != 0:
+					self._logSys.log(self.sumloglevel,
+						"Updated IPs for jail '%s' (-%d/+%d)",
+						self._jail.name, m, p)
+				self._logSys.debug(
+					"Next update for jail '%' in %i seconds",
+					self._jail.name, self.updateperiod)
+			finally:
+				self._timer = threading.Timer(self.updateperiod, self.update)
+				self._timer.start()
+
+	def stop(self):
+		"""If `banaction` set, clears blacklisted IPs.
+		"""
+		if self.banaction is not None:
+			if self._timer:
+				self._timer.cancel()
+				self._timer = None
+			self._unbanIPs(self._bannedips.copy())
+
+	def ban(self, aInfo):
+		"""Reports banned IP to badips.com.
+
+		Parameters
+		----------
+		aInfo : dict
+			Dictionary which includes information in relation to
+			the ban.
+
+		Raises
+		------
+		HTTPError
+			Any issues with badips.com request.
+		"""
+		try:
+			url = "/".join([self._badips, "add", self.category, str(aInfo['ip'])])
+			self._logSys.debug('badips.com: ban, url: %r', url)
+			response = urlopen(self._Request(url), timeout=self.timeout)
+		except HTTPError as response: # pragma: no cover
+			self.logError(response, "Failed to ban")
+			raise
+		else:
+			messages = json.loads(response.read().decode('utf-8'))
+			self._logSys.debug(
+				"Response from badips.com report: '%s'",
+				messages['suc'])
+
+Action = BadIPsAction
diff --git a/njallavps/swag/fail2ban/action.d/blocklist_de.conf b/njallavps/swag/fail2ban/action.d/blocklist_de.conf
new file mode 100644
index 0000000..ba6d427
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/blocklist_de.conf
@@ -0,0 +1,84 @@
+# Fail2Ban configuration file
+#
+# Author: Steven Hiscocks
+#
+#
+
+# Action to report IP address to blocklist.de
+# Blocklist.de must be signed up to at www.blocklist.de
+# Once registered, one or more servers can be added.
+# This action requires the server 'email address' and the associated apikey.
+#
+# From blocklist.de:
+#   www.blocklist.de is a free and voluntary service provided by a
+#   Fraud/Abuse-specialist, whose servers are often attacked on SSH-,
+#   Mail-Login-, FTP-, Webserver- and other services.
+#   The mission is to report all attacks to the abuse departments of the
+#   infected PCs/servers to ensure that the responsible provider can inform
+#   the customer about the infection and disable them
+#
+# IMPORTANT: 
+# 
+# Reporting an IP of abuse is a serious complaint. Make sure that it is
+# serious. Fail2ban developers and network owners recommend you only use this
+# action for:
+#   * The recidive where the IP has been banned multiple times
+#   * Where maxretry has been set quite high, beyond the normal user typing
+#     password incorrectly.
+#   * For filters that have a low likelihood of receiving human errors
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = 
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = curl --fail --data-urlencode "server=<email>" --data "apikey=<apikey>" --data "service=<service>" --data "ip=<ip>" --data-urlencode "logs=<matches><br>" --data 'format=text' --user-agent "<agent>" "https://www.blocklist.de/en/httpreports.html"
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban =
+
+# Option:  email
+# Notes    server email address, as per blocklist.de account
+# Values:  STRING  Default: None
+#
+#email =
+
+# Option:  apikey
+# Notes    your user blocklist.de user account apikey
+# Values:  STRING  Default: None
+#
+#apikey =
+
+# Option:  service
+# Notes    service name you are reporting on, typically aligns with filter name
+#          see http://www.blocklist.de/en/httpreports.html for full list
+# Values:  STRING  Default: None
+#
+#service =
diff --git a/njallavps/swag/fail2ban/action.d/bsd-ipfw.conf b/njallavps/swag/fail2ban/action.d/bsd-ipfw.conf
new file mode 100644
index 0000000..444192d
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/bsd-ipfw.conf
@@ -0,0 +1,94 @@
+# Fail2Ban configuration file
+#
+# Author: Nick Munger
+# Modified by: Ken Menzel
+#              Daniel Black (start/stop)
+#              Fabian Wenk (many ideas as per fail2ban users list)
+#
+# Ensure firewall_enable="YES" in the top of /etc/rc.conf
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = ipfw show | fgrep -c -m 1 -s 'table(<table>)' > /dev/null 2>&1 || (
+    num=$(ipfw show | awk 'BEGIN { b = <lowest_rule_num> } { if ($1 == b) { b = $1 + 1 } } END { print b }');
+    ipfw -q add "$num" <blocktype> <block> from table\(<table>\) to me <port>; echo "$num" > "<startstatefile>"
+  )
+
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop =  [ ! -f <startstatefile> ] || ( read num < "<startstatefile>" <br> ipfw -q delete $num <br> rm "<startstatefile>" )
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+# requires an ipfw rule like "deny ip from table(1) to me"
+actionban = e=`ipfw table <table> add <ip> 2>&1`; x=$?; [ $x -eq 0 -o "$e" = 'ipfw: setsockopt(IP_FW_TABLE_XADD): File exists' ] || echo "$e" | grep -q "record already exists" || { echo "$e" 1>&2; exit $x; }
+
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = e=`ipfw table <table> delete <ip> 2>&1`; x=$?; [ $x -eq 0 -o "$e" = 'ipfw: setsockopt(IP_FW_TABLE_XDEL): No such process' ] || echo "$e" | grep -q "record not found" || { echo "$e" 1>&2; exit $x; }
+
+[Init]
+# Option:  table
+# Notes:   The ipfw table to use. If a ipfw rule using this table already exists,
+#          this action will not create a ipfw rule to block it and the following
+#          options will have no effect.
+# Values:  NUM
+table = 1
+
+# Option:  port
+# Notes.:  Specifies port to monitor. Blank indicate block all ports.
+# Values:  [ NUM | STRING ]
+#
+port = 
+
+# Option:  startstatefile
+# Notes:   A file to indicate that the table rule that was added. Ensure it is unique per table.
+# Values:  STRING
+startstatefile = /var/run/fail2ban/ipfw-started-table_<table>
+
+# Option: block
+# Notes:  This is how much to block.
+#         Can be "ip", "tcp", "udp" or various other options.
+# Values: STRING
+block = ip
+
+# Option:  blocktype
+# Notes.:  How to block the traffic. Use a action from man 5 ipfw
+#          Common values: deny, unreach port, reset
+#          ACTION defination at the top of man ipfw for allowed values.
+# Values:  STRING
+#
+blocktype = unreach port
+
+# Option:  lowest_rule_num
+# Notes:   When fail2ban starts with action and there is no rule for the given table yet
+#          then fail2ban will start looking for an empty slot starting with this rule number.
+# Values:  NUM
+lowest_rule_num = 111
+
+
diff --git a/njallavps/swag/fail2ban/action.d/cloudflare-token.conf b/njallavps/swag/fail2ban/action.d/cloudflare-token.conf
new file mode 100644
index 0000000..8c5c37d
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/cloudflare-token.conf
@@ -0,0 +1,92 @@
+#
+# Author: Logic-32
+#
+# IMPORTANT
+#
+# Please set jail.local's permission to 640 because it contains your CF API token.
+#
+# This action depends on curl.
+#
+# To get your Cloudflare API token: https://developers.cloudflare.com/api/tokens/create/
+#
+# Cloudflare Firewall API: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/endpoints/
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+actionban = curl -s -X POST "<_cf_api_url>" \
+              <_cf_api_prms> \
+              --data '{"mode":"<cfmode>","configuration":{"target":"<cftarget>","value":"<ip>"},"notes":"<notes>"}'
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = id=$(curl -s -X GET "<_cf_api_url>?mode=<cfmode>&notes=<notes>&configuration.target=<cftarget>&configuration.value=<ip>" \
+                       <_cf_api_prms> \
+                       | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \
+                       | tr -d ' "' \
+                       | head -n 1)
+              if [ -z "$id" ]; then echo "<name>: id for <ip> cannot be found using target <cftarget>"; exit 0; fi; \
+              curl -s -X DELETE "<_cf_api_url>/$id" \
+                  <_cf_api_prms> \
+                  --data '{"cascade": "none"}'
+
+_cf_api_url = https://api.cloudflare.com/client/v4/zones/<cfzone>/firewall/access_rules/rules
+_cf_api_prms = -H "Authorization: Bearer <cftoken>" -H "Content-Type: application/json"
+
+[Init]
+
+# Declare your Cloudflare Authorization Bearer Token in the [DEFAULT] section of your jail.local file.
+
+# The Cloudflare <ZONE_ID> of hte domain you want to manage.
+#
+# cfzone =
+
+# Your personal Cloudflare token.  Ideally restricted to just have "Zone.Firewall Services" permissions.
+#
+# cftoken =
+
+# Target of the firewall rule.  Default is "ip" (v4).
+#
+cftarget = ip
+
+# The firewall mode Cloudflare should use.  Default is "block" (deny access).
+# Consider also "js_challenge" or other "allowed_modes" if you want.
+#
+cfmode = block
+
+# The message to include in the firewall IP banning rule.
+#
+notes = Fail2Ban <name>
+
+[Init?family=inet6]
+cftarget = ip6
diff --git a/njallavps/swag/fail2ban/action.d/cloudflare.conf b/njallavps/swag/fail2ban/action.d/cloudflare.conf
new file mode 100644
index 0000000..4af8708
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/cloudflare.conf
@@ -0,0 +1,88 @@
+#
+# Author: Mike Rushton
+#
+# IMPORTANT
+#
+# Please set jail.local's permission to 640 because it contains your CF API key.
+#
+# This action depends on curl (and optionally jq).
+# Referenced from http://www.normyee.net/blog/2012/02/02/adding-cloudflare-support-to-fail2ban by NORM YEE
+#
+# To get your CloudFlare API Key: https://www.cloudflare.com/a/account/my-account
+#
+# CloudFlare API error codes: https://www.cloudflare.com/docs/host-api.html#s4.2
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+# API v1
+#actionban = curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=ban' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'
+# API v4
+actionban = curl -s -o /dev/null -X POST <_cf_api_prms> \
+            -d '{"mode":"block","configuration":{"target":"<cftarget>","value":"<ip>"},"notes":"Fail2Ban <name>"}' \
+            <_cf_api_url>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+# API v1
+#actionunban = curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=nul' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'
+# API v4
+actionunban = id=$(curl -s -X GET <_cf_api_prms> \
+                   "<_cf_api_url>?mode=block&configuration_target=<cftarget>&configuration_value=<ip>&page=1&per_page=1&notes=Fail2Ban%%20<name>" \
+                   | { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })
+              if [ -z "$id" ]; then echo "<name>: id for <ip> cannot be found"; exit 0; fi;
+              curl -s -o /dev/null -X DELETE <_cf_api_prms> "<_cf_api_url>/$id"
+
+_cf_api_url = https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules
+_cf_api_prms = -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' -H 'Content-Type: application/json'
+
+[Init]
+
+# If you like to use this action with mailing whois lines, you could use the composite action
+# action_cf_mwl predefined in jail.conf, just define in your jail:
+#
+# action = %(action_cf_mwl)s
+# # Your CF account e-mail
+# cfemail  = 
+# # Your CF API Key
+# cfapikey = 
+
+cftoken =
+
+cfuser =
+
+cftarget = ip
+
+[Init?family=inet6]
+cftarget = ip6
diff --git a/njallavps/swag/fail2ban/action.d/complain.conf b/njallavps/swag/fail2ban/action.d/complain.conf
new file mode 100644
index 0000000..4d73b05
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/complain.conf
@@ -0,0 +1,121 @@
+# Fail2Ban configuration file
+#
+# Author: Russell Odom <russ@gloomytrousers.co.uk>, Daniel Black
+# Sends a complaint e-mail to addresses listed in the whois record for an
+# offending IP address.
+# This uses the https://abusix.com/contactdb.html to lookup abuse contacts.
+#
+# DEPENDENCIES:
+# This requires the dig command from bind-utils
+#
+# You should provide the <logpath> in the jail config - lines from the log
+# matching the given IP address will be provided in the complaint as evidence.
+#
+# WARNING
+# -------
+#
+# Please do not use this action unless you are certain that fail2ban
+# does not result in "false positives" for your deployment.  False
+# positive reports could serve a mis-favor to the original cause by
+# flooding corresponding contact addresses, and complicating the work
+# of administration personnel responsible for handling (verified) legit
+# complains.
+#
+# Please consider using e.g. sendmail-whois-lines.conf action which
+# would send the reports with relevant information to you, so the
+# report could be first reviewed and then forwarded to a corresponding
+# contact if legit.
+#
+
+
+[INCLUDES]
+
+before = helpers-common.conf
+
+[Definition]
+
+# Used in test cases for coverage internal transformations
+debug = 0
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = oifs=${IFS};
+            RESOLVER_ADDR="%(addr_resolver)s"
+            if [ "<debug>" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi
+            ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')
+            IFS=,; ADDRESSES=$(echo $ADDRESSES)
+            IFS=${oifs}
+            IP=<ip>
+            if [ ! -z "$ADDRESSES" ]; then
+                ( printf %%b "<message>\n"; date '+Note: Local timezone is %%z (%%Z)'; 
+                  printf %%b "\nLines containing failures of <ip> (max <grepmax>)\n";
+                  %(_grep_logs)s;
+                ) | <mailcmd> "Abuse from <ip>" <mailargs> $ADDRESSES
+            fi
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban =
+
+# Server as resolver used in dig command
+#
+addr_resolver = <ip-rev>abuse-contacts.abusix.org
+
+# Default message used for abuse content
+#
+message = Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n
+
+# Path to the log files which contain relevant lines for the abuser IP
+#
+logpath = /dev/null
+
+# Option:  mailcmd
+# Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+# Values:  CMD
+#
+mailcmd = mail -E 'set escape' -s
+
+# Option:  mailargs
+# Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
+#          CC reports to another address:
+#              -c me@example.com
+#          Appear to come from a different address - the '--' indicates
+#          arguments to be passed to Sendmail:
+#              -- -f me@example.com
+# Values:  [ STRING ]
+#
+mailargs =
+
+# Number of log lines to include in the email
+#
+#grepmax = 1000
+#grepopts = -m <grepmax>
diff --git a/njallavps/swag/fail2ban/action.d/dshield.conf b/njallavps/swag/fail2ban/action.d/dshield.conf
new file mode 100644
index 0000000..3d5a7a5
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/dshield.conf
@@ -0,0 +1,207 @@
+# Fail2Ban configuration file
+#
+# Author: Russell Odom <russ@gloomytrousers.co.uk>
+# Submits attack reports to DShield (http://www.dshield.org/)
+#
+# You MUST configure at least:
+# <port> (the port that's being attacked - use number not name).
+#
+# You SHOULD also provide:
+# <myip> (your public IP address, if it's not the address of eth0)
+# <userid> (your DShield userID, if you have one - recommended, but reports will
+# be used anonymously if not)
+# <protocol> (the protocol in use - defaults to tcp)
+#
+# Best practice is to provide <port> and <protocol> in jail.conf like this:
+# action = dshield[port=1234,protocol=tcp]
+#
+# ...and create "dshield.local" with contents something like this:
+# [Init]
+# myip = 10.0.0.1
+# userid = 12345
+#
+# Other useful configuration values are <mailargs> (you can use for specifying
+# a different sender address for the report e-mails, which should match what is
+# configured at DShield), and <lines>/<minreportinterval>/<maxbufferage> (to
+# configure how often the buffer is flushed).
+#
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = if [ -f <tmpfile>.buffer ]; then
+                 cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <mailargs> <dest>
+                 date +%%s > <tmpfile>.lastsent
+             fi
+             rm -f <tmpfile>.buffer <tmpfile>.first
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+# See http://www.dshield.org/specs.html for more on report format/notes
+#
+# Note: We are currently using <time> for the timestamp because no tag is
+# available to indicate the timestamp of the log message(s) which triggered the
+# ban. Therefore the timestamps we are using in the report, whilst often only a
+# few seconds out, are incorrect. See
+# http://sourceforge.net/tracker/index.php?func=detail&aid=2017795&group_id=121032&atid=689047
+#
+actionban = TZONE=`date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'`
+            DATETIME="`perl -e '@t=localtime(<time>);printf "%%4d-%%02d-%%02d %%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'` $TZONE"
+	    PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols`
+	    if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi
+            printf %%b "$DATETIME\t<userid>\t<failures>\t<ip>\t<srcport>\t<myip>\t<port>\t$PROTOCOL\t<tcpflags>\n" >> <tmpfile>.buffer
+            NOW=`date +%%s`
+            if [ ! -f <tmpfile>.first ]; then
+                echo <time> | cut -d. -f1 > <tmpfile>.first
+            fi
+            if [ ! -f <tmpfile>.lastsent ]; then
+                echo 0 > <tmpfile>.lastsent
+            fi
+            LOGAGE=$(($NOW - `cat <tmpfile>.first`))
+            LASTREPORT=$(($NOW - `cat <tmpfile>.lastsent`))
+            LINES=$( wc -l <tmpfile>.buffer | awk '{ print $1 }' )
+            if [ $LINES -ge <lines> && $LASTREPORT -gt <minreportinterval> ] || [ $LOGAGE -gt <maxbufferage> ]; then
+                cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ $TZONE Fail2Ban" <mailargs> <dest>
+                rm -f <tmpfile>.buffer <tmpfile>.first
+                echo $NOW > <tmpfile>.lastsent
+            fi
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = if [ -f <tmpfile>.first ]; then
+                  NOW=`date +%%s`
+                  LOGAGE=$(($NOW - `cat <tmpfile>.first`))
+                  if [ $LOGAGE -gt <maxbufferage> ]; then
+                      cat <tmpfile>.buffer | <mailcmd> "FORMAT DSHIELD USERID <userid> TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" <mailargs> <dest>
+                      rm -f <tmpfile>.buffer <tmpfile>.first
+                      echo $NOW > <tmpfile>.lastsent
+                  fi
+              fi
+
+
+[Init]
+# Option:  port
+# Notes.:  The target port for the attack (numerical). MUST be provided in the
+#          jail config, as it cannot be detected here.
+# Values:  [ NUM ]
+#
+port = ???
+
+# Option:  userid
+# Notes.:  Your DShield user ID. Should be provided either in the jail config or
+#          in a .local file.
+#          Register at https://secure.dshield.org/register.html
+# Values:  [ NUM ]
+#
+userid = 0
+
+# Option:  myip
+# Notes.:  The target IP for the attack (your public IP). Should be provided
+#          either in the jail config or in a .local file unless your PUBLIC IP
+#          is the first IP assigned to eth0
+# Values:  [ an IP address ]  Default: Tries to find the IP address of eth0,
+#          which in most cases will be a private IP, and therefore incorrect
+#
+myip = `ip -4 addr show dev eth0 | grep inet | head -n 1 | sed -r 's/.*inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'`
+
+# Option:  protocol
+# Notes.:  The protocol over which the attack is happening
+# Values:  [ tcp | udp | icmp | (any other protocol name from /etc/protocols) | NUM ] Default: tcp
+#
+protocol = tcp
+
+# Option:  lines
+# Notes.:  How many lines to buffer before making a report. Regardless of this,
+#          reports are sent a minimum of <minreportinterval> apart, or if the
+#          buffer contains an event over <maxbufferage> old, or on shutdown
+# Values:  [ NUM ]
+#
+lines = 50
+
+# Option:  minreportinterval
+# Notes.:  Minimum period (in seconds) that must elapse before we submit another
+#          batch of reports. DShield request a minimum of 1 hour (3600 secs)
+#          between reports.
+# Values:  [ NUM ]
+#
+minreportinterval = 3600
+
+# Option:  maxbufferage
+# Notes.:  Maximum age (in seconds) of the oldest report in the buffer before we
+#          submit the batch, even if we haven't reached <lines> yet. Note that
+#          this is only checked on each ban/unban, and that we always send
+#          anything in the buffer on shutdown. Must be greater than
+# Values:  [ NUM ]
+#
+maxbufferage = 21600
+
+# Option:  srcport
+# Notes.:  The source port of the attack. You're unlikely to have this info, so
+#          you can leave the default
+# Values:  [ NUM ]
+#
+srcport = ???
+
+# Option:  tcpflags
+# Notes.:  TCP flags on attack. You're unlikely to have this info, so you can
+#          leave empty
+# Values:  [ STRING ]
+#
+tcpflags =
+
+# Option:  mailcmd
+# Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+# Values:  CMD
+#
+mailcmd = mail -E 'set escape' -s
+
+# Option:  mailargs
+# Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
+#          CC reports to another address:
+#              -c me@example.com
+#          Appear to come from a different address (the From address must match
+#          the one configured at DShield - the '--' indicates arguments to be
+#          passed to Sendmail):
+#              -- -f me@example.com
+# Values:  [ STRING ]
+#
+mailargs =
+
+# Option:  dest
+# Notes.:  Destination e-mail address for reports
+# Values:  [ STRING ]
+#
+dest = reports@dshield.org
+
+# Option:  tmpfile
+# Notes.:  Base name of temporary files used for buffering
+# Values:  [ STRING ]
+#
+tmpfile = /var/run/fail2ban/tmp-dshield
+
diff --git a/njallavps/swag/fail2ban/action.d/dummy.conf b/njallavps/swag/fail2ban/action.d/dummy.conf
new file mode 100644
index 0000000..eb07e32
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/dummy.conf
@@ -0,0 +1,63 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = if [ ! -z '<target>' ]; then touch <target>; fi;
+              printf %%b "<init>\n" <to_target>
+              echo "%(debug)s started"
+
+# Option:  actionflush
+# Notes.:  command executed once to flush (clear) all IPS, by shutdown (resp. by stop of the jail or this action)
+# Values:  CMD
+#
+actionflush = printf %%b "-*\n" <to_target>
+              echo "%(debug)s clear all"
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = if [ ! -z '<target>' ]; then rm -f <target>; fi;
+             echo "%(debug)s stopped"
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "+<ip>\n" <to_target>
+            echo "%(debug)s banned <ip> (family: <family>)"
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = printf %%b "-<ip>\n" <to_target>
+              echo "%(debug)s unbanned <ip> (family: <family>)"
+
+
+debug = [<name>] <actname> <target> --
+
+[Init]
+
+init = 123
+
+target = /var/run/fail2ban/fail2ban.dummy
+to_target = >> <target>
diff --git a/njallavps/swag/fail2ban/action.d/firewallcmd-allports.conf b/njallavps/swag/fail2ban/action.d/firewallcmd-allports.conf
new file mode 100644
index 0000000..de0e7f9
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/firewallcmd-allports.conf
@@ -0,0 +1,45 @@
+# Fail2Ban configuration file
+#
+# Author: Donald Yandt 
+# Because of the --remove-rules in stop this action requires firewalld-0.3.8+
+
+
+[INCLUDES]
+
+before = firewallcmd-common.conf
+
+[Definition]
+
+actionstart = firewall-cmd --direct --add-chain <family> filter f2b-<name>
+              firewall-cmd --direct --add-rule <family> filter f2b-<name> 1000 -j RETURN
+              firewall-cmd --direct --add-rule <family> filter <chain> 0 -j f2b-<name>
+
+actionstop = firewall-cmd --direct --remove-rule <family> filter <chain> 0 -j f2b-<name>
+             firewall-cmd --direct --remove-rules <family> filter f2b-<name>
+             firewall-cmd --direct --remove-chain <family> filter f2b-<name>
+
+
+# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-recidive$'
+
+actioncheck = firewall-cmd --direct --get-chains <family> filter | sed -e 's, ,\n,g' | grep -q '^f2b-<name>$'
+
+actionban = firewall-cmd --direct --add-rule <family> filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+actionunban = firewall-cmd --direct --remove-rule <family> filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+# DEV NOTES:
+#
+# Author: Donald Yandt 
+# Uses "FirewallD" instead of the "iptables daemon".
+#
+#
+# Output:
+
+# actionstart:
+# $ firewall-cmd --direct --add-chain ipv4 filter f2b-recidive
+# success
+# $ firewall-cmd --direct --add-rule ipv4 filter f2b-recidive 1000 -j RETURN
+# success
+# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-recidive
+# success
+
diff --git a/njallavps/swag/fail2ban/action.d/firewallcmd-common.conf b/njallavps/swag/fail2ban/action.d/firewallcmd-common.conf
new file mode 100644
index 0000000..4abe531
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/firewallcmd-common.conf
@@ -0,0 +1,76 @@
+# Fail2Ban configuration file
+#
+# Author: Donald Yandt
+#
+
+[Init]
+
+# Option:  name
+# Notes    Default name of the chain
+# Values:  STRING
+name = default
+
+# Option   port
+# Notes    Can also use port numbers separated by a comma and in rich-rules comma and/or space.
+# Value    STRING Default: 1:65535
+port = 1:65535
+
+# Option:  protocol
+# Notes    [ tcp | udp | icmp | all ]
+# Values:  STRING Default: tcp
+protocol = tcp
+
+# Option:  family(ipv4)
+# Notes    specifies the socket address family type
+# Values:  STRING  
+family = ipv4
+
+# Option:  chain
+# Notes    specifies the firewalld chain to which the Fail2Ban rules should be
+#          added
+# Values:  STRING  Default: INPUT_direct
+chain = INPUT_direct
+
+# Option:  zone
+# Notes    use command firewall-cmd --get-active-zones to see a list of all active zones. See firewalld man pages for more information on zones
+# Values:  STRING  Default: public
+zone = public
+
+# Option:  service
+# Notes    use command firewall-cmd --get-services to see a list of services available
+#          Examples services: amanda-client amanda-k5-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns freeipa-ldap freeipa-ldaps 
+#          freeipa-replication ftp high-availability http https imaps ipp ipp-client ipsec iscsi-target kadmin kerberos 
+#          kpasswd ldap ldaps libvirt libvirt-tls mdns mosh mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s 
+#          postgresql privoxy proxy-dhcp puppetmaster radius rpc-bind rsyncd samba samba-client sane smtp squid ssh synergy 
+#          telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server
+# Values:  STRING Default: ssh 
+service = ssh
+
+# Option:  rejecttype (ipv4)
+# Notes    See iptables/firewalld man pages for ipv4 reject types. 
+# Values:  STRING
+rejecttype = icmp-port-unreachable
+
+# Option:  blocktype (ipv4/ipv6)
+# Notes    See iptables/firewalld man pages for jump targets. Common values are REJECT, 
+#          REJECT --reject-with icmp-port-unreachable, DROP
+# Values:  STRING
+blocktype = REJECT --reject-with <rejecttype>
+
+# Option:  rich-blocktype (ipv4/ipv6)
+# Notes    See firewalld man pages for jump targets. Common values are reject, 
+#          reject type="icmp-port-unreachable", drop
+# Values:  STRING
+rich-blocktype = reject type='<rejecttype>'
+
+[Init?family=inet6]
+
+# Option:  family(ipv6)
+# Notes    specifies the socket address family type
+# Values:  STRING  
+family = ipv6
+
+# Option:  rejecttype (ipv6)
+# Note:    See iptables/firewalld man pages for ipv6 reject types. 
+# Values:  STRING
+rejecttype = icmp6-port-unreachable
diff --git a/njallavps/swag/fail2ban/action.d/firewallcmd-ipset.conf b/njallavps/swag/fail2ban/action.d/firewallcmd-ipset.conf
new file mode 100644
index 0000000..c36ba69
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/firewallcmd-ipset.conf
@@ -0,0 +1,121 @@
+# Fail2Ban action file for firewall-cmd/ipset
+#
+# This requires:
+# ipset (package: ipset)
+# firewall-cmd (package: firewalld)
+#
+# This is for ipset protocol 6 (and hopefully later) (ipset v6.14).
+# Use ipset -V to see the protocol and version.
+#
+# IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
+#
+# If you are running on an older kernel you make need to patch in external
+# modules.
+
+[INCLUDES]
+
+before = firewallcmd-common.conf
+
+[Definition]
+
+actionstart = <ipstype_<ipsettype>/actionstart>
+              firewall-cmd --direct --add-rule <family> filter <chain> 0 <actiontype> -m set --match-set <ipmset> src -j <blocktype>
+
+actionflush = <ipstype_<ipsettype>/actionflush>
+
+actionstop = firewall-cmd --direct --remove-rule <family> filter <chain> 0 <actiontype> -m set --match-set <ipmset> src -j <blocktype>
+             <actionflush>
+             <ipstype_<ipsettype>/actionstop>
+
+actionban = <ipstype_<ipsettype>/actionban>
+
+# actionprolong = %(actionban)s
+
+actionunban = <ipstype_<ipsettype>/actionunban>
+
+[ipstype_ipset]
+
+actionstart = ipset -exist create <ipmset> hash:ip timeout <default-ipsettime> <familyopt>
+
+actionflush = ipset flush <ipmset>
+
+actionstop = ipset destroy <ipmset>
+
+actionban = ipset -exist add <ipmset> <ip> timeout <ipsettime>
+
+actionunban = ipset -exist del <ipmset> <ip>
+
+[ipstype_firewalld]
+
+actionstart = firewall-cmd --direct --new-ipset=<ipmset> --type=hash:ip --option=timeout=<default-ipsettime> <firewalld_familyopt>
+
+# TODO: there doesn't seem to be an explicit way to invoke the ipset flush function using firewall-cmd
+actionflush = 
+
+actionstop = firewall-cmd --direct --delete-ipset=<ipmset>
+
+actionban = firewall-cmd --ipset=<ipmset> --add-entry=<ip>
+
+actionunban = firewall-cmd --ipset=<ipmset> --remove-entry=<ip>
+
+[Init]
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the fail2ban rules should be
+#          added
+# Values:  [ STRING ]
+#
+chain = INPUT_direct
+
+# Option: default-ipsettime
+# Notes:  specifies default timeout in seconds (handled default ipset timeout only)
+# Values:  [ NUM ]  Default: 0 (no timeout, managed by fail2ban by unban)
+default-ipsettime = 0
+
+# Option: ipsettime
+# Notes:  specifies ticket timeout (handled ipset timeout only)
+# Values:  [ NUM ]  Default: 0 (managed by fail2ban by unban)
+ipsettime = 0
+
+# expresion to caclulate timeout from bantime, example:
+# banaction = %(known/banaction)s[ipsettime='<timeout-bantime>']
+timeout-bantime = $([ "<bantime>" -le 2147483 ] && echo "<bantime>" || echo 0)
+
+# Option: ipsettype
+# Notes.: defines type of ipset used for match-set (firewalld or ipset)
+# Values: firewalld or ipset
+# Default: ipset
+ipsettype = ipset
+
+# Option: actiontype
+# Notes.: defines additions to the blocking rule
+# Values: leave empty to block all attempts from the host
+# Default: Value of the multiport
+actiontype = <multiport>
+
+# Option: allports
+# Notes.: default addition to block all ports
+# Usage.: use in jail config:  banaction = firewallcmd-ipset[actiontype=<allports>]
+#         for all protocols:   banaction = firewallcmd-ipset[actiontype=""]
+allports = -p <protocol>
+
+# Option: multiport
+# Notes.: addition to block access only to specific ports
+# Usage.: use in jail config:  banaction = firewallcmd-ipset[actiontype=<multiport>]
+multiport = -p <protocol> -m multiport --dports <port>
+
+ipmset = f2b-<name>
+familyopt =
+firewalld_familyopt =
+
+[Init?family=inet6]
+
+ipmset = f2b-<name>6
+familyopt = family inet6
+firewalld_familyopt = --option=family=inet6
+
+
+# DEV NOTES:
+#
+# Author: Edgar Hoch, Daniel Black, Sergey Brester and Mihail Politaev
+# firewallcmd-new / iptables-ipset-proto6 combined for maximium goodness
diff --git a/njallavps/swag/fail2ban/action.d/firewallcmd-multiport.conf b/njallavps/swag/fail2ban/action.d/firewallcmd-multiport.conf
new file mode 100644
index 0000000..81540e5
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/firewallcmd-multiport.conf
@@ -0,0 +1,26 @@
+# Fail2Ban configuration file
+#
+# Author: Donald Yandt 
+# Because of the --remove-rules in stop this action requires firewalld-0.3.8+
+
+[INCLUDES]
+
+before = firewallcmd-common.conf
+
+[Definition]
+
+actionstart = firewall-cmd --direct --add-chain <family> filter f2b-<name>
+              firewall-cmd --direct --add-rule <family> filter f2b-<name> 1000 -j RETURN
+              firewall-cmd --direct --add-rule <family> filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
+
+actionstop = firewall-cmd --direct --remove-rule <family> filter <chain> 0 -m conntrack --ctstate NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
+             firewall-cmd --direct --remove-rules <family> filter f2b-<name>
+             firewall-cmd --direct --remove-chain <family> filter f2b-<name>
+
+# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$'
+
+actioncheck = firewall-cmd --direct --get-chains <family> filter | sed -e 's, ,\n,g' | grep -q '^f2b-<name>$'
+
+actionban = firewall-cmd --direct --add-rule <family> filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+actionunban = firewall-cmd --direct --remove-rule <family> filter f2b-<name> 0 -s <ip> -j <blocktype>
diff --git a/njallavps/swag/fail2ban/action.d/firewallcmd-new.conf b/njallavps/swag/fail2ban/action.d/firewallcmd-new.conf
new file mode 100644
index 0000000..b06f5cc
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/firewallcmd-new.conf
@@ -0,0 +1,47 @@
+# Fail2Ban configuration file
+#
+# Because of the --remove-rules in stop this action requires firewalld-0.3.8+
+
+[INCLUDES]
+
+before = firewallcmd-common.conf
+
+[Definition]
+
+actionstart = firewall-cmd --direct --add-chain <family> filter f2b-<name>
+              firewall-cmd --direct --add-rule <family> filter f2b-<name> 1000 -j RETURN
+              firewall-cmd --direct --add-rule <family> filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
+
+actionstop = firewall-cmd --direct --remove-rule <family> filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
+             firewall-cmd --direct --remove-rules <family> filter f2b-<name>
+             firewall-cmd --direct --remove-chain <family> filter f2b-<name>
+
+actioncheck = firewall-cmd --direct --get-chains <family> filter | sed -e 's, ,\n,g' | grep -q 'f2b-<name>$'
+
+actionban = firewall-cmd --direct --add-rule <family> filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+actionunban = firewall-cmd --direct --remove-rule <family> filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+# DEV NOTES:
+#
+# Author: Edgar Hoch
+# Copied from iptables-new.conf and modified for use with firewalld by Edgar Hoch.
+#  It uses "firewall-cmd" instead of "iptables".
+#
+# Output:
+# 
+# $ firewall-cmd --direct --add-chain ipv4 filter fail2ban-name
+# success
+# $ firewall-cmd --direct --add-rule ipv4 filter fail2ban-name 1000 -j RETURN
+# success
+# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 22 -j fail2ban-name
+# success
+# $ firewall-cmd --direct --get-chains ipv4 filter
+# fail2ban-name
+# $ firewall-cmd --direct --get-chains ipv4 filter  | od -h
+# 0000000 6166 6c69 6232 6e61 6e2d 6d61 0a65
+# $ firewall-cmd --direct --get-chains ipv4 filter | grep -Eq 'fail2ban-name( |$)' ; echo $?
+# 0
+# $ firewall-cmd -V
+# 0.3.8
+
diff --git a/njallavps/swag/fail2ban/action.d/firewallcmd-rich-logging.conf b/njallavps/swag/fail2ban/action.d/firewallcmd-rich-logging.conf
new file mode 100644
index 0000000..21e4508
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/firewallcmd-rich-logging.conf
@@ -0,0 +1,29 @@
+# Fail2Ban configuration file
+#
+# Authors: Donald Yandt, Sergey G. Brester
+# 
+# Because of the rich rule commands requires firewalld-0.3.1+
+# This action uses firewalld rich-rules which gives you a cleaner iptables since it stores rules according to zones and not
+# by chain. So for an example all deny rules will be listed under <zone>_deny and all log rules under <zone>_log. 
+#
+# Also this action logs banned access attempts so you can filter that and increase ban time for offenders.
+#
+# If you use the --permanent rule you get a xml file in /etc/firewalld/zones/<zone>.xml that can be shared and parsed easliy
+#
+# This is an derivative of firewallcmd-rich-rules.conf, see there for details and other parameters.
+
+[INCLUDES]
+
+before = firewallcmd-rich-rules.conf
+
+[Definition]
+
+rich-suffix = log prefix='f2b-<name>' level='<level>' limit value='<rate>/m' <rich-blocktype>
+
+[Init]
+
+# log levels are "emerg", "alert", "crit", "error", "warning", "notice", "info" or "debug"
+level = info
+
+# log rate per minute
+rate = 1
diff --git a/njallavps/swag/fail2ban/action.d/firewallcmd-rich-rules.conf b/njallavps/swag/fail2ban/action.d/firewallcmd-rich-rules.conf
new file mode 100644
index 0000000..75a27d8
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/firewallcmd-rich-rules.conf
@@ -0,0 +1,44 @@
+# Fail2Ban configuration file
+#
+# Author: Donald Yandt 
+# 
+# Because of the rich rule commands requires firewalld-0.3.1+
+# This action uses firewalld rich-rules which gives you a cleaner iptables since it stores rules according to zones and not
+# by chain. So for an example all deny rules will be listed under <zone>_deny. 
+#
+# If you use the --permanent rule you get a xml file in /etc/firewalld/zones/<zone>.xml that can be shared and parsed easliy
+#
+# Example commands to view rules:
+# firewall-cmd [--zone=<zone>] --list-rich-rules
+# firewall-cmd [--zone=<zone>] --list-all
+# firewall-cmd [--zone=zone] --query-rich-rule='rule'
+
+[INCLUDES]
+
+before = firewallcmd-common.conf
+
+[Definition]
+
+actionstart = 
+
+actionstop = 
+
+actioncheck = 
+
+#you can also use zones and/or service names. 
+#
+# zone example: 
+# firewall-cmd --zone=<zone> --add-rich-rule="rule family='ipv4' source address='<ip>' port port='<port>' protocol='<protocol>' <rich-blocktype>"
+#
+# service name example:
+# firewall-cmd --zone=<zone> --add-rich-rule="rule family='ipv4' source address='<ip>' service name='<service>' <rich-blocktype>"
+#
+# Because rich rules can only handle single or a range of ports we must split ports and execute the command for each port. Ports can be single and ranges separated by a comma or space for an example: http, https, 22-60, 18 smtp 
+
+fwcmd_rich_rule = rule family='<family>' source address='<ip>' port port='$p' protocol='<protocol>' %(rich-suffix)s
+
+actionban = ports="<port>"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="%(fwcmd_rich_rule)s"; done
+	   
+actionunban = ports="<port>"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="%(fwcmd_rich_rule)s"; done
+
+rich-suffix = <rich-blocktype>
\ No newline at end of file
diff --git a/njallavps/swag/fail2ban/action.d/helpers-common.conf b/njallavps/swag/fail2ban/action.d/helpers-common.conf
new file mode 100644
index 0000000..03422a8
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/helpers-common.conf
@@ -0,0 +1,17 @@
+[DEFAULT]
+
+# Usage:
+#   _grep_logs_args = 'test'
+#   (printf %%b "Log-excerpt contains 'test':\n"; %(_grep_logs)s; printf %%b "Log-excerpt contains 'test':\n") | mail ...
+#
+_grep_logs = logpath="<logpath>"; grep <grepopts> %(_grep_logs_args)s $logpath | <greplimit>
+# options `-wF` used to match only whole words and fixed string (not as pattern)
+_grep_logs_args = -wF "<ip>"
+
+# Used for actions, that should not by executed if ticket was restored:
+_bypass_if_restored = if [ '<restored>' = '1' ]; then exit 0; fi;
+
+[Init]
+greplimit = tail -n <grepmax>
+grepmax = 1000
+grepopts = -m <grepmax>
diff --git a/njallavps/swag/fail2ban/action.d/hostsdeny.conf b/njallavps/swag/fail2ban/action.d/hostsdeny.conf
new file mode 100644
index 0000000..8eebbaf
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/hostsdeny.conf
@@ -0,0 +1,62 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Edited for cross platform by: James Stout, Yaroslav Halchenko and Daniel Black
+#
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = 
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = 
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "<daemon_list>: <ip_value>\n" >> <file>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = IP=$(echo "<ip_value>" | sed 's/[][\.]/\\\0/g') && sed -i "/^<daemon_list>: $IP$/d" <file>
+
+[Init]
+
+# Option:  file
+# Notes.:  hosts.deny file path.
+# Values:  STR  Default:  /etc/hosts.deny
+#
+file = /etc/hosts.deny
+
+# Option:  daemon_list
+# Notes:   The list of services that this action will deny. See the man page
+#          for hosts.deny/hosts_access. Default is all services.
+# Values:  STR  Default: ALL
+daemon_list = ALL
+
+# internal variable IP (to differentiate the IPv4 and IPv6 syntax, where it is enclosed in brackets):
+ip_value = <ip>
+
+[Init?family=inet6]
+ip_value = [<ip>]
diff --git a/njallavps/swag/fail2ban/action.d/ipfilter.conf b/njallavps/swag/fail2ban/action.d/ipfilter.conf
new file mode 100644
index 0000000..02091d6
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/ipfilter.conf
@@ -0,0 +1,58 @@
+# Fail2Ban configuration file
+#
+# NetBSD ipfilter (ipf command) ban/unban
+#
+# Author: Ed Ravin <eravin@panix.com>
+#
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+# enable IPF if not already enabled
+actionstart = /sbin/ipf -E
+
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+# don't disable IPF with "/sbin/ipf -D", there may be other filters in use
+actionstop = 
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = echo block <blocktype> in quick from <ip>/32 | /sbin/ipf -f -
+
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+# note -r option used to remove matching rule
+actionunban = echo block <blocktype> in quick from <ip>/32 | /sbin/ipf -r -f -
+
+[Init]
+
+# Option: Blocktype
+# Notes : This is the return-icmp[return-code] mentioned in the ipf man page section 5. Keep this quoted to prevent
+#         Shell expansion. This should be blank (unquoted) to drop the packet.
+# Values: STRING
+blocktype = "return-icmp(port-unr)"
diff --git a/njallavps/swag/fail2ban/action.d/ipfw.conf b/njallavps/swag/fail2ban/action.d/ipfw.conf
new file mode 100644
index 0000000..956b154
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/ipfw.conf
@@ -0,0 +1,68 @@
+# Fail2Ban configuration file
+#
+# Author: Nick Munger
+# Modified by: Cyril Jaquier
+#
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = 
+
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = 
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = ipfw add <blocktype> tcp from <ip> to <localhost> <port>
+
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = ipfw delete `ipfw list | grep -i "[^0-9]<ip>[^0-9]" | awk '{print $1;}'`
+
+[Init]
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]
+#
+port = ssh
+
+# Option:  localhost
+# Notes.:  the local IP address of the network interface
+# Values:  IP
+#
+localhost = 127.0.0.1
+
+
+# Option:  blocktype
+# Notes.:  How to block the traffic. Use a action from man 5 ipfw
+#          Common values: deny, unreach port, reset
+# Values:  STRING
+#
+blocktype = unreach port
diff --git a/njallavps/swag/fail2ban/action.d/iptables-allports.conf b/njallavps/swag/fail2ban/action.d/iptables-allports.conf
new file mode 100644
index 0000000..51c4694
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/iptables-allports.conf
@@ -0,0 +1,15 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified: Yaroslav O. Halchenko <debian@onerussian.com>
+# 			made active on all ports from original iptables.conf
+#
+# Obsolete: superseded by iptables[type=allports]
+
+[INCLUDES]
+
+before = iptables.conf
+
+[Definition]
+
+type = allports
diff --git a/njallavps/swag/fail2ban/action.d/iptables-common.conf b/njallavps/swag/fail2ban/action.d/iptables-common.conf
new file mode 100644
index 0000000..e016ef2
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/iptables-common.conf
@@ -0,0 +1,92 @@
+# Fail2Ban configuration file
+#
+# Author: Daniel Black
+#
+# This is a included configuration file and includes the definitions for the iptables
+# used in all iptables based actions by default.
+#
+# The user can override the defaults in iptables-common.local
+#
+# Modified: Alexander Koeppe <format_c@online.de>, Serg G. Brester <serg.brester@sebres.de>
+#       made config file IPv6 capable (see new section Init?family=inet6)
+
+[INCLUDES]
+
+after = iptables-blocktype.local
+        iptables-common.local
+# iptables-blocktype.local is obsolete
+
+[Definition]
+
+# Option:  actionflush
+# Notes.:  command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action)
+# Values:  CMD
+#
+actionflush = <iptables> -F f2b-<name>
+
+
+[Init]
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the Fail2Ban rules should be
+#          added
+# Values:  STRING  Default: INPUT
+chain = INPUT
+
+# Default name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
+# Option:  blocktype
+# Note:    This is what the action does with rules. This can be any jump target
+#          as per the iptables man page (section 8). Common values are DROP
+#          REJECT, REJECT --reject-with icmp-port-unreachable
+# Values:  STRING
+blocktype = REJECT --reject-with icmp-port-unreachable
+
+# Option:  returntype
+# Note:    This is the default rule on "actionstart". This should be RETURN
+#          in all (blocking) actions, except REJECT in allowing actions.
+# Values:  STRING
+returntype = RETURN
+
+# Option:  lockingopt
+# Notes.:  Option was introduced to iptables to prevent multiple instances from
+#          running concurrently and causing irratic behavior.  -w was introduced
+#          in iptables 1.4.20, so might be absent on older systems
+#          See https://github.com/fail2ban/fail2ban/issues/1122
+# Values:  STRING
+lockingopt = -w
+
+# Option:  iptables
+# Notes.:  Actual command to be executed, including common to all calls options
+# Values:  STRING
+iptables = iptables <lockingopt>
+
+
+[Init?family=inet6]
+
+# Option:  blocktype (ipv6)
+# Note:    This is what the action does with rules. This can be any jump target
+#          as per the iptables man page (section 8). Common values are DROP
+#          REJECT, REJECT --reject-with icmp6-port-unreachable
+# Values:  STRING
+blocktype = REJECT --reject-with icmp6-port-unreachable
+
+# Option:  iptables (ipv6)
+# Notes.:  Actual command to be executed, including common to all calls options
+# Values:  STRING
+iptables = ip6tables <lockingopt>
+
diff --git a/njallavps/swag/fail2ban/action.d/iptables-ipset-proto4.conf b/njallavps/swag/fail2ban/action.d/iptables-ipset-proto4.conf
new file mode 100644
index 0000000..3762428
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/iptables-ipset-proto4.conf
@@ -0,0 +1,66 @@
+# Fail2Ban configuration file
+#
+# Author: Daniel Black
+#
+# This is for ipset protocol 4 (ipset v4.2). If you have a later version
+# of ipset try to use the iptables-ipset-proto6.conf as it does some things
+# nicer.
+# 
+# This requires the program ipset which is normally in package called ipset.
+#
+# IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
+#
+# If you are running on an older kernel you make need to patch in external
+# modules. Debian squeeze can do this with:
+#   apt-get install xtables-addons-source 
+#   module-assistant auto-install xtables-addons
+#
+# Debian wheezy and above uses protocol 6
+
+[INCLUDES]
+
+before = iptables.conf
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = ipset --create f2b-<name> iphash
+              <_ipt_add_rules>
+
+
+# Option:  actionflush
+# Notes.:  command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action)
+# Values:  CMD
+#
+actionflush = ipset --flush f2b-<name>
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = <_ipt_del_rules>
+             <actionflush>
+             ipset --destroy f2b-<name>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = ipset --test f2b-<name> <ip> ||  ipset --add f2b-<name> <ip>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = ipset --test f2b-<name> <ip> && ipset --del f2b-<name> <ip>
+
+# Several capabilities used internaly:
+
+rule-jump = -m set --match-set f2b-<name> src -j <blocktype>
diff --git a/njallavps/swag/fail2ban/action.d/iptables-ipset-proto6-allports.conf b/njallavps/swag/fail2ban/action.d/iptables-ipset-proto6-allports.conf
new file mode 100644
index 0000000..1aa7fd6
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/iptables-ipset-proto6-allports.conf
@@ -0,0 +1,27 @@
+# Fail2Ban configuration file
+#
+# Author: Daniel Black
+#
+# This is for ipset protocol 6 (and hopefully later) (ipset v6.14).
+# Use ipset -V to see the protocol and version. Version 4 should use
+# iptables-ipset-proto4.conf.
+#
+# This requires the program ipset which is normally in package called ipset.
+#
+# IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
+#
+# If you are running on an older kernel you make need to patch in external
+# modules which probably won't be protocol version 6.
+#
+# Modified: Alexander Koeppe <format_c@online.de>, Serg G. Brester <serg.brester@sebres.de>
+#       made config file IPv6 capable (see new section Init?family=inet6)
+#
+# Obsolete: superseded by iptables-ipset[type=allports]
+
+[INCLUDES]
+
+before = iptables-ipset.conf
+
+[Definition]
+
+type = allports
diff --git a/njallavps/swag/fail2ban/action.d/iptables-ipset-proto6.conf b/njallavps/swag/fail2ban/action.d/iptables-ipset-proto6.conf
new file mode 100644
index 0000000..ef74498
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/iptables-ipset-proto6.conf
@@ -0,0 +1,27 @@
+# Fail2Ban configuration file
+#
+# Author: Daniel Black
+#
+# This is for ipset protocol 6 (and hopefully later) (ipset v6.14).
+# Use ipset -V to see the protocol and version. Version 4 should use
+# iptables-ipset-proto4.conf.
+#
+# This requires the program ipset which is normally in package called ipset.
+#
+# IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
+#
+# If you are running on an older kernel you make need to patch in external
+# modules.
+#
+# Modified: Alexander Koeppe <format_c@online.de>, Serg G. Brester <serg.brester@sebres.de>
+#       made config file IPv6 capable (see new section Init?family=inet6)
+#
+# Obsolete: superseded by iptables-ipset[type=multiport]
+
+[INCLUDES]
+
+before = iptables-ipset.conf
+
+[Definition]
+
+type = multiport
diff --git a/njallavps/swag/fail2ban/action.d/iptables-ipset.conf b/njallavps/swag/fail2ban/action.d/iptables-ipset.conf
new file mode 100644
index 0000000..b44e6ec
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/iptables-ipset.conf
@@ -0,0 +1,90 @@
+# Fail2Ban configuration file
+#
+# Authors: Sergey G Brester (sebres), Daniel Black, Alexander Koeppe
+#
+# This is for ipset protocol 6 (and hopefully later) (ipset v6.14).
+# Use ipset -V to see the protocol and version. Version 4 should use
+# iptables-ipset-proto4.conf.
+#
+# This requires the program ipset which is normally in package called ipset.
+#
+# IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
+#
+# If you are running on an older kernel you make need to patch in external
+# modules.
+#
+
+[INCLUDES]
+
+before = iptables.conf
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = ipset -exist create <ipmset> hash:ip timeout <default-ipsettime> <familyopt>
+              <_ipt_add_rules>
+
+# Option:  actionflush
+# Notes.:  command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action)
+# Values:  CMD
+#
+actionflush = ipset flush <ipmset>
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = <_ipt_del_rules>
+             <actionflush>
+             ipset destroy <ipmset>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = ipset -exist add <ipmset> <ip> timeout <ipsettime>
+
+# actionprolong = %(actionban)s
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = ipset -exist del <ipmset> <ip>
+
+# Several capabilities used internaly:
+
+rule-jump = -m set --match-set <ipmset> src -j <blocktype>
+
+
+[Init]
+
+# Option: default-ipsettime
+# Notes:  specifies default timeout in seconds (handled default ipset timeout only)
+# Values:  [ NUM ]  Default: 0 (no timeout, managed by fail2ban by unban)
+default-ipsettime = 0
+
+# Option: ipsettime
+# Notes:  specifies ticket timeout (handled ipset timeout only)
+# Values:  [ NUM ]  Default: 0 (managed by fail2ban by unban)
+ipsettime = 0
+
+# expresion to caclulate timeout from bantime, example:
+# banaction = %(known/banaction)s[ipsettime='<timeout-bantime>']
+timeout-bantime = $([ "<bantime>" -le 2147483 ] && echo "<bantime>" || echo 0)
+
+ipmset = f2b-<name>
+familyopt =
+
+
+[Init?family=inet6]
+
+ipmset = f2b-<name>6
+familyopt = family inet6
diff --git a/njallavps/swag/fail2ban/action.d/iptables-multiport-log.conf b/njallavps/swag/fail2ban/action.d/iptables-multiport-log.conf
new file mode 100644
index 0000000..322a749
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/iptables-multiport-log.conf
@@ -0,0 +1,68 @@
+# Fail2Ban configuration file
+#
+# Author: Guido Bozzetto
+# Modified: Cyril Jaquier
+#
+# make "f2b-<name>" chain to match drop IP
+# make "f2b-<name>-log" chain to log and drop
+# insert a jump to f2b-<name> from -I <chain> if proto/port match
+#
+#
+
+[INCLUDES]
+
+before = iptables.conf
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = <iptables> -N f2b-<name>
+              <iptables> -A f2b-<name> -j <returntype>
+              <iptables> -I <chain> 1 -p <protocol> -m multiport --dports <port> -j f2b-<name>
+              <iptables> -N f2b-<name>-log
+              <iptables> -I f2b-<name>-log -j LOG --log-prefix "$(expr f2b-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
+              <iptables> -A f2b-<name>-log -j <blocktype>
+
+# Option:  actionflush
+# Notes.:  command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action)
+# Values:  CMD
+#
+actionflush = <iptables> -F f2b-<name>
+              <iptables> -F f2b-<name>-log
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
+             <actionflush>
+             <iptables> -X f2b-<name>
+             <iptables> -X f2b-<name>-log
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = <iptables> -n -L f2b-<name>-log >/dev/null
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = <iptables> -I f2b-<name> 1 -s <ip> -j f2b-<name>-log
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = <iptables> -D f2b-<name> -s <ip> -j f2b-<name>-log
+
+[Init]
+
diff --git a/njallavps/swag/fail2ban/action.d/iptables-multiport.conf b/njallavps/swag/fail2ban/action.d/iptables-multiport.conf
new file mode 100644
index 0000000..008208e
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/iptables-multiport.conf
@@ -0,0 +1,14 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified by Yaroslav Halchenko for multiport banning
+#
+# Obsolete: superseded by iptables[type=multiport]
+
+[INCLUDES]
+
+before = iptables.conf
+
+[Definition]
+
+type = multiport
diff --git a/njallavps/swag/fail2ban/action.d/iptables-new.conf b/njallavps/swag/fail2ban/action.d/iptables-new.conf
new file mode 100644
index 0000000..170cb93
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/iptables-new.conf
@@ -0,0 +1,15 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Copied from iptables.conf and modified by Yaroslav Halchenko 
+#  to fulfill the needs of bugreporter dbts#350746.
+#
+# Obsolete: superseded by iptables[pre-rule='-m state --state NEW<sp>']
+
+[INCLUDES]
+
+before = iptables.conf
+
+[Definition]
+
+pre-rule = -m state --state NEW<sp>
\ No newline at end of file
diff --git a/njallavps/swag/fail2ban/action.d/iptables-xt_recent-echo.conf b/njallavps/swag/fail2ban/action.d/iptables-xt_recent-echo.conf
new file mode 100644
index 0000000..c3c175b
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/iptables-xt_recent-echo.conf
@@ -0,0 +1,87 @@
+# Fail2Ban configuration file
+#
+# Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+#
+# Modified: Alexander Koeppe <format_c@online.de>, Serg G. Brester <serg.brester@sebres.de>
+#       made config file IPv6 capable
+
+[INCLUDES]
+
+before = iptables.conf
+
+[Definition]
+
+_ipt_chain_rule = -m recent --update --seconds 3600 --name <iptname> -j <blocktype>
+_ipt_for_proto-iter =
+_ipt_for_proto-done =
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+# Changing iptables rules requires root privileges. If fail2ban is
+# configured to run as root, firewall setup can be performed by
+# fail2ban automatically. However, if fail2ban is configured to run as
+# a normal user, the configuration must be done by some other means
+# (e.g. using static firewall configuration with the
+# iptables-persistent package).
+# 
+# Explanation of the rule below:
+#    Check if any packets coming from an IP on the <iptname>
+#    list have been seen in the last 3600 seconds. If yes, update the
+#    timestamp for this IP and drop the packet. If not, let the packet
+#    through.
+#
+#    Fail2ban inserts blacklisted hosts into the <iptname> list
+#    and removes them from the list after some time, according to its
+#    own rules. The 3600 second timeout is independent and acts as a
+#    safeguard in case the fail2ban process dies unexpectedly. The
+#    shorter of the two timeouts actually matters.
+actionstart = if [ `id -u` -eq 0 ];then
+              { %(_ipt_check_rule)s >/dev/null 2>&1; } || { <iptables> -I <chain> %(_ipt_chain_rule)s; }
+              fi
+
+# Option:  actionflush
+#
+# [TODO] Flushing is currently not implemented for xt_recent
+#
+actionflush = 
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = echo / > /proc/net/xt_recent/<iptname>
+             if [ `id -u` -eq 0 ];then
+             <iptables> -D <chain> %(_ipt_chain_rule)s;
+             fi
+
+# Option:  actioncheck
+# Notes.:  command executed as invariant check (error by ban)
+# Values:  CMD
+#
+actioncheck = { <iptables> -C <chain> %(_ipt_chain_rule)s; } && test -e /proc/net/xt_recent/<iptname>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = echo +<ip> > /proc/net/xt_recent/<iptname>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = echo -<ip> > /proc/net/xt_recent/<iptname>
+
+[Init]
+
+iptname = f2b-<name>
+
+[Init?family=inet6]
+
+iptname = f2b-<name>6
diff --git a/njallavps/swag/fail2ban/action.d/iptables.conf b/njallavps/swag/fail2ban/action.d/iptables.conf
new file mode 100644
index 0000000..67d496f
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/iptables.conf
@@ -0,0 +1,162 @@
+# Fail2Ban configuration file
+#
+# Authors: Sergey G. Brester (sebres), Cyril Jaquier, Daniel Black, 
+#          Yaroslav O. Halchenko, Alexander Koeppe et al.
+#
+
+[Definition]
+
+# Option:  type
+# Notes.:  type of the action.
+# Values:  [ oneport | multiport | allports ]  Default: oneport
+#
+type = oneport
+
+# Option:  actionflush
+# Notes.:  command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action)
+# Values:  CMD
+#
+actionflush = <iptables> -F f2b-<name>
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = { <iptables> -C f2b-<name> -j <returntype> >/dev/null 2>&1; } || { <iptables> -N f2b-<name> || true; <iptables> -A f2b-<name> -j <returntype>; }
+              <_ipt_add_rules>
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = <_ipt_del_rules>
+             <actionflush>
+             <iptables> -X f2b-<name>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = <_ipt_check_rules>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
+
+# Option:  pre-rule
+# Notes.:  prefix parameter(s) inserted to the begin of rule. No default (empty)
+#
+pre-rule =
+
+rule-jump = -j <_ipt_rule_target>
+
+# Several capabilities used internaly:
+
+_ipt_for_proto-iter = for proto in $(echo '<protocol>' | sed 's/,/ /g'); do
+_ipt_for_proto-done = done
+
+_ipt_add_rules = <_ipt_for_proto-iter>
+              { %(_ipt_check_rule)s >/dev/null 2>&1; } || { <iptables> -I <chain> %(_ipt_chain_rule)s; }
+              <_ipt_for_proto-done>
+
+_ipt_del_rules = <_ipt_for_proto-iter>
+              <iptables> -D <chain> %(_ipt_chain_rule)s
+              <_ipt_for_proto-done>
+
+_ipt_check_rules = <_ipt_for_proto-iter>
+              %(_ipt_check_rule)s
+              <_ipt_for_proto-done>
+
+_ipt_chain_rule = <pre-rule><ipt_<type>/_chain_rule>
+_ipt_check_rule = <iptables> -C <chain> %(_ipt_chain_rule)s
+_ipt_rule_target = f2b-<name>
+
+[ipt_oneport]
+
+_chain_rule = -p $proto --dport <port> <rule-jump>
+
+[ipt_multiport]
+
+_chain_rule = -p $proto -m multiport --dports <port> <rule-jump>
+
+[ipt_allports]
+
+_chain_rule = -p $proto <rule-jump>
+
+
+[Init]
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the Fail2Ban rules should be
+#          added
+# Values:  STRING  Default: INPUT
+chain = INPUT
+
+# Default name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
+# Option:  blocktype
+# Note:    This is what the action does with rules. This can be any jump target
+#          as per the iptables man page (section 8). Common values are DROP
+#          REJECT, REJECT --reject-with icmp-port-unreachable
+# Values:  STRING
+blocktype = REJECT --reject-with icmp-port-unreachable
+
+# Option:  returntype
+# Note:    This is the default rule on "actionstart". This should be RETURN
+#          in all (blocking) actions, except REJECT in allowing actions.
+# Values:  STRING
+returntype = RETURN
+
+# Option:  lockingopt
+# Notes.:  Option was introduced to iptables to prevent multiple instances from
+#          running concurrently and causing irratic behavior.  -w was introduced
+#          in iptables 1.4.20, so might be absent on older systems
+#          See https://github.com/fail2ban/fail2ban/issues/1122
+# Values:  STRING
+lockingopt = -w
+
+# Option:  iptables
+# Notes.:  Actual command to be executed, including common to all calls options
+# Values:  STRING
+iptables = iptables <lockingopt>
+
+
+[Init?family=inet6]
+
+# Option:  blocktype (ipv6)
+# Note:    This is what the action does with rules. This can be any jump target
+#          as per the iptables man page (section 8). Common values are DROP
+#          REJECT, REJECT --reject-with icmp6-port-unreachable
+# Values:  STRING
+blocktype = REJECT --reject-with icmp6-port-unreachable
+
+# Option:  iptables (ipv6)
+# Notes.:  Actual command to be executed, including common to all calls options
+# Values:  STRING
+iptables = ip6tables <lockingopt>
diff --git a/njallavps/swag/fail2ban/action.d/ipthreat.conf b/njallavps/swag/fail2ban/action.d/ipthreat.conf
new file mode 100644
index 0000000..193a60f
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/ipthreat.conf
@@ -0,0 +1,107 @@
+# IPThreat configuration file
+#
+# Added to fail2ban by Jeff Johnson (jjxtra)
+#
+# Action to report IP address to ipthreat.net
+#
+# You must sign up to obtain an API key from ipthreat.net and request bulk report permissions
+# https://ipthreat.net/integrations
+#
+# IPThreat is a 100% free site and service, all data is licensed under a creative commons by attribution license
+# Please do not integrate if you do not agree to the license
+#
+# IMPORTANT:
+#
+# Reporting an IP is a serious action. Make sure that it is legit.
+# Consider using this action only for:
+#   * IP that has been banned more than once
+#   * High max retry to avoid user mis-typing password
+#   * Filters that are unlikely to be human error
+#
+# Example:
+# ```
+#   action = %(known/action)s
+#            ipthreat[]
+# ```
+#
+# The action accepts the following arguments: ipthreat[ipthreat_flags="8",ipthreat_system="SSH", ipthreat_apikey=...]
+# In most cases your action could be as simple as: ipthreat[], since the default flags and system are set to the most correct default values.
+# You can optionally override ipthreat_system and ipthreat_flags if desired.
+# The ipthreat_apikey must be set at the bottom of this configuration file.
+#
+# `ipthreat_system` is a short name of the system attacked, i.e. SSH, SMTP, MYSQL, PHP, etc.
+#
+# For `ipthreat_flags`, most cases will use 8 (BruteForce) which is the default, but you could use others.
+# You can use the name or the ordinal.
+# Multiple values are comma separated.
+# ```
+# Name           Ordinal Description
+# Dns            1       Abuse/attack of dns (domain name server)
+# Fraud          2       General fraud, whether orders, misuse of payment info, etc
+# DDos           4       Distributed denial of service attack, whether through http requests, large ping attack, etc
+# BruteForce     8       Brute force login attack
+# Proxy          16      IP is a proxy like TOR or other proxy server
+# Spam           32      Email, comment or other type of spam
+# Vpn            64      IP is part of a VPN
+# Hacking        128     General hacking outside of brute force attack (includes vulnerability scans, sql injection, etc.). Use port scan flag instead if it's just probe on ports.
+# BadBot         256     Bad bot that is not honoring robots.txt or just flooding with too many requests, etc
+# Compromised    512     The ip has been taken over by malware or botnet
+# Phishing       1024    The ip is involved in phishing or spoofing
+# Iot            2048    The ip has targetted an iot (Internet of Things) device
+# PortScan       4096    Port scan
+# See https://ipthreat.net/bulkreportformat for more information
+# ```
+
+[Definition]
+
+# bypass action for restored tickets
+norestored = 1
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+#
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: <ipthreat_apikey>" -d "{\"ip\":\"<ip>\",\"flags\":\"<ipthreat_flags>\",\"system\":\"<ipthreat_system>\",\"notes\":\"fail2ban\"}"
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban =
+
+[Init]
+# Option:  ipthreat_apikey
+# Notes    Your API key from ipthreat.net
+# Values:  STRING Default: None
+# Register for ipthreat [https://ipthreat.net], get api key and set below.
+# You will need to set the flags and system in the action call in jail.conf
+ipthreat_apikey =
+
+# By default, the ipthreat system is the name of the fail2ban jail
+ipthreat_system = <name>
+
+# By default the ip threat flags is 8 (brute force), but you can override this per jail if desired
+ipthreat_flags = 8
\ No newline at end of file
diff --git a/njallavps/swag/fail2ban/action.d/mail-buffered.conf b/njallavps/swag/fail2ban/action.d/mail-buffered.conf
new file mode 100644
index 0000000..79b8410
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/mail-buffered.conf
@@ -0,0 +1,86 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = printf %%b "Hi,\n
+              The jail <name> has been started successfully.\n
+              Output will be buffered until <lines> lines are available.\n
+              Regards,\n
+              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = if [ -f <tmpfile> ]; then
+                 printf %%b "Hi,\n
+                 These hosts have been banned by Fail2Ban.\n
+                 `cat <tmpfile>`
+                 Regards,\n
+                 Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
+                 rm <tmpfile>
+             fi
+             printf %%b "Hi,\n
+             The jail <name> has been stopped.\n
+             Regards,\n
+             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
+            LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
+            if [ $LINE -ge <lines> ]; then
+                printf %%b "Hi,\n
+                These hosts have been banned by Fail2Ban.\n
+                `cat <tmpfile>`
+                \nRegards,\n
+                Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest>
+                rm <tmpfile>
+            fi
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = 
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Default number of lines that are buffered
+#
+lines = 5
+
+# Default temporary file
+#
+tmpfile = /var/run/fail2ban/tmp-mail.txt
+
+# Destination/Addressee of the mail
+#
+dest = root
diff --git a/njallavps/swag/fail2ban/action.d/mail-whois-common.conf b/njallavps/swag/fail2ban/action.d/mail-whois-common.conf
new file mode 100644
index 0000000..ecf3a5d
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/mail-whois-common.conf
@@ -0,0 +1,28 @@
+# Fail2Ban configuration file
+#
+# Common settings for mail actions
+#
+# Users can override the defaults in mail-whois-common.local
+
+[INCLUDES]
+
+# Load customizations if any available
+after = mail-whois-common.local
+
+[DEFAULT]
+#original character set of whois output will be sent to mail program
+_whois = whois <ip> || echo "missing whois program"
+
+# use heuristics to convert charset of whois output to a target
+# character set before sending it to a mail program
+# make sure you have 'file' and 'iconv' commands installed when opting for that
+_whois_target_charset = UTF-8
+_whois_convert_charset = (%(_whois)s) |
+                         { WHOIS_OUTPUT=$(cat) ; WHOIS_CHARSET=$(printf %%b "$WHOIS_OUTPUT" | file -b --mime-encoding -) ; printf %%b "$WHOIS_OUTPUT" | iconv -f $WHOIS_CHARSET -t %(_whois_target_charset)s//TRANSLIT - ; }
+
+# choose between _whois and _whois_convert_charset in mail-whois-common.local
+# or other *.local which include mail-whois-common.conf.
+_whois_command = %(_whois)s
+#_whois_command = %(_whois_convert_charset)s
+
+[Init]
diff --git a/njallavps/swag/fail2ban/action.d/mail-whois-lines.conf b/njallavps/swag/fail2ban/action.d/mail-whois-lines.conf
new file mode 100644
index 0000000..d2818cb
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/mail-whois-lines.conf
@@ -0,0 +1,92 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified-By: Yaroslav Halchenko to include grepping on IP over log files
+#
+
+[INCLUDES]
+
+before = mail-whois-common.conf
+         helpers-common.conf
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = printf %%b "Hi,\n
+              The jail <name> has been started successfully.\n
+              Regards,\n
+              Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = printf %%b "Hi,\n
+             The jail <name> has been stopped.\n
+             Regards,\n
+             Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+
+_ban_mail_content = ( printf %%b "Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n\n
+            Here is more information about <ip> :\n"
+            %(_whois_command)s;
+            printf %%b "\nLines containing failures of <ip> (max <grepmax>)\n";
+            %(_grep_logs)s;
+            printf %%b "\n
+            Regards,\n
+            Fail2Ban" )
+
+actionban = %(_ban_mail_content)s | <mailcmd> "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = 
+
+[Init]
+
+# Option:  mailcmd
+# Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+# Values:  CMD
+#
+mailcmd = mail -E 'set escape' -s
+
+# Default name of the chain
+#
+name = default
+
+# Destinataire of the mail
+#
+dest = root
+
+# Path to the log files which contain relevant lines for the abuser IP
+#
+logpath = /dev/null
+
+# Number of log lines to include in the email
+#
+#grepmax = 1000
+#grepopts = -m <grepmax>
diff --git a/njallavps/swag/fail2ban/action.d/mail-whois.conf b/njallavps/swag/fail2ban/action.d/mail-whois.conf
new file mode 100644
index 0000000..ab33b61
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/mail-whois.conf
@@ -0,0 +1,71 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+
+[INCLUDES]
+
+before = mail-whois-common.conf
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = printf %%b "Hi,\n
+              The jail <name> has been started successfully.\n
+              Regards,\n
+              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = printf %%b "Hi,\n
+             The jail <name> has been stopped.\n
+             Regards,\n
+             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n\n
+            Here is more information about <ip> :\n
+            `%(_whois_command)s`\n
+            Regards,\n
+            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = 
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Destination/Addressee of the mail
+#
+dest = root
+
diff --git a/njallavps/swag/fail2ban/action.d/mail.conf b/njallavps/swag/fail2ban/action.d/mail.conf
new file mode 100644
index 0000000..f4838dd
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/mail.conf
@@ -0,0 +1,65 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = printf %%b "Hi,\n
+              The jail <name> has been started successfully.\n
+              Regards,\n
+              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = printf %%b "Hi,\n
+             The jail <name> has been stopped.\n
+             Regards,\n
+             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n
+            Regards,\n
+            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = 
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Destination/Addressee of the mail
+#
+dest = root
+
diff --git a/njallavps/swag/fail2ban/action.d/mynetwatchman.conf b/njallavps/swag/fail2ban/action.d/mynetwatchman.conf
new file mode 100644
index 0000000..b0ab2cc
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/mynetwatchman.conf
@@ -0,0 +1,143 @@
+# Fail2Ban configuration file
+#
+# Author: Russell Odom <russ@gloomytrousers.co.uk>
+# Submits attack reports to myNetWatchman (http://www.mynetwatchman.com/)
+#
+# You MUST configure at least:
+# <port> (the port that's being attacked - use number not name).
+# <mnwlogin> (your mNW login).
+# <mnwpass> (your mNW password).
+#
+# You SHOULD also provide:
+# <myip> (your public IP address, if it's not the address of eth0)
+# <protocol> (the protocol in use - defaults to tcp)
+#
+# Best practice is to provide <port> and <protocol> in jail.conf like this:
+# action = mynetwatchman[port=1234,protocol=udp]
+#
+# ...and create "mynetwatchman.local" with contents something like this:
+# [Init]
+# mnwlogin = me@example.com
+# mnwpass = SECRET
+# myip = 10.0.0.1
+#
+# Another useful configuration value is <getcmd>, if you don't have wget
+# installed (an example config for curl is given below)
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+#
+# Note: We are currently using <time> for the timestamp because no tag is
+# available to indicate the timestamp of the log message(s) which triggered the
+# ban. Therefore the timestamps we are using in the report, whilst often only a
+# few seconds out, are incorrect. See
+# http://sourceforge.net/tracker/index.php?func=detail&aid=2017795&group_id=121032&atid=689047
+#
+actionban = MNWLOGIN=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwlogin>'`
+            MNWPASS=`perl -e '$s=shift;$s=~s/([\W])/"%%".uc(sprintf("%%2.2x",ord($1)))/eg;print $s' '<mnwpass>'`
+	    PROTOCOL=`awk '{IGNORECASE=1;if($1=="<protocol>"){print $2;exit}}' /etc/protocols`
+	    if [ -z "$PROTOCOL" ]; then PROTOCOL=<protocol>; fi
+	    DATETIME=`perl -e '@t=gmtime(<time>);printf "%%4d-%%02d-%%02d+%%02d:%%02d:%%02d",1900+$t[5],$t[4]+1,$t[3],$t[2],$t[1],$t[0]'`
+            <getcmd> "<mnwurl>?AT=2&AV=0&AgentEmail=$MNWLOGIN&AgentPassword=$MNWPASS&AttackerIP=<ip>&SrcPort=<srcport>&ProtocolID=$PROTOCOL&DestPort=<port>&AttackCount=<failures>&VictimIP=<myip>&AttackDateTime=$DATETIME" 2>&1 >> <tmpfile>.out && grep -q 'Attack Report Insert Successful' <tmpfile>.out && rm -f <tmpfile>.out
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban =
+
+[Init]
+# Option:  port
+# Notes.:  The target port for the attack (numerical). MUST be provided in
+#          the jail config, as it cannot be detected here.
+# Values:  [ NUM ]  Default: ???
+#
+port = 0
+
+# Option:  mnwlogin
+# Notes.:  Your mNW login e-mail address. MUST be provided either in the jail
+#          config or in a .local file.
+#          Register at http://www.mynetwatchman.com/reg.asp
+# Values:  [ STRING ]  Default: (empty)
+#
+mnwlogin =
+
+# Option:  mnwpass
+# Notes.:  The password corresponding to your mNW login e-mail address. MUST be
+#          provided either in the jail config or in a .local file.
+# Values:  [ STRING ]  Default: (empty)
+#
+mnwpass =
+
+# Option:  myip
+# Notes.:  The target IP for the attack (your public IP). Should be overridden
+#          either in the jail config or in a .local file unless your PUBLIC IP
+#          is the first IP assigned to eth0
+# Values:  [ an IP address ]  Default: Tries to find the IP address of eth0,
+#          which in most cases will be a private IP, and therefore incorrect
+#
+myip = `ip -4 addr show dev eth0 | grep inet | head -n 1 | sed -r 's/.*inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/\1/'`
+
+# Option:  protocol
+# Notes.:  The protocol over which the attack is happening
+# Values:  [ tcp | udp | icmp | (any other protocol name from /etc/protocols) | NUM ] Default: tcp
+#
+protocol = tcp
+
+# Option:  agent
+# Default: Fail2ban
+agent = Fail2ban
+
+# Option:  getcmd
+# Notes.:  A command to fetch a URL. Should output page to STDOUT
+# Values:  CMD  Default: wget
+#
+getcmd = wget --no-verbose --tries=3 --waitretry=10 --connect-timeout=10 --read-timeout=60 --retry-connrefused --output-document=- --user-agent=<agent>
+# Alternative value:
+# getcmd = curl --silent --show-error --retry 3 --connect-timeout 10 --max-time 60 --user-agent <agent>
+
+# Option:  srcport
+# Notes.:  The source port of the attack. You're unlikely to have this info, so
+#          you can leave the default
+# Values:  [ NUM ]  Default: 0
+#
+srcport = 0
+
+# Option:  mnwurl
+# Notes.:  The report service URL on the mNW site
+# Values:  STRING  Default: http://mynetwatchman.com/insertwebreport.asp
+#
+mnwurl = http://mynetwatchman.com/insertwebreport.asp
+
+# Option:  tmpfile
+# Notes.:  Base name of temporary files
+# Values:  [ STRING ]  Default: /var/run/fail2ban/tmp-mynetwatchman
+#
+tmpfile = /var/run/fail2ban/tmp-mynetwatchman
diff --git a/njallavps/swag/fail2ban/action.d/netscaler.conf b/njallavps/swag/fail2ban/action.d/netscaler.conf
new file mode 100644
index 0000000..87f7e7b
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/netscaler.conf
@@ -0,0 +1,33 @@
+# Fail2ban Citrix Netscaler Action
+# by Juliano Jeziorny
+# juliano@jeziorny.eu
+#
+# The script will add offender IPs to a dataset on netscaler, the dataset can then be used to block the IPs at a cs/vserver or global level
+# This dataset is then used to block IPs using responder policies on the netscaler.
+# 
+# The script assumes using HTTPS with unsecure certificate to access the netscaler, 
+# if you have a valid certificate installed remove the -k from the curl lines, or if you want http change it accordingly (and remove the -k)
+# 
+# This action depends on curl
+#
+# You need to populate the 3 options inside Init
+#
+# ns_host: IP or hostname of netslcaer appliance
+# ns_auth: username:password, suggest base64 encoded for a little added security (echo -n "username:password" | base64)
+# ns_dataset:  Name of the netscaler dataset holding the IPs to be blocked.
+# 
+# For further details on how to use it please check http://blog.ckzone.eu/2017/01/fail2ban-action-for-citrix-netscaler.html
+
+[Init]
+ns_host = 
+ns_auth = 
+ns_dataset = 
+
+[Definition]
+actionstart = curl -kH 'Authorization: Basic <ns_auth>' https://<ns_host>/nitro/v1/config
+
+actioncheck = 
+
+actionban = curl -k -H 'Authorization: Basic <ns_auth>' -X PUT -d '{"policydataset_value_binding":{"name":"<ns_dataset>","value":"<ip>"}}' https://<ns_host>/nitro/v1/config/
+
+actionunban = curl -H 'Authorization: Basic <ns_auth>' -X DELETE -k "https://<ns_host>/nitro/v1/config/policydataset_value_binding/<ns_dataset>?args=value:<ip>"
diff --git a/njallavps/swag/fail2ban/action.d/nftables-allports.conf b/njallavps/swag/fail2ban/action.d/nftables-allports.conf
new file mode 100644
index 0000000..908abe4
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/nftables-allports.conf
@@ -0,0 +1,17 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified: Yaroslav O. Halchenko <debian@onerussian.com>
+# 			made active on all ports from original iptables.conf
+# Modified: Alexander Belykh <albel727@ngs.ru>
+#                       adapted for nftables
+#
+# Obsolete: superseded by nftables[type=allports]
+
+[INCLUDES]
+
+before = nftables.conf
+
+[Definition]
+
+type = allports
diff --git a/njallavps/swag/fail2ban/action.d/nftables-multiport.conf b/njallavps/swag/fail2ban/action.d/nftables-multiport.conf
new file mode 100644
index 0000000..ba3ec92
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/nftables-multiport.conf
@@ -0,0 +1,17 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified: Yaroslav O. Halchenko <debian@onerussian.com>
+# 			made active on all ports from original iptables.conf
+# Modified: Alexander Belykh <albel727@ngs.ru>
+#                       adapted for nftables
+#
+# Obsolete: superseded by nftables[type=multiport]
+
+[INCLUDES]
+
+before = nftables.conf
+
+[Definition]
+
+type = multiport
\ No newline at end of file
diff --git a/njallavps/swag/fail2ban/action.d/nftables.conf b/njallavps/swag/fail2ban/action.d/nftables.conf
new file mode 100644
index 0000000..77cf366
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/nftables.conf
@@ -0,0 +1,203 @@
+# Fail2Ban configuration file
+#
+# Author: Daniel Black
+# Author: Cyril Jaquier
+# Modified: Yaroslav O. Halchenko <debian@onerussian.com>
+# 			made active on all ports from original iptables.conf
+# Modified: Alexander Belykh <albel727@ngs.ru>
+#                       adapted for nftables
+#
+# This is a included configuration file and includes the definitions for the nftables
+# used in all nftables based actions by default.
+#
+# The user can override the defaults in nftables-common.local
+# Example: redirect flow to honeypot
+#
+# [Init]
+# table_family = ip
+# chain_type = nat
+# chain_hook = prerouting
+# chain_priority = -50
+# blocktype = counter redirect to 2222
+
+[INCLUDES]
+
+after = nftables-common.local
+
+[Definition]
+
+# Option:  type
+# Notes.:  type of the action.
+# Values:  [ multiport | allports ]  Default: multiport
+#
+type = multiport
+
+rule_match-custom =
+rule_match-allports = meta l4proto \{ <protocol> \}
+rule_match-multiport = $proto dport \{ $(echo '<port>' | sed s/:/-/g) \}
+match = <rule_match-<type>>
+
+# Option:  rule_stat
+# Notes.:  statement for nftables filter rule.
+#          leaving it empty will block all (include udp and icmp)
+# Values:  nftables statement
+#
+rule_stat = %(match)s <addr_family> saddr @<addr_set> <blocktype>
+
+# optional interator over protocol's:
+_nft_for_proto-custom-iter =
+_nft_for_proto-custom-done =
+_nft_for_proto-allports-iter =
+_nft_for_proto-allports-done =
+_nft_for_proto-multiport-iter = for proto in $(echo '<protocol>' | sed 's/,/ /g'); do
+_nft_for_proto-multiport-done = done
+
+_nft_list = <nftables> -a list chain <table_family> <table> <chain>
+_nft_get_handle_id = grep -oP '@<addr_set>\s+.*\s+\Khandle\s+(\d+)$'
+
+_nft_add_set = <nftables> add set <table_family> <table> <addr_set> \{ type <addr_type>\; \}
+              <_nft_for_proto-<type>-iter>
+              <nftables> add rule <table_family> <table> <chain> %(rule_stat)s
+              <_nft_for_proto-<type>-done>
+_nft_del_set = { %(_nft_list)s | %(_nft_get_handle_id)s; } | while read -r hdl; do
+               <nftables> delete rule <table_family> <table> <chain> $hdl; done
+              <nftables> delete set <table_family> <table> <addr_set>
+
+# Option:  _nft_shutdown_table
+# Notes.:  command executed after the stop in order to delete table (it checks that no sets are available):
+# Values:  CMD
+#
+_nft_shutdown_table = { <nftables> list table <table_family> <table> | grep -qP '^\s+set\s+'; } || {
+                        <nftables> delete table <table_family> <table>
+                      }
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = <nftables> add table <table_family> <table>
+              <nftables> -- add chain <table_family> <table> <chain> \{ type <chain_type> hook <chain_hook> priority <chain_priority> \; \}
+              %(_nft_add_set)s
+
+# Option:  actionflush
+# Notes.:  command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action);
+#          uses `nft flush set ...` and as fallback (e. g. unsupported) recreates the set (with references)
+# Values:  CMD
+#
+actionflush = { <nftables> flush set <table_family> <table> <addr_set> 2> /dev/null; } || {
+              %(_nft_del_set)s
+              %(_nft_add_set)s
+              }
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = %(_nft_del_set)s
+             <_nft_shutdown_table>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = <nftables> list chain <table_family> <table> <chain> | grep -q '@<addr_set>[ \t]'
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = <nftables> add element <table_family> <table> <addr_set> \{ <ip> \}
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = <nftables> delete element <table_family> <table> <addr_set> \{ <ip> \}
+
+[Init]
+
+# Option:  table
+# Notes.:  main table to store chain and sets (automatically created on demand)
+# Values:  STRING  Default: f2b-table
+table = f2b-table
+
+# Option:  table_family
+# Notes.:  address family to work in
+# Values:  [ip | ip6 | inet]  Default: inet
+table_family = inet
+
+# Option:  chain
+# Notes.:  main chain to store rules
+# Values:  STRING  Default: f2b-chain
+chain = f2b-chain
+
+# Option:  chain_type
+# Notes.:  refers to the kind of chain to be created
+# Values:  [filter | route | nat]  Default: filter
+#
+chain_type = filter
+
+# Option:  chain_hook
+# Notes.:  refers to the kind of chain to be created
+# Values:  [ prerouting | input | forward | output | postrouting ]  Default: input
+#
+chain_hook = input
+
+# Option:  chain_priority
+# Notes.:  priority in the chain.
+# Values:  NUMBER  Default: -1
+#
+chain_priority = -1
+
+# Option:  addr_type
+# Notes.:  address type to work with
+# Values:  [ipv4_addr | ipv6_addr]  Default: ipv4_addr
+#
+addr_type = ipv4_addr
+
+# Default name of the filtering set
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp ] Default: tcp
+#
+protocol = tcp
+
+# Option:  blocktype
+# Note:    This is what the action does with rules. This can be any jump target
+#          as per the nftables man page (section 8). Common values are drop,
+#          reject, reject with icmpx type host-unreachable, redirect to 2222
+# Values:  STRING
+blocktype = reject
+
+# Option:  nftables
+# Notes.:  Actual command to be executed, including common to all calls options
+# Values:  STRING
+nftables = nft
+
+# Option: addr_set
+# Notes.: The name of the nft set used to store banned addresses
+# Values: STRING
+addr_set = addr-set-<name>
+
+# Option: addr_family
+# Notes.: The family of the banned addresses
+# Values: [ ip | ip6 ]
+addr_family = ip
+
+[Init?family=inet6]
+addr_family = ip6
+addr_type = ipv6_addr
+addr_set = addr6-set-<name>
diff --git a/njallavps/swag/fail2ban/action.d/nginx-block-map.conf b/njallavps/swag/fail2ban/action.d/nginx-block-map.conf
new file mode 100644
index 0000000..0de382b
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/nginx-block-map.conf
@@ -0,0 +1,117 @@
+# Fail2Ban configuration file for black-listing via nginx
+#
+# Author: Serg G. Brester (aka sebres)
+#
+# To use 'nginx-block-map' action you should define some special blocks in your nginx configuration,
+# and use it hereafter in your locations (to notify fail2ban by failure, resp. nginx by ban).
+#
+# Example (argument "token_id" resp. cookie "session_id" used here as unique identifier for user):
+#
+#   http {
+#     ...
+#     # maps to check user is blacklisted (banned in f2b):
+#     #map $arg_token_id      $blck_lst_tok { include blacklisted-tokens.map; }
+#     map  $cookie_session_id $blck_lst_ses { include blacklisted-sessions.map; }
+#     ...
+#     # special log-format to notify fail2ban about failures:
+#     log_format f2b_session_errors '$msec failure "$cookie_session_id" - $remote_addr - $remote_user '
+#      ;#                  '"$request" $status $bytes_sent '
+#       #                  '"$http_referer" "$http_user_agent"';
+#
+#     # location checking blacklisted values:
+#     location ... {
+#       # check banned sessionid:
+#       if ($blck_lst_ses != "") {
+#         try_files "" @f2b-banned;
+#       }
+#       ...
+#       # notify fail2ban about a failure inside nginx:
+#       error_page 401 = @notify-f2b;
+#       ...
+#     }
+#     ...
+#     # location for return with "403 Forbidden" if banned:
+#     location @f2b-banned {
+#       default_type text/html;
+#       return 403 "<br/><center>
+#         <b style=\"color:red; font-size:18pt; border:2pt solid black; padding:5pt;\">
+#         You are banned!</b></center>";
+#     }
+#     ...
+#     # location to notify fail2ban about a failure inside nginx:
+#     location @notify-f2b {
+#       access_log /var/log/nginx/f2b-auth-errors.log f2b_session_errors;
+#     }
+#   }
+#   ...
+#
+# Note that quote-character (and possibly other special characters) are not allowed currently as session-id.
+# Thus please add any session-id validation rule in your locations (or in the corresponding backend-service), 
+# like in example below:
+#
+#   location ... {
+#     if ($cookie_session_id !~ "^[\w\-]+$") {
+#       return  403 "Wrong session-id"
+#     }
+#     ...
+#   }
+#
+# The parameters for jail corresponding log-format (f2b_session_errors):
+#
+#   [nginx-blck-lst]
+#   filter =
+#   datepattern = ^Epoch
+#   failregex = ^ failure "<F-ID>[^"]+</F-ID>" - <ADDR>
+#   usedns = no
+#
+# The same log-file can be used for IP-related jail (additionally to session-related, to ban very bad IPs):
+#
+#   [nginx-blck-ip]
+#   maxretry = 100
+#   filter =
+#   datepattern = ^Epoch
+#   failregex = ^ failure "[^"]+" - <ADDR>
+#   usedns = no
+#
+
+[Definition]
+
+# path to configuration of nginx (used to target nginx-instance in multi-instance system,
+# and as path for the blacklisted map):
+srv_cfg_path = /etc/nginx/
+
+# cmd-line arguments to supply to test/reload nginx:
+#srv_cmd = nginx -c %(srv_cfg_path)s/nginx.conf
+srv_cmd = nginx
+
+# pid file (used to check nginx is running):
+srv_pid = /run/nginx.pid
+
+# command used to check whether nginx is running and configuration is valid:
+srv_is_running = [ -f "%(srv_pid)s" ]
+srv_check_cmd = %(srv_is_running)s && %(srv_cmd)s -qt
+
+# first test nginx is running and configuration is correct, hereafter send reload signal:
+blck_lst_reload = %(srv_check_cmd)s; if [ $? -eq 0 ]; then
+                    %(srv_cmd)s -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;
+                  fi;
+
+# map-file for nginx, can be redefined using `action = nginx-block-map[blck_lst_file="/path/file.map"]`:
+blck_lst_file = %(srv_cfg_path)s/blacklisted-sessions.map
+
+# Action definition:
+
+actionstart_on_demand = false
+actionstart = touch '%(blck_lst_file)s'
+
+actionflush = truncate -s 0 '%(blck_lst_file)s'; %(blck_lst_reload)s
+
+actionstop = %(actionflush)s
+
+actioncheck = 
+
+_echo_blck_row = printf '\%%s 1;\n' "<fid>"
+
+actionban = %(_echo_blck_row)s >> '%(blck_lst_file)s'; %(blck_lst_reload)s
+
+actionunban = id=$(%(_echo_blck_row)s | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" %(blck_lst_file)s; %(blck_lst_reload)s
diff --git a/njallavps/swag/fail2ban/action.d/npf.conf b/njallavps/swag/fail2ban/action.d/npf.conf
new file mode 100644
index 0000000..3bbb2f5
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/npf.conf
@@ -0,0 +1,61 @@
+# Fail2Ban configuration file
+#
+# NetBSD npf ban/unban
+#
+# Author: Nils Ratusznik <nils@NetBSD.org>
+# Based on pf.conf action file
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+# we don't enable NPF automatically, as it will be enabled elsewhere
+actionstart = 
+
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+# we don't disable NPF automatically either
+actionstop = 
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = /sbin/npfctl table <tablename> add <ip>
+
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+# note -r option used to remove matching rule
+actionunban = /sbin/npfctl table <tablename> rem <ip>
+
+[Init]
+# Option:  tablename
+# Notes.:  The pf table name.
+# Values:  [ STRING ]
+#
+tablename = fail2ban
diff --git a/njallavps/swag/fail2ban/action.d/nsupdate.conf b/njallavps/swag/fail2ban/action.d/nsupdate.conf
new file mode 100644
index 0000000..ef56c6b
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/nsupdate.conf
@@ -0,0 +1,114 @@
+# Fail2Ban configuration file
+#
+# Author: Andrew St. Jean
+#
+# Use nsupdate to perform dynamic DNS updates on a BIND zone file.
+# One may want to do this to update a local RBL with banned IP addresses.
+#
+# Options
+#
+# domain	DNS domain that will appear in nsupdate add and delete
+#		commands.
+#
+# ttl		The time to live (TTL) in seconds of the TXT resource
+#		record.
+#
+# rdata		Data portion of the TXT resource record.
+#
+# nsupdatecmd	Full path to the nsupdate command.
+#
+# keyfile	Full path to TSIG key file used for authentication between
+#		nsupdate and BIND.
+#
+# Create an nsupdate.local to set at least the <domain> and <keyfile>
+# options as they don't have default values.
+#
+# The ban and unban commands assume nsupdate will authenticate to the BIND
+# server using a TSIG key. The full path to the key file must be specified
+# in the <keyfile> parameter. Use this command to generate your TSIG key.
+#
+# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST <key_name>
+#
+# Replace <key_name> with some meaningful name.
+#
+# This command will generate two files. Specify the .private file in the
+# <keyfile> option. Note that the .key file must also be present in the same
+# directory for nsupdate to use the key.
+#
+# Don't forget to add the key and appropriate allow-update or update-policy
+# option to your named.conf file.
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart =
+
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop =
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = echo <ip> | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1".<domain> TXT"; print "update add "$4"."$3"."$2"."$1".<domain> <ttl> IN TXT \"<rdata>\""; print "send"}' | <nsupdatecmd> -k <keyfile>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = echo <ip> | awk -F. '{print "update delete "$4"."$3"."$2"."$1".<domain>"; print "send"}' | <nsupdatecmd> -k <keyfile>
+
+[Init]
+
+# Option:  domain
+# Notes.:  DNS domain that nsupdate will update.
+# Values:  STRING
+#
+domain = 
+
+# Option:  ttl
+# Notes.:  time to live (TTL) in seconds of TXT resource record
+#          added by nsupdate.
+# Values:  NUM
+#
+ttl = 60
+
+# Option:  rdata
+# Notes.:  data portion of the TXT resource record added by nsupdate.
+# Values:  STRING
+#
+rdata = Your IP has been banned
+
+# Option:  nsupdatecmd
+# Notes.:  specifies the full path to the nsupdate program that dynamically
+#          updates BIND zone files.
+# Values:  CMD
+#
+nsupdatecmd = /usr/bin/nsupdate
+
+# Option:  keyfile
+# Notes.:  specifies the full path to the file containing the
+#	   TSIG key for communicating with BIND.
+# Values:  STRING
+#
+keyfile = 
+
diff --git a/njallavps/swag/fail2ban/action.d/osx-afctl.conf b/njallavps/swag/fail2ban/action.d/osx-afctl.conf
new file mode 100644
index 0000000..a75e572
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/osx-afctl.conf
@@ -0,0 +1,16 @@
+# Fail2Ban configuration file for using afctl on Mac OS X Server 10.5
+#
+# Anonymous author
+# http://www.fail2ban.org/wiki/index.php?title=HOWTO_Mac_OS_X_Server_(10.5)&diff=prev&oldid=4081
+#
+# Ref: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/afctl.8.html
+
+[Definition]
+actionstart = 
+actionstop = 
+actioncheck = 
+actionban = /usr/libexec/afctl -a <ip> -t <bantime>
+actionunban = /usr/libexec/afctl -r <ip>
+
+actionprolong = %(actionunban)s && %(actionban)s
+
diff --git a/njallavps/swag/fail2ban/action.d/osx-ipfw.conf b/njallavps/swag/fail2ban/action.d/osx-ipfw.conf
new file mode 100644
index 0000000..6ff6afd
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/osx-ipfw.conf
@@ -0,0 +1,87 @@
+# Fail2Ban configuration file
+#
+# Author: Nick Munger
+# Modified by: Andy Fragen and Daniel Black
+#
+# Mod for OS X, using random rulenum as OSX ipfw doesn't include tables
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = 
+
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = 
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+# Values:  CMD
+#
+actionban = ipfw add <rulenum> set <setnum> <blocktype> log <block> from <ip> to <dst> <port>
+
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+# Values:  CMD
+#
+actionunban = ipfw delete `ipfw -S list | grep -i 'set <setnum> <blocktype> log <block> from <ip> to <dst>' | awk '{print $1;}'`
+
+[Init]
+
+# Option:  port
+# Notes.:  specifies port to block. Can be blank however may require block="ip"
+# Values:  [ NUM | STRING ]
+#
+port = ssh
+
+# Option:  dst
+# Notes.:  the local IP address of the network interface
+# Values:  IP, any, me or anything support by ipfw as a dst
+#
+dst = me
+
+# Option: block
+# Notes:  This is how much to block.
+#         Can be "ip", "tcp", "udp" or various other options.
+# Values: STRING
+block = tcp
+
+# Option:  blocktype
+# Notes.:  How to block the traffic. Use a action from man 8 ipfw
+#          Common values: deny, unreach port, reset
+# Values:  STRING
+#
+blocktype = unreach port
+
+# Option:  set number
+# Notes.:  The ipset number this is added to.
+# Values:  0-31
+setnum = 10
+
+# Option:  number for ipfw rule
+# Notes:   This is meant to be automatically generated and not overwritten
+# Values:  Random value between 10000 and 12000
+rulenum="`echo $((RANDOM%%2000+10000))`"
+
+# Duplicate prevention mechanism
+#rulenum = "`a=$((RANDOM%%2000+10000)); while ipfw show | grep -q ^$a\ ; do a=$((RANDOM%%2000+10000)); done; echo $a`"
diff --git a/njallavps/swag/fail2ban/action.d/pf.conf b/njallavps/swag/fail2ban/action.d/pf.conf
new file mode 100644
index 0000000..933b4de
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/pf.conf
@@ -0,0 +1,124 @@
+# Fail2Ban configuration file
+#
+# OpenBSD pf ban/unban
+#
+# Author: Nick Hilliard <nick@foobar.org>
+# Modified by: Alexander Koeppe making PF work seamless and with IPv4 and IPv6
+#
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+# we don't enable PF automatically; to enable run pfctl -e 
+# or add `pf_enable="YES"` to /etc/rc.conf (tested on FreeBSD)
+# also, these rulesets are loaded into (nested) anchors
+# to enable them, add as wildcard:
+#     anchor "f2b/*"
+# or using jail names:
+#     anchor f2b {
+#        anchor name1
+#        anchor name2
+#        ...
+#     }
+# to your main pf ruleset, where "namei" are the names of the jails
+# which invoke this action
+actionstart = echo "table <<tablename>-<name>> persist counters" | <pfctl> -f-
+              port="<port>"; if [ "$port" != "" ] && case "$port" in \{*) false;; esac; then port="{$port}"; fi
+              echo "<block> proto <protocol> from <<tablename>-<name>> to <actiontype>" | <pfctl> -f-
+
+# Option:  start_on_demand - to start action on demand
+# Example: `action=pf[actionstart_on_demand=true]`
+actionstart_on_demand = false
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+# we only disable PF rules we've installed prior
+actionstop = <pfctl> -sr 2>/dev/null | grep -v <tablename>-<name> | <pfctl> -f-
+             %(actionflush)s
+             <pfctl> -t <tablename>-<name> -T kill
+
+
+# Option:  actionflush
+# Notes.:  command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action)
+# Values:  CMD
+#
+actionflush = <pfctl> -t <tablename>-<name> -T flush
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = <pfctl> -sr | grep -q <tablename>-<name>
+
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = <pfctl> -t <tablename>-<name> -T add <ip>
+
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+# note -r option used to remove matching rule
+actionunban = <pfctl> -t <tablename>-<name> -T delete <ip>
+
+# Option: pfctl
+#
+# Use anchor as jailname to manipulate affected rulesets only.
+# If more parameter expected it can be extended with `pf[pfctl="<known/pfctl> ..."]`
+# 
+pfctl = pfctl -a f2b/<name>
+
+[Init]
+# Option:  tablename
+# Notes.:  The pf table name.
+# Values:  [ STRING ]
+#
+tablename = f2b
+
+# Option: block
+#
+# The action you want pf to take.
+# Probably, you want "block quick", but adjust as needed.
+block = block quick
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | ipv6-icmp ] Default: tcp
+#
+protocol = tcp
+
+# Option: actiontype
+# Notes.: defines additions to the blocking rule
+# Values: leave empty to block all attempts from the host
+# Default: Value of the multiport
+actiontype = <multiport>
+
+# Option: allports
+# Notes.: default addition to block all ports
+# Usage.: use in jail config: "banaction = pf[actiontype=<allports>]"
+allports = any
+
+# Option: multiport
+# Notes.: addition to block access only to specific ports
+# Usage.: use in jail config: "banaction = pf[actiontype=<multiport>]"
+multiport = any port $port
+
diff --git a/njallavps/swag/fail2ban/action.d/route.conf b/njallavps/swag/fail2ban/action.d/route.conf
new file mode 100644
index 0000000..9b96a7b
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/route.conf
@@ -0,0 +1,29 @@
+# Fail2Ban configuration file
+#
+# Author: Michael Gebetsroither
+#
+# This is for blocking whole hosts through blackhole routes.
+#
+# PRO:
+#   - Works on all kernel versions and as no compatibility problems (back to debian lenny and WAY further).
+#   - It's FAST for very large numbers of blocked ips.
+#   - It's FAST because it Blocks traffic before it enters common iptables chains used for filtering.
+#   - It's per host, ideal as action against ssh password bruteforcing to block further attack attempts.
+#   - No additional software required beside iproute/iproute2
+#
+# CON:
+#   - Blocking is per IP and NOT per service, but ideal as action against ssh password bruteforcing hosts
+
+[Definition]
+actionban   = ip route add <blocktype> <ip>
+actionunban = ip route del <blocktype> <ip>
+actioncheck =
+actionstart =
+actionstop =
+
+[Init]
+
+# Option:  blocktype
+# Note:    Type can be blackhole, unreachable and prohibit. Unreachable and prohibit correspond to the ICMP reject messages.
+# Values:  STRING
+blocktype = unreachable
diff --git a/njallavps/swag/fail2ban/action.d/sendmail-buffered.conf b/njallavps/swag/fail2ban/action.d/sendmail-buffered.conf
new file mode 100644
index 0000000..13803f8
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/sendmail-buffered.conf
@@ -0,0 +1,99 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+
+[INCLUDES]
+
+before = sendmail-common.conf
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
+              From: <sendername> <<sender>>
+              To: <dest>\n
+              Hi,\n
+              The jail <name> has been started successfully.\n
+              Output will be buffered until <lines> lines are available.\n
+              Regards,\n
+              Fail2Ban" | <mailcmd>
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = if [ -f <tmpfile> ]; then
+                 printf %%b "Subject: [Fail2Ban] <name>: summary from <fq-hostname>
+                 From: <sendername> <<sender>>
+                 To: <dest>\n
+                 Hi,\n
+                 These hosts have been banned by Fail2Ban.\n
+                 `cat <tmpfile>`
+                 Regards,\n
+                 Fail2Ban" | <mailcmd>
+                 rm <tmpfile>
+             fi
+             printf %%b "Subject: [Fail2Ban] <name>: stopped  on <fq-hostname>
+             From: Fail2Ban <<sender>>
+             To: <dest>\n
+             Hi,\n
+             The jail <name> has been stopped.\n
+             Regards,\n
+             Fail2Ban" | <mailcmd>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
+            LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
+            if [ $LINE -ge <lines> ]; then
+                printf %%b "Subject: [Fail2Ban] <name>: summary from <fq-hostname>
+                From: <sendername> <<sender>>
+                To: <dest>\n
+                Hi,\n
+                These hosts have been banned by Fail2Ban.\n
+                `cat <tmpfile>`
+                Regards,\n
+                Fail2Ban" | <mailcmd>
+                rm <tmpfile>
+            fi
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = 
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Default number of lines that are buffered
+#
+lines = 5
+
+# Default temporary file
+#
+tmpfile = /var/run/fail2ban/tmp-mail.txt
+
diff --git a/njallavps/swag/fail2ban/action.d/sendmail-common.conf b/njallavps/swag/fail2ban/action.d/sendmail-common.conf
new file mode 100644
index 0000000..1e31fad
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/sendmail-common.conf
@@ -0,0 +1,77 @@
+# Fail2Ban configuration file
+#
+# Common settings for sendmail actions
+#
+# Users can override the defaults in sendmail-common.local
+
+[INCLUDES]
+
+after = sendmail-common.local
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
+              Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+              From: <sendername> <<sender>>
+              To: <dest>\n
+              Hi,\n
+              The jail <name> has been started successfully.\n
+              Regards,\n
+              Fail2Ban" | <mailcmd>
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped on <fq-hostname>
+             Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+             From: <sendername> <<sender>>
+             To: <dest>\n
+             Hi,\n
+             The jail <name> has been stopped.\n
+             Regards,\n
+             Fail2Ban" | <mailcmd>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban =
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban =
+
+[Init]
+
+# Your system mail command
+#
+mailcmd = /usr/sbin/sendmail -f "<sender>" "<dest>"
+
+# Recipient mail address
+#
+dest = root
+
+# Sender mail address
+#
+sender = fail2ban
+
+# Sender display name
+#
+sendername = Fail2Ban
diff --git a/njallavps/swag/fail2ban/action.d/sendmail-geoip-lines.conf b/njallavps/swag/fail2ban/action.d/sendmail-geoip-lines.conf
new file mode 100644
index 0000000..b36e49a
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/sendmail-geoip-lines.conf
@@ -0,0 +1,59 @@
+# Fail2Ban configuration file
+#
+# Author: Viktor Szépe
+#
+#
+
+[INCLUDES]
+
+before = sendmail-common.conf
+         helpers-common.conf
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionban
+# Notes.:  Command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+#          You need to install geoiplookup and the GeoLite or GeoIP databases.
+#          (geoip-bin and geoip-database in Debian)
+#          The host command comes from bind9-host package.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = ( printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostname>
+            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+            From: <sendername> <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n\n
+            Here is more information about <ip> :\n
+            http://bgp.he.net/ip/<ip>
+            http://www.projecthoneypot.org/ip_<ip>
+            http://whois.domaintools.com/<ip>\n\n
+            Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "<ip>" | cut -d':' -f2-`
+            AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "<ip>" | cut -d':' -f2-`
+            hostname: <ip-host>\n\n
+            Lines containing failures of <ip> (max <grepmax>)\n";
+            %(_grep_logs)s;
+            printf %%b "\n
+            Regards,\n
+            Fail2Ban" ) | <mailcmd>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Path to the log files which contain relevant lines for the abuser IP
+#
+logpath = /dev/null
+
+# Number of log lines to include in the email
+#
+#grepmax = 1000
+#grepopts = -m <grepmax>
diff --git a/njallavps/swag/fail2ban/action.d/sendmail-whois-ipjailmatches.conf b/njallavps/swag/fail2ban/action.d/sendmail-whois-ipjailmatches.conf
new file mode 100644
index 0000000..7790ec5
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/sendmail-whois-ipjailmatches.conf
@@ -0,0 +1,41 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+
+[INCLUDES]
+
+before = sendmail-common.conf
+         mail-whois-common.conf
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostname>
+            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+            From: <sendername> <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n\n
+            Here is more information about <ip> :\n
+            `%(_whois_command)s`\n\n
+            Matches for <name> with <ipjailfailures> failures IP:<ip>\n
+            <ipjailmatches>\n\n
+            Regards,\n
+            Fail2Ban" | <mailcmd>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
diff --git a/njallavps/swag/fail2ban/action.d/sendmail-whois-ipmatches.conf b/njallavps/swag/fail2ban/action.d/sendmail-whois-ipmatches.conf
new file mode 100644
index 0000000..e4717ca
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/sendmail-whois-ipmatches.conf
@@ -0,0 +1,41 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+
+[INCLUDES]
+
+before = sendmail-common.conf
+         mail-whois-common.conf
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostname>
+            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+            From: <sendername> <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n\n
+            Here is more information about <ip> :\n
+            `%(_whois_command)s`\n\n
+            Matches with <ipfailures> failures IP:<ip>\n
+            <ipmatches>\n\n
+            Regards,\n
+            Fail2Ban" | <mailcmd>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
diff --git a/njallavps/swag/fail2ban/action.d/sendmail-whois-lines.conf b/njallavps/swag/fail2ban/action.d/sendmail-whois-lines.conf
new file mode 100644
index 0000000..47ec6ed
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/sendmail-whois-lines.conf
@@ -0,0 +1,52 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+
+[INCLUDES]
+
+before = sendmail-common.conf
+         mail-whois-common.conf
+         helpers-common.conf
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = ( printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostname>
+            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+            From: <sendername> <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n\n
+            Here is more information about <ip> :\n"
+            %(_whois_command)s;
+            printf %%b "\nLines containing failures of <ip> (max <grepmax>)\n";
+            %(_grep_logs)s;
+            printf %%b "\n
+            Regards,\n
+            Fail2Ban" ) | <mailcmd>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Path to the log files which contain relevant lines for the abuser IP
+#
+logpath = /dev/null
+
+# Number of log lines to include in the email
+#
+#grepmax = 1000
+#grepopts = -m <grepmax>
diff --git a/njallavps/swag/fail2ban/action.d/sendmail-whois-matches.conf b/njallavps/swag/fail2ban/action.d/sendmail-whois-matches.conf
new file mode 100644
index 0000000..08215ea
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/sendmail-whois-matches.conf
@@ -0,0 +1,41 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+
+[INCLUDES]
+
+before = sendmail-common.conf
+         mail-whois-common.conf
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostname>
+            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+            From: <sendername> <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n\n
+            Here is more information about <ip> :\n
+            `%(_whois_command)s`\n\n
+            Matches:\n
+            <matches>\n\n
+            Regards,\n
+            Fail2Ban" | <mailcmd>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
diff --git a/njallavps/swag/fail2ban/action.d/sendmail-whois.conf b/njallavps/swag/fail2ban/action.d/sendmail-whois.conf
new file mode 100644
index 0000000..9e93cd3
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/sendmail-whois.conf
@@ -0,0 +1,40 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+
+[INCLUDES]
+
+before = sendmail-common.conf
+         mail-whois-common.conf
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostname>
+            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+            From: <sendername> <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n\n
+            Here is more information about <ip> :\n
+            `%(_whois_command)s`\n
+            Regards,\n
+            Fail2Ban" | <mailcmd>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
diff --git a/njallavps/swag/fail2ban/action.d/sendmail.conf b/njallavps/swag/fail2ban/action.d/sendmail.conf
new file mode 100644
index 0000000..ad9e8d7
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/sendmail.conf
@@ -0,0 +1,37 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+
+[INCLUDES]
+
+before = sendmail-common.conf
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostname>
+            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+            From: <sendername> <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n
+            Regards,\n
+            Fail2Ban" | <mailcmd>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
diff --git a/njallavps/swag/fail2ban/action.d/shorewall-ipset-proto6.conf b/njallavps/swag/fail2ban/action.d/shorewall-ipset-proto6.conf
new file mode 100644
index 0000000..eacb53d
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/shorewall-ipset-proto6.conf
@@ -0,0 +1,93 @@
+# Fail2Ban configuration file
+#
+# Author: Eduardo Diaz
+#
+# This is for ipset protocol 6 (and hopefully later) (ipset v6.14).
+# for shorewall
+#
+# Use this setting in jail.conf to modify use this action instead of a
+# default one
+#
+# banaction   = shorewall-ipset-proto6
+#
+# This requires the program ipset which is normally in package called ipset.
+#
+# IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0
+# kernels, and you need Shorewall >= 4.5.5 to use this action.
+#
+# The default Shorewall configuration is with "BLACKLISTNEWONLY=Yes" (see
+# file /etc/shorewall/shorewall.conf). This means that when Fail2ban adds a
+# new shorewall rule to ban an IP address, that rule will affect only new
+# connections. So if the attacker goes on trying using the same connection
+# he could even log in. In order to get the same behavior of the iptable
+# action (so that the ban is immediate) the /etc/shorewall/shorewall.conf
+# file should me modified with "BLACKLISTNEWONLY=No".
+#
+#
+# Enable shorewall to use a blacklist using iptables creating a file
+# /etc/shorewall/blrules and adding "DROP net:+f2b-ssh all" and
+# similar lines for every jail.  To enable restoring you ipset you
+# must set SAVE_IPSETS=Yes in shorewall.conf .  You can read more
+# about ipsets handling in Shorewall at http://shorewall.net/ipsets.html
+#
+# To force creation of the ipset in the case that somebody deletes the
+# ipset create a file /etc/shorewall/initdone and add one line for
+# every ipset (this files are in Perl) and add 1 at the end of the file.
+# The example:
+# system("/usr/sbin/ipset -quiet -exist create f2b-ssh hash:ip timeout 600 ");
+# 1;
+#
+# To destroy the ipset in shorewall you must add to the file /etc/shorewall/stopped
+# # One line of every ipset
+# system("/usr/sbin/ipset -quiet destroy f2b-ssh ");
+# 1; # This must go to the end of the file if not shorewall compilation fails
+#
+
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = if ! ipset -quiet -name list f2b-<name> >/dev/null;
+              then ipset -quiet -exist create f2b-<name> hash:ip timeout <default-ipsettime>;
+              fi
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = ipset flush f2b-<name>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = ipset add f2b-<name> <ip> timeout <ipsettime> -exist
+
+# actionprolong = %(actionban)s
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = ipset del f2b-<name> <ip> -exist
+
+# Option: default-ipsettime
+# Notes:  specifies default timeout in seconds (handled default ipset timeout only)
+# Values:  [ NUM ]  Default: 0 (no timeout, managed by fail2ban by unban)
+default-ipsettime = 0
+
+# Option: ipsettime
+# Notes:  specifies ticket timeout (handled ipset timeout only)
+# Values:  [ NUM ]  Default: 0 (managed by fail2ban by unban)
+ipsettime = 0
+
+# expresion to caclulate timeout from bantime, example:
+# banaction = %(known/banaction)s[ipsettime='<timeout-bantime>']
+timeout-bantime = $([ "<bantime>" -le 2147483 ] && echo "<bantime>" || echo 0)
diff --git a/njallavps/swag/fail2ban/action.d/shorewall.conf b/njallavps/swag/fail2ban/action.d/shorewall.conf
new file mode 100644
index 0000000..83d08d9
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/shorewall.conf
@@ -0,0 +1,73 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+# The default Shorewall configuration is with "BLACKLISTNEWONLY=Yes" (see
+# file /etc/shorewall/shorewall.conf). This means that when Fail2ban adds a
+# new shorewall rule to ban an IP address, that rule will affect only new
+# connections. So if the attempter goes on trying using the same connection
+# he could even log in. In order to get the same behavior of the iptable
+# action (so that the ban is immediate) the /etc/shorewall/shorewall.conf
+# file should be modified with "BLACKLISTNEWONLY=No". Note that as of
+# Shorewall 4.5.13 BLACKLISTNEWONLY is deprecated; however the equivalent
+# of BLACKLISTNEWONLY=No can now be achieved by setting BLACKLIST="ALL".
+# 
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart = 
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop = 
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = shorewall<family> <blocktype> <ip>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = shorewall<family> allow <ip>
+
+
+[Init]
+
+# Option:  family
+# Note:    Control which version of command is executed
+# Values:  Empty or 6 in case of IPv6
+family = 
+
+# Option:  blocktype
+# Note:    This is what the action does with rules.
+#          See man page of shorewall for options that include drop, logdrop, reject, or logreject
+# Values:  STRING
+blocktype = reject
+
+[Init?family=inet6]
+
+# Option:  family
+# Note:    Control which version of command is executed
+# Values:  Empty or 6 in case of IPv6
+family = 6
+
diff --git a/njallavps/swag/fail2ban/action.d/smtp.py b/njallavps/swag/fail2ban/action.d/smtp.py
new file mode 100644
index 0000000..5c27d0f
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/smtp.py
@@ -0,0 +1,230 @@
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+import socket
+import smtplib
+from email.mime.text import MIMEText
+from email.utils import formatdate, formataddr
+
+from fail2ban.server.actions import ActionBase, CallingMap
+
+messages = {}
+messages['start'] = \
+"""Hi,
+
+The jail %(jailname)s has been started successfully.
+
+Regards,
+Fail2Ban"""
+
+messages['stop'] = \
+"""Hi,
+
+The jail %(jailname)s has been stopped.
+
+Regards,
+Fail2Ban"""
+
+messages['ban'] = {}
+messages['ban']['head'] = \
+"""Hi,
+
+The IP %(ip)s has just been banned for %(bantime)i seconds
+by Fail2Ban after %(failures)i attempts against %(jailname)s.
+"""
+messages['ban']['tail'] = \
+"""
+Regards,
+Fail2Ban"""
+messages['ban']['matches'] = \
+"""
+Matches for this ban:
+%(matches)s
+"""
+messages['ban']['ipmatches'] = \
+"""
+Matches for %(ip)s:
+%(ipmatches)s
+"""
+messages['ban']['ipjailmatches'] = \
+"""
+Matches for %(ip)s for jail %(jailname)s:
+%(ipjailmatches)s
+"""
+
+
+class SMTPAction(ActionBase):
+	"""Fail2Ban action which sends emails to inform on jail starting,
+	stopping and bans.
+	"""
+
+	def __init__(
+		self, jail, name, host="localhost", user=None, password=None,
+		sendername="Fail2Ban", sender="fail2ban", dest="root", matches=None):
+		"""Initialise action.
+
+		Parameters
+		----------
+		jail : Jail
+			The jail which the action belongs to.
+		name : str
+			Named assigned to the action.
+		host : str, optional
+			SMTP host, of host:port format. Default host "localhost" and
+			port "25"
+		user : str, optional
+			Username used for authentication with SMTP server.
+		password : str, optional
+			Password used for authentication with SMTP server.
+		sendername : str, optional
+			Name to use for from address in email. Default "Fail2Ban".
+		sender : str, optional
+			Email address to use for from address in email.
+			Default "fail2ban".
+		dest : str, optional
+			Email addresses of intended recipient(s) in comma space ", "
+			delimited format. Default "root".
+		matches : str, optional
+			Type of matches to be included from ban in email. Can be one
+			of "matches", "ipmatches" or "ipjailmatches". Default None
+			(see man jail.conf.5).
+		"""
+
+		super(SMTPAction, self).__init__(jail, name)
+
+		self.host = host
+		#TODO: self.ssl = ssl
+
+		self.user = user
+		self.password =password
+
+		self.fromname = sendername
+		self.fromaddr = sender
+		self.toaddr = dest
+
+		self.matches = matches
+
+		self.message_values = CallingMap(
+			jailname = self._jail.name,
+			hostname = socket.gethostname,
+			bantime = lambda: self._jail.actions.getBanTime(),
+			)
+
+		# bypass ban/unban for restored tickets
+		self.norestored = 1
+
+	def _sendMessage(self, subject, text):
+		"""Sends message based on arguments and instance's properties.
+
+		Parameters
+		----------
+		subject : str
+			Subject of the email.
+		text : str
+			Body of the email.
+
+		Raises
+		------
+		SMTPConnectionError
+			Error on connecting to host.
+		SMTPAuthenticationError
+			Error authenticating with SMTP server.
+		SMTPException
+			See Python `smtplib` for full list of other possible
+			exceptions.
+		"""
+		msg = MIMEText(text)
+		msg['Subject'] = subject
+		msg['From'] = formataddr((self.fromname, self.fromaddr))
+		msg['To'] = self.toaddr
+		msg['Date'] = formatdate()
+
+		smtp = smtplib.SMTP()
+		try:
+			self._logSys.debug("Connected to SMTP '%s', response: %i: %s",
+				self.host, *smtp.connect(self.host))
+			if self.user and self.password: # pragma: no cover (ATM no tests covering that)
+				smtp.login(self.user, self.password)
+			failed_recipients = smtp.sendmail(
+				self.fromaddr, self.toaddr.split(", "), msg.as_string())
+		except smtplib.SMTPConnectError: # pragma: no cover
+			self._logSys.error("Error connecting to host '%s'", self.host)
+			raise
+		except smtplib.SMTPAuthenticationError: # pragma: no cover
+			self._logSys.error(
+				"Failed to authenticate with host '%s' user '%s'",
+				self.host, self.user)
+			raise
+		except smtplib.SMTPException: # pragma: no cover
+			self._logSys.error(
+				"Error sending mail to host '%s' from '%s' to '%s'",
+				self.host, self.fromaddr, self.toaddr)
+			raise
+		else:
+			if failed_recipients: # pragma: no cover
+				self._logSys.warning(
+					"Email to '%s' failed to following recipients: %r",
+					self.toaddr, failed_recipients)
+			self._logSys.debug("Email '%s' successfully sent", subject)
+		finally:
+			try:
+				self._logSys.debug("Disconnected from '%s', response %i: %s",
+					self.host, *smtp.quit())
+			except smtplib.SMTPServerDisconnected: # pragma: no cover
+				pass # Not connected
+
+	def start(self):
+		"""Sends email to recipients informing that the jail has started.
+		"""
+		self._sendMessage(
+			"[Fail2Ban] %(jailname)s: started on %(hostname)s" %
+				self.message_values,
+			messages['start'] % self.message_values)
+
+	def stop(self):
+		"""Sends email to recipients informing that the jail has stopped.
+		"""
+		self._sendMessage(
+			"[Fail2Ban] %(jailname)s: stopped on %(hostname)s" %
+				self.message_values,
+			messages['stop'] % self.message_values)
+
+	def ban(self, aInfo):
+		"""Sends email to recipients informing that ban has occurred.
+
+		Parameters
+		----------
+		aInfo : dict
+			Dictionary which includes information in relation to
+			the ban.
+		"""
+		if aInfo.get('restored'):
+			return
+		aInfo.update(self.message_values)
+		message = "".join([
+			messages['ban']['head'],
+			messages['ban'].get(self.matches, ""),
+			messages['ban']['tail']
+			])
+		self._sendMessage(
+			"[Fail2Ban] %(jailname)s: banned %(ip)s from %(hostname)s" %
+				aInfo,
+			message % aInfo)
+
+Action = SMTPAction
diff --git a/njallavps/swag/fail2ban/action.d/symbiosis-blacklist-allports.conf b/njallavps/swag/fail2ban/action.d/symbiosis-blacklist-allports.conf
new file mode 100644
index 0000000..7208b29
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/symbiosis-blacklist-allports.conf
@@ -0,0 +1,60 @@
+# Fail2Ban configuration file for Bytemark Symbiosis firewall
+#
+# Author: Yaroslav Halchenko
+#
+
+[INCLUDES]
+
+before = iptables.conf
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = <iptables> -n -L <chain>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP.
+# Values:  CMD
+#
+actionban = echo 'all' >| /etc/symbiosis/firewall/blacklist.d/<ip>.auto
+            <iptables> -I <chain> 1 -s <ip> -j <blocktype>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP.
+# Values:  CMD
+#
+actionunban = rm -f /etc/symbiosis/firewall/blacklist.d/<ip>.auto
+              <iptables> -D <chain> -s <ip> -j <blocktype> || :
+
+# [TODO] Flushing is currently not implemented for symbiosis blacklist.d
+#
+actionflush = 
+
+
+[Init]
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the fail2ban rules should be
+#          added to.  blacklist is a chain initiated by symbiosis firewall.
+# Values:  STRING  Default: blacklist
+chain = blacklist
+
+# Option:  blocktype
+# Note:    This is to match default symbiosis firewall type for blacklisted IPs
+# Values:  STRING
+blocktype = DROP
diff --git a/njallavps/swag/fail2ban/action.d/ufw.conf b/njallavps/swag/fail2ban/action.d/ufw.conf
new file mode 100644
index 0000000..c9ff7f3
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/ufw.conf
@@ -0,0 +1,75 @@
+# Fail2Ban action configuration file for ufw
+#
+# You are required to run "ufw enable" before this will have any effect.
+#
+# The insert position should be appropriate to block the required traffic.
+# A number after an allow rule to the application won't be of much use.
+
+[Definition]
+
+actionstart = 
+
+actionstop = 
+
+actioncheck = 
+
+# ufw does "quickly process packets for which we already have a connection" in before.rules,
+# therefore all related sockets should be closed
+# actionban is using `ss` to do so, this only handles IPv4 and IPv6.
+
+actionban = if [ -n "<application>" ] && ufw app info "<application>"
+            then
+              ufw <add> <blocktype> from <ip> to <destination> app "<application>" comment "<comment>"
+            else
+              ufw <add> <blocktype> from <ip> to <destination> comment "<comment>"
+            fi
+            <kill>
+
+actionunban = if [ -n "<application>" ] && ufw app info "<application>"
+              then
+                ufw delete <blocktype> from <ip> to <destination> app "<application>"
+              else
+                ufw delete <blocktype> from <ip> to <destination>
+              fi
+
+# Option: kill-mode
+# Notes.: can be set to ss or conntrack (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill)
+# Example: banaction = ufw[kill-mode=ss]
+kill-mode =
+
+# intern conditional parameter used to provide killing mode after ban:
+_kill_ =
+_kill_ss = ss -K dst "[<ip>]"
+_kill_conntrack = conntrack -D -s "<ip>"
+
+# Option: kill
+# Notes.: can be used to specify custom killing feature, by default depending on option kill-mode
+# Examples: banaction = ufw[kill='ss -K "( sport = :http || sport = :https )" dst "[<ip>]"']
+#           banaction = ufw[kill='cutter "<ip>"']
+kill = <_kill_<kill-mode>>
+
+[Init]
+# Option: add
+# Notes.: can be set to "insert 1" to insert a rule at certain position (here 1):
+add = prepend
+
+# Option: blocktype
+# Notes.: reject or deny
+blocktype = reject
+
+# Option: destination
+# Notes.: The destination address to block in the ufw rule
+destination = any
+
+# Option: application
+# Notes.: application from sudo ufw app list
+application = 
+
+# Option: comment
+# Notes.: comment for rule added by fail2ban
+comment = by Fail2Ban after <failures> attempts against <name>
+
+# DEV NOTES:
+# 
+# Author: Guilhem Lettron
+# Enhancements: Daniel Black
diff --git a/njallavps/swag/fail2ban/action.d/xarf-login-attack.conf b/njallavps/swag/fail2ban/action.d/xarf-login-attack.conf
new file mode 100644
index 0000000..f348b2c
--- /dev/null
+++ b/njallavps/swag/fail2ban/action.d/xarf-login-attack.conf
@@ -0,0 +1,143 @@
+# Fail2Ban action for sending xarf Login-Attack messages to IP owner
+#
+# IMPORTANT:
+#
+# Emailing a IP owner of abuse is a serious complain. Make sure that it is
+# serious. Fail2ban developers and network owners recommend you only use this
+# action for:
+#   * The recidive where the IP has been banned multiple times
+#   * Where maxretry has been set quite high, beyond the normal user typing
+#     password incorrectly.
+#   * For filters that have a low likelihood of receiving human errors
+#
+# DEPENDENCIES:
+#
+# This requires the dig command from bind-utils
+#
+# This uses the https://abusix.com/contactdb.html to lookup abuse contacts.
+#
+# XARF is a specification for sending a formatted response
+# for non-messaging based abuse including:
+#
+# Login-Attack, Malware-Attack, Fraud (Phishing, etc.), Info DNSBL
+#
+# For details see:
+# https://github.com/xarf/xarf-specification
+# http://www.x-arf.org/schemata.html
+#
+# Author: Daniel Black
+# Based on complain written by Russell Odom <russ@gloomytrousers.co.uk>
+#
+#
+
+[Definition]
+
+# bypass ban/unban for restored tickets
+norestored = 1
+
+actionstart =
+
+actionstop =
+
+actioncheck =
+
+actionban = oifs=${IFS};
+            RESOLVER_ADDR="%(addr_resolver)s"
+            if [ "<debug>" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi
+            ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"')
+            IFS=,; ADDRESSES=$(echo $ADDRESSES)
+            IFS=${oifs}
+            IP=<ip>
+            FROM=<sender>
+            SERVICE=<service>
+            FAILURES=<failures>
+            REPORTID=<time>@<fq-hostname>
+            TLP=<tlp>
+            PORT=<port>
+            DATE=`LC_ALL=C date --date=@<time> +"%%a, %%d %%h %%Y %%T %%z"`
+            if [ ! -z "$ADDRESSES" ]; then
+                oifs=${IFS}; IFS=,; ADDRESSES=$(echo $ADDRESSES)
+                IFS=${oifs}
+                (printf -- %%b "<header>\n<message>\n<report>\n\n";
+                 date '+Note: Local timezone is %%z (%%Z)';
+                 printf -- %%b "\n<ipmatches>\n\n<footer>") | <mailcmd> <mailargs> $ADDRESSES
+            fi
+
+actionunban =
+
+# Server as resolver used in dig command
+#
+addr_resolver = <ip-rev>abuse-contacts.abusix.org
+
+# Option: boundary
+# Notes:  This can be overwritten to be safe for possible predictions
+boundary = bfbb0f920793ac03cb8634bde14d8a1e
+
+_boundary = Abuse<time>-<boundary>
+
+# Option: header
+# Notes:  This is really a fixed value
+header  = Subject: abuse report about $IP - $DATE\nAuto-Submitted: auto-generated\nX-XARF: PLAIN\nContent-Transfer-Encoding: 7bit\nContent-Type: multipart/mixed; charset=utf8;\n  boundary=%(_boundary)s;\n\n--%(_boundary)s\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Type: text/plain; charset=utf-8;\n
+
+# Option: footer
+# Notes:  This is really a fixed value and needs to match the report and header
+#         mime delimiters
+footer = \n\n--%(_boundary)s--
+
+# Option: report
+# Notes:  Intended to be fixed
+report =  --%(_boundary)s\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Type: text/plain; charset=utf-8; name=\"report.txt\";\n\n---\nReported-From: $FROM\nCategory: abuse\nReport-ID: $REPORTID\nReport-Type: login-attack\nService: $SERVICE\nVersion: 0.2\nUser-Agent: Fail2ban v0.9\nDate: $DATE\nSource-Type: ip-address\nSource: $IP\nPort: $PORT\nSchema-URL: http://www.x-arf.org/schema/abuse_login-attack_0.1.2.json\nAttachment: text/plain\nOccurances: $FAILURES\nTLP: $TLP\n\n\n--%(_boundary)s\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Type: text/plain; charset=utf8; name=\"logfile.log\";
+
+# Option: Message
+# Notes:  This can be modified by the users
+message = Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban in a X-ARF format! You can find more information about x-arf at http://www.x-arf.org/specification.html.\n\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n
+
+# Option:  loglines
+# Notes.:  The number of log lines to search for the IP for the report
+loglines = 9000
+
+# Option:  mailcmd
+# Notes.:  Your system mail command. It is passed the recipient
+# Values:  CMD
+#
+mailcmd =  /usr/sbin/sendmail
+
+# Option:  mailargs
+# Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
+#          CC reports to another address:
+#              -c me@example.com
+#          Appear to come from a different address - the '--' indicates
+#          arguments to be passed to Sendmail:
+#              -- -f me@example.com
+# Values:  [ STRING ]
+#
+mailargs = -f <sender>
+
+# Option:  tlp
+# Notes.:  Traffic light protocol defining the sharing of this information.
+#          http://www.trusted-introducer.org/ISTLPv11.pdf
+#          green is share to those involved in network security but it is not
+#          to be released to the public.
+tlp = green
+
+# ALL of the following parameters should be set so the report contains
+# meaningful information
+
+# Option: service
+# Notes.: This is the service type that was attacked. e.g. ssh, pop3
+service = unspecified
+
+# Option:  logpath
+# Notes:   Path to the log files which contain relevant lines for the abuser IP
+# Values:  Filename(s) space separated and can contain wildcards (these are
+#          greped for the IP so make sure these aren't too long
+logpath = /dev/null
+
+# Option:  sender
+# Notes.:  This is the sender that is included in the XARF report
+sender = fail2ban@<fq-hostname>
+
+# Option:  port
+# Notes.:  This is the port number that received the login-attack
+port = 0
+
diff --git a/njallavps/swag/fail2ban/filter.d/3proxy.conf b/njallavps/swag/fail2ban/filter.d/3proxy.conf
new file mode 100644
index 0000000..76c7573
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/3proxy.conf
@@ -0,0 +1,20 @@
+# Fail2Ban filter for 3proxy
+#
+#
+
+[Definition]
+
+
+failregex = ^\s[+-]\d{4} \S+ \d{3}0[1-9] \S+ <HOST>:\d+ [\d.]+:\d+ \d+ \d+ \d+\s
+
+ignoreregex = 
+
+datepattern = {^LN-BEG}
+
+# DEV Notes:
+# http://www.3proxy.ru/howtoe.asp#ERRORS indicates that 01-09 are
+# all authentication problems (%E field)
+# Log format is: "L%d-%m-%Y %H:%M:%S %z %N.%p %E %U %C:%c %R:%r %O %I %h %T"
+#
+# Requested by ykimon in https://github.com/fail2ban/fail2ban/issues/246
+# Author: Daniel Black
diff --git a/njallavps/swag/fail2ban/filter.d/alpine-sshd-ddos.conf b/njallavps/swag/fail2ban/filter.d/alpine-sshd-ddos.conf
new file mode 100644
index 0000000..ae40569
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/alpine-sshd-ddos.conf
@@ -0,0 +1,26 @@
+# Fail2Ban ssh filter for at attempted exploit
+#
+# The regex here also relates to a exploit:
+#
+#  http://www.securityfocus.com/bid/17958/exploit
+#  The example code here shows the pushing of the exploit straight after
+#  reading the server version. This is where the client version string normally
+#  pushed. As such the server will read this unparsible information as
+#  "Did not receive identification string".
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = sshd
+
+failregex = Did not receive identification string from <HOST>\s*$
+
+ignoreregex = 
+
+[Init]
+
diff --git a/njallavps/swag/fail2ban/filter.d/alpine-sshd.conf b/njallavps/swag/fail2ban/filter.d/alpine-sshd.conf
new file mode 100644
index 0000000..e3b9963
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/alpine-sshd.conf
@@ -0,0 +1,30 @@
+# Fail2Ban filter for openssh for Alpine
+#
+# If you want to protect OpenSSH from being bruteforced by password
+# authentication then get public key authentication working before disabling
+# PasswordAuthentication in sshd_config.
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = sshd
+
+failregex = Failed [-/\w]+ for .* from <HOST> port \d* ssh2
+            sshd\[.*\]: Invalid user .* from <HOST> port \d*
+            sshd\[.*\]: Received disconnect from <HOST> port \d*:[0-9]+:  \[preauth\]
+            sshd\[.*\]: Disconnected from invalid user .* <HOST> port \d* \[preauth\]
+
+ignoreregex = 
+
+[Init]
+
+# "maxlines" is number of log lines to buffer for multi-line regex searches
+maxlines = 10
+
+
diff --git a/njallavps/swag/fail2ban/filter.d/apache-auth.conf b/njallavps/swag/fail2ban/filter.d/apache-auth.conf
new file mode 100644
index 0000000..40f6d6e
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/apache-auth.conf
@@ -0,0 +1,71 @@
+# Fail2Ban apache-auth filter
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# apache-common.local
+before = apache-common.conf
+
+[Definition]
+
+# Mode for filter: normal (default) and aggressive (allows DDoS & brute force detection of mod_evasive)
+mode = normal
+
+# ignore messages of mod_evasive module:
+apache-pref-ign-normal = (?!evasive)
+# allow "denied by server configuration" from all modules:
+apache-pref-ign-aggressive =
+# mode related ignore prefix for common _apache_error_client substitution:
+apache-pref-ignore = <apache-pref-ign-<mode>>
+
+prefregex = ^%(_apache_error_client)s (?:AH\d+: )?<F-CONTENT>.+</F-CONTENT>$
+
+# auth_type = ((?:Digest|Basic): )?
+auth_type = ([A-Z]\w+: )?
+
+failregex = ^client (?:denied by server configuration|used wrong authentication scheme)\b
+            ^user (?!`)<F-USER>(?:\S*|.*?)</F-USER> (?:auth(?:oriz|entic)ation failure|not found|denied by provider)\b
+            ^Authorization of user <F-USER>(?:\S*|.*?)</F-USER> to access .*? failed\b
+            ^%(auth_type)suser <F-USER>(?:\S*|.*?)</F-USER>: password mismatch\b
+            ^%(auth_type)suser `<F-USER>(?:[^']*|.*?)</F-USER>' in realm `.+' (auth(?:oriz|entic)ation failure|not found|denied by provider)\b
+            ^%(auth_type)sinvalid nonce .* received - length is not\b
+            ^%(auth_type)srealm mismatch - got `(?:[^']*|.*?)' but expected\b
+            ^%(auth_type)sunknown algorithm `(?:[^']*|.*?)' received\b
+            ^invalid qop `(?:[^']*|.*?)' received\b
+            ^%(auth_type)sinvalid nonce .*? received - user attempted time travel\b
+            ^(?:No h|H)ostname \S+ provided via SNI(?:, but no hostname provided| and hostname \S+ provided| for a name based virtual host)\b
+
+ignoreregex = 
+
+# DEV Notes:
+#
+# This filter matches the authorization failures of Apache. It takes the log messages
+# from the modules in aaa that return HTTP_UNAUTHORIZED, HTTP_METHOD_NOT_ALLOWED or
+# HTTP_FORBIDDEN and not AUTH_GENERAL_ERROR or HTTP_INTERNAL_SERVER_ERROR.
+#
+# An unauthorized response 401 is the first step for a browser to instigate authentication
+# however apache doesn't log this as an error. Only subsequent errors are logged in the 
+# error log.
+#
+# Source:
+#
+# By searching the code in http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/*
+# for ap_log_rerror(APLOG_MARK, APLOG_ERR and examining resulting return code should get
+# all of these expressions. Lots of submodules like mod_authz_* return back to mod_authz_core
+# to return the actual failure.
+#
+# Note that URI can contain spaces.
+#
+# See also: http://wiki.apache.org/httpd/ListOfErrors
+# Expressions that don't have tests and aren't common.
+# more be added with  https://issues.apache.org/bugzilla/show_bug.cgi?id=55284 
+#     ^user .*: nonce expired \([\d.]+ seconds old - max lifetime [\d.]+\) - sending new nonce\s*$
+#     ^user .*: one-time-nonce mismatch - sending new nonce\s*$
+#     ^realm mismatch - got `(?:[^']*|.*?)' but no realm specified\s*$
+#
+# Because url/referer are foreign input, short form of regex used if long enough to idetify failure.
+# 
+# Author: Cyril Jaquier
+# Major edits by Daniel Black and Ben Rubson.
+# Rewritten for v.0.10 by Sergey Brester (sebres).
diff --git a/njallavps/swag/fail2ban/filter.d/apache-badbots.conf b/njallavps/swag/fail2ban/filter.d/apache-badbots.conf
new file mode 100644
index 0000000..12d4105
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/apache-badbots.conf
@@ -0,0 +1,24 @@
+# Fail2Ban configuration file
+#
+# Regexp to catch known spambots and software alike. Please verify
+# that it is your intent to block IPs which were driven by
+# above mentioned bots.
+
+
+[Definition]
+
+badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider|(?:Mozilla/\d+\.\d+ )?Jorgee
+badbots = Atomic_Email_Hunter/4\.0|atSpider/1\.0|autoemailspider|bwh3_user_agent|China Local Browse 2\.6|ContactBot/0\.2|ContentSmartz|DataCha0s/2\.0|DBrowse 1\.4b|DBrowse 1\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\.4b|Educate Search VxB|EmailSiphon|EmailSpider|EmailWolf 1\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Guestbook Auto Submitter|Industry Program 1\.0\.x|ISC Systems iRc Search 2\.1|IUPUI Research Bot v 1\.9a|LARBIN-EXPERIMENTAL \(efp@gmx\.net\)|LetsCrawl\.com/1\.0 \+http\://letscrawl\.com/|Lincoln State Web Browser|LMQueueBot/0\.2|LWP\:\:Simple/5\.803|Mac Finder 1\.0\.xx|MFC Foundation Class Library 4\.0|Microsoft URL Control - 6\.00\.8xxx|Missauga Locate 1\.0\.0|Missigua Locator 1\.9|Missouri College Browse|Mizzu Labs 2\.2|Mo College 1\.9|MVAClient|Mozilla/2\.0 \(compatible; NEWT ActiveX; Win32\)|Mozilla/3\.0 \(compatible; Indy Library\)|Mozilla/3\.0 \(compatible; scan4mail \(advanced version\) http\://www\.peterspages\.net/?scan4mail\)|Mozilla/4\.0 \(compatible; Advanced Email Extractor v2\.xx\)|Mozilla/4\.0 \(compatible; Iplexx Spider/1\.0 http\://www\.iplexx\.at\)|Mozilla/4\.0 \(compatible; MSIE 5\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\.0 efp@gmx\.net|Mozilla/5\.0 \(Version\: xxxx Type\:xx\)|NameOfAgent \(CMS Spider\)|NASA Search 1\.0|Nsauditor/1\.x|PBrowse 1\.4b|PEval 1\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\.0\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\.com|ShablastBot 1\.0|snap\.com beta crawler v0|Snapbot/1\.0|Snapbot/1\.0 \(Snap Shots&#44; \+http\://www\.snap\.com\)|sogou develop spider|Sogou Orion spider/3\.0\(\+http\://www\.sogou\.com/docs/help/webmasters\.htm#07\)|sogou spider|Sogou web spider/3\.0\(\+http\://www\.sogou\.com/docs/help/webmasters\.htm#07\)|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\.2|User-Agent\: Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1\)|VadixBot|WebVulnCrawl\.unknown/1\.0 libwww-perl/5\.803|Wells Search II|WEP Search 00
+
+failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$
+
+ignoreregex =
+
+datepattern = ^[^\[]*\[({DATE})
+              {^LN-BEG}
+
+# DEV Notes:
+# List of bad bots fetched from http://www.user-agents.org
+# Generated on Thu Nov  7 14:23:35 PST 2013 by files/gen_badbots.
+#
+# Author: Yaroslav Halchenko
diff --git a/njallavps/swag/fail2ban/filter.d/apache-botsearch.conf b/njallavps/swag/fail2ban/filter.d/apache-botsearch.conf
new file mode 100644
index 0000000..872f199
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/apache-botsearch.conf
@@ -0,0 +1,39 @@
+# Fail2Ban filter to match web requests for selected URLs that don't exist
+#
+# This filter is aimed at blocking specific URLs that don't exist. This
+# could be a set of URLs places in a Disallow: directive in robots.txt or
+# just some web services that don't exist caused bots are searching for
+# exploitable content. This filter is designed to have a low false positive
+# rate due.
+#
+# An alternative to this is the apache-noscript filter which blocks all
+# types of scripts that don't exist.
+#
+#
+# This is normally a predefined list of exploitable or valuable web services
+# that are hidden or aren't actually installed.
+#
+
+[INCLUDES]
+
+# overwrite with apache-common.local if _apache_error_client is incorrect.
+# Load regexes for filtering from botsearch-common.conf
+before = apache-common.conf
+         botsearch-common.conf
+
+[Definition]
+
+prefregex = ^%(_apache_error_client)s (?:AH\d+: )?<F-CONTENT>.+</F-CONTENT>$
+
+failregex = ^(?:File does not exist|script not found or unable to stat): <webroot><block>(, referer: \S+)?\s*$
+            ^script '<webroot><block>' not found or unable to stat(, referer: \S+)?\s*$
+
+ignoreregex = 
+
+# Webroot represents the webroot on which all other files are based
+webroot = /var/www/
+
+
+# DEV Notes:
+#
+# Author: Daniel Black
diff --git a/njallavps/swag/fail2ban/filter.d/apache-common.conf b/njallavps/swag/fail2ban/filter.d/apache-common.conf
new file mode 100644
index 0000000..6577fe7
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/apache-common.conf
@@ -0,0 +1,44 @@
+# Generic configuration items (to be used as interpolations) in other
+# apache filters.
+
+[INCLUDES]
+
+before = common.conf
+# Load customizations if any available
+after = apache-common.local
+
+[DEFAULT]
+
+# Apache logging mode:
+#   all - universal prefix (logfile, syslog)
+#   logfile - logfile only
+#   syslog - syslog only
+# Use `filter = apache-auth[logging=syslog]` to get more precise regex if apache logs into syslog (ErrorLog syslog).
+# Use `filter = apache-auth[logging=all]` to get universal regex matches both logging variants.
+logging = logfile
+
+# Apache logging prefixes (date-pattern prefix, server, process etc.):
+apache-prefix-syslog = %(__prefix_line)s
+apache-prefix-logfile = \[\]\s
+apache-prefix-all = (?:%(apache-prefix-logfile)s|%(apache-prefix-syslog)s)?
+
+# Setting for __prefix_line (only `logging=syslog`):
+_daemon = (?:apache\d*|httpd(?:/\w+)?)
+
+apache-prefix = <apache-prefix-<logging>>
+
+apache-pref-ignore =
+
+_apache_error_client = <apache-prefix>\[(:?error|<apache-pref-ignore>\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])? \[client <HOST>(:\d{1,5})?\]
+
+datepattern = {^LN-BEG}
+
+# Common prefix for [error] apache messages which also would include <HOST>
+# Depending on the version it could be
+# 2.2: [Sat Jun 01 11:23:08 2013] [error] [client 1.2.3.4]
+# 2.4: [Thu Jun 27 11:55:44.569531 2013] [core:info] [pid 4101:tid 2992634688] [client 1.2.3.4:46652]
+# 2.4 (perfork): [Mon Dec 23 07:49:01.981912 2013] [:error] [pid 3790] [client 204.232.202.107:46301] script '/var/www/timthumb.php' not found or unable to 
+#
+# Reference: https://github.com/fail2ban/fail2ban/issues/268
+#
+# Author: Yaroslav Halchenko
diff --git a/njallavps/swag/fail2ban/filter.d/apache-fakegooglebot.conf b/njallavps/swag/fail2ban/filter.d/apache-fakegooglebot.conf
new file mode 100644
index 0000000..ee23656
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/apache-fakegooglebot.conf
@@ -0,0 +1,16 @@
+# Fail2Ban filter for fake Googlebot User Agents
+
+[Definition]
+
+failregex = ^\s*<HOST> \S+ \S+(?: \S+)?\s+\S+ "[A-Z]+ /\S* [^"]*" \d+ \d+ \"[^"]*\" "[^"]*\bGooglebot/[^"]*"
+
+ignoreregex =
+
+datepattern = ^[^\[]*(\[{DATE}\s*\])
+              {^LN-BEG}
+
+# DEV Notes:
+#
+# Author: Lee Clemens
+# Thanks: Johannes B. Ullrich, Ph.D.
+# Reference: https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/
diff --git a/njallavps/swag/fail2ban/filter.d/apache-modsecurity.conf b/njallavps/swag/fail2ban/filter.d/apache-modsecurity.conf
new file mode 100644
index 0000000..f7600ac
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/apache-modsecurity.conf
@@ -0,0 +1,19 @@
+# Fail2Ban apache-modsec filter
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# apache-common.local
+before = apache-common.conf
+
+[Definition]
+
+
+failregex = ^%(_apache_error_client)s(?: \[client [^\]]+\])? ModSecurity:\s+(?:\[(?:\w+ \"[^\"]*\"|[^\]]*)\]\s*)*Access denied with code [45]\d\d
+
+ignoreregex = 
+
+# https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats
+# Author: Daniel Black
+#         Sergey G. Brester aka sebres (review, optimization)
diff --git a/njallavps/swag/fail2ban/filter.d/apache-nohome.conf b/njallavps/swag/fail2ban/filter.d/apache-nohome.conf
new file mode 100644
index 0000000..358d6d3
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/apache-nohome.conf
@@ -0,0 +1,20 @@
+# Fail2Ban filter to web requests for home directories on Apache servers
+#
+# Regex to match failures to find a home directory on a server, which
+# became popular last days. Most often attacker just uses IP instead of
+# domain name -- so expect to see them in generic error.log if you have
+# per-domain log files.
+
+[INCLUDES]
+
+# overwrite with apache-common.local if _apache_error_client is incorrect.
+before = apache-common.conf
+
+[Definition]
+
+
+failregex = ^%(_apache_error_client)s (AH00128: )?File does not exist: .*/~.*
+
+ignoreregex = 
+
+# Author: Yaroslav O. Halchenko <debian@onerussian.com>
diff --git a/njallavps/swag/fail2ban/filter.d/apache-noscript.conf b/njallavps/swag/fail2ban/filter.d/apache-noscript.conf
new file mode 100644
index 0000000..dd9452a
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/apache-noscript.conf
@@ -0,0 +1,37 @@
+# Fail2Ban filter to block web requests for scripts (on non scripted websites)
+#
+# This matches many types of scripts that don't exist. This could generate a
+# lot of false positive matches in cases like wikis and forums where users
+# no affiliated with the website can insert links to missing files/scripts into
+# pages and cause non-malicious browsers of the site to trigger against this
+# filter.
+#
+# If you'd like to match specific URLs that don't exist see the
+# apache-botsearch filter.
+#
+
+[INCLUDES]
+
+# overwrite with apache-common.local if _apache_error_client is incorrect.
+before = apache-common.conf
+
+[Definition]
+
+script = /\S*(?:php(?:[45]|[.-]cgi)?|\.asp|\.exe|\.pl|\bcgi-bin/)
+
+prefregex = ^%(_apache_error_client)s (?:AH0(?:01(?:28|30)|1(?:264|071)|2811): )?(?:(?:[Ff]ile|script|[Gg]ot) )<F-CONTENT>.+</F-CONTENT>$
+
+failregex = ^(?:does not exist|not found or unable to stat): <script>\b
+            ^'<script>\S*' not found or unable to stat
+            ^error '[Pp]rimary script unknown(?:\\n)?'
+
+ignoreregex = 
+
+
+# DEV Notes:
+#
+# https://wiki.apache.org/httpd/ListOfErrors for apache error IDs
+#
+# Second regex, script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat\s*$ is in httpd-2.2
+#
+# Author: Cyril Jaquier
diff --git a/njallavps/swag/fail2ban/filter.d/apache-overflows.conf b/njallavps/swag/fail2ban/filter.d/apache-overflows.conf
new file mode 100644
index 0000000..0f54da1
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/apache-overflows.conf
@@ -0,0 +1,40 @@
+# Fail2Ban filter to block web requests on a long or suspicious nature
+#
+
+[INCLUDES]
+
+# overwrite with apache-common.local if _apache_error_client is incorrect.
+before = apache-common.conf
+
+[Definition]
+
+failregex = ^%(_apache_error_client)s (?:(?:AH001[23][456]: )?Invalid (method|URI) in request\b|(?:AH00565: )?request failed: URI too long \(longer than \d+\)|request failed: erroneous characters after protocol string:|(?:AH00566: )?request failed: invalid characters in URI\b)
+
+ignoreregex =
+
+# DEV Notes:
+#
+# [sebres] Because this apache-log could contain very long URLs (and/or referrer), 
+#          the parsing of it anchored way may be very vulnerable (at least as regards 
+#          the system resources, see gh-1790). Thus rewritten without end-anchor ($).
+# 
+# fgrep -r 'URI too long' httpd-2.*
+#   httpd-2.2.25/server/protocol.c:                          "request failed: URI too long (longer than %d)", r->server->limit_req_line);
+#   httpd-2.4.4/server/protocol.c:                              "request failed: URI too long (longer than %d)",
+#
+# fgrep -r 'in request' ../httpd-2.* | fgrep Invalid
+#   httpd-2.2.25/server/core.c:                     "Invalid URI in request %s", r->the_request);
+#   httpd-2.2.25/server/core.c:                          "Invalid method in request %s", r->the_request);
+#   httpd-2.2.25/docs/manual/rewrite/flags.html.fr:avertissements 'Invalid URI in request'.
+#   httpd-2.4.4/server/core.c:                     "Invalid URI in request %s", r->the_request);
+#   httpd-2.4.4/server/core.c:                              "Invalid method in request %s - possible attempt to establish SSL connection on non-SSL port", r->the_request);
+#   httpd-2.4.4/server/core.c:                              "Invalid method in request %s", r->the_request);
+#
+# fgrep -r 'invalid characters in URI' httpd-2.*
+#   httpd-2.4.4/server/protocol.c:                              "request failed: invalid characters in URI");
+#
+# http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?r1=739382&r2=739620&pathrev=739620
+#   ...possible attempt to establish SSL connection on non-SSL port
+#
+# https://wiki.apache.org/httpd/ListOfErrors
+# Author: Tim Connors
diff --git a/njallavps/swag/fail2ban/filter.d/apache-pass.conf b/njallavps/swag/fail2ban/filter.d/apache-pass.conf
new file mode 100644
index 0000000..3cab87b
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/apache-pass.conf
@@ -0,0 +1,19 @@
+# Fail2Ban Apache pass filter
+# This filter is for access.log, NOT for error.log
+#
+# The knocking request must have a referer.
+
+[Definition]
+
+failregex = ^<HOST> - \w+ \[\] "GET <knocking_url> HTTP/1\.[01]" 200 \d+ ".*" "[^-].*"$
+
+ignoreregex =
+
+datepattern = ^[^\[]*\[({DATE})
+              {^LN-BEG}
+
+[Init]
+
+knocking_url = /knocking/
+
+# Author: Viktor Szépe
diff --git a/njallavps/swag/fail2ban/filter.d/apache-shellshock.conf b/njallavps/swag/fail2ban/filter.d/apache-shellshock.conf
new file mode 100644
index 0000000..55c17c8
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/apache-shellshock.conf
@@ -0,0 +1,28 @@
+# Fail2Ban filter to block web requests containing custom headers attempting to exploit the shellshock bug
+#
+#
+
+[INCLUDES]
+
+# overwrite with apache-common.local if _apache_error_client is incorrect.
+before = apache-common.conf
+
+[Definition]
+
+prefregex = ^%(_apache_error_client)s (AH01215: )?/bin/([bd]a)?sh: <F-CONTENT>.+</F-CONTENT>$
+
+failregex = ^warning: HTTP_[^:]+: ignoring function definition attempt(, referer: \S+)?\s*$
+            ^error importing function definition for `HTTP_[^']+'(, referer: \S+)?\s*$
+
+ignoreregex = 
+
+
+# DEV Notes:
+#
+# https://wiki.apache.org/httpd/ListOfErrors for apache error IDs
+#
+# example log lines: 
+# [Thu Sep 25 09:27:18.813902 2014] [cgi:error] [pid 16860] [client 89.207.132.76:59635] AH01215: /bin/bash: warning: HTTP_TEST: ignoring function definition attempt
+# [Thu Sep 25 09:29:56.141832 2014] [cgi:error] [pid 16864] [client 162.247.73.206:41273] AH01215: /bin/bash: error importing function definition for `HTTP_TEST'
+#
+# Author: Eugene Hopkinson (e.hopkinson@gmail.com)
diff --git a/njallavps/swag/fail2ban/filter.d/assp.conf b/njallavps/swag/fail2ban/filter.d/assp.conf
new file mode 100644
index 0000000..9837f71
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/assp.conf
@@ -0,0 +1,46 @@
+# Fail2Ban filter for Anti-Spam SMTP Proxy Server (ASSP)
+#    Filter works in theory for both ASSP V1 and V2. Recommended ASSP is V2.5.1 or later.
+#    Support for ASSP V1 ended in 2014 so if you are still running ASSP V1 an immediate upgrade is recommended.
+#
+#    Homepage:    http://sourceforge.net/projects/assp/
+#    ProjectSite: http://sourceforge.net/projects/assp/?source=directory
+#
+#
+
+[Definition] 
+# Note: First three failregex matches below are for ASSP V1 with the remaining being designed for V2. Deleting the V1 regex is recommended but I left it in for compatibility reasons.
+
+__assp_actions = (?:dropping|refusing)
+
+failregex = ^(:? \[SSL-out\])? <HOST> max sender authentication errors \(\d{,3}\) exceeded -- %(__assp_actions)s connection - after reply: \d{3} \d{1}\.\d{1}.\d{1} Error: authentication failed: \w+;$
+			^(?: \[SSL-out\])? <HOST> SSL negotiation with client failed: SSL accept attempt failed with unknown error.*:unknown protocol;$
+			^ Blocking <HOST> - too much AUTH errors \(\d{,3}\);$
+			^\s*(?:[\w\-]+\s+)*(?:\[\S+\]\s+)*<HOST> (?:\<\S+@\S+\.\S+\> )*(?:to: \S+@\S+\.\S+ )*relay attempt blocked for(?: \(parsing\))?: \S+$
+			^\s*(?:[\w\-]+\s+)*(?:\[\S+\]\s+)*<HOST> \[SMTP Error\] 535 5\.7\.8 Error: authentication failed:\s+(?:\S+|Connection lost to authentication server|Invalid authentication mechanism|Invalid base64 data in continued response)?$
+
+ignoreregex = 
+
+datepattern = {^LN-BEG}%%b-%%d-%%Exy %%H:%%M:%%S
+              {^LN-BEG}
+
+# DEV Notes:
+# V1 Examples matches:
+#   Apr-27-13 02:33:09 Blocking 217.194.197.97 - too much AUTH errors (41);
+#   Dec-29-12 17:10:31 [SSL-out] 200.247.87.82 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
+#   Dec-30-12 04:01:47 [SSL-out] 81.82.232.66 max sender authentication errors (5) exceeded 
+#
+# V2 Examples matches:
+#   Jul-29-16 16:49:52 m1-25391-06124 [Worker_1] [TLS-out] [RelayAttempt] 0.0.0.0 <user@example.com> to: user@example.org relay attempt blocked for: someone@example.org
+#   Jul-30-16 16:59:42 [Worker_1] [TLS-out] 0.0.0.0 [SMTP Error] 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
+#   Jul-30-16 00:15:36 m1-52131-09651 [Worker_1] [TLS-out] 0.0.0.0 [SMTP Error] 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
+#   Jul-31-16 06:45:59 [Worker_1] [TLS-in] [TLS-out] 0.0.0.0 [SMTP Error] 535 5.7.8 Error: authentication failed:
+#   Jan-05-16 08:38:49 m1-01129-09140 [Worker_1] [TLS-in] [TLS-out] [RelayAttempt] 0.0.0.0 <user@example.com> relay attempt blocked for (parsing): <user2@example>
+#   Jun-12-16 16:43:37 m1-64217-12013 [Worker_1] [TLS-in] [TLS-out] [RelayAttempt] 0.0.0.0 <user@example.com> to: user2@example.com relay attempt blocked for (parsing): <a.notheruser69@example.c>
+#   Jan-22-16 22:25:51 [Worker_1] [TLS-out] 0.0.0.0 [SMTP Error] 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
+#   Mar-19-16 13:42:20 [Worker_1] [TLS-out] 0.0.0.0 [SMTP Error] 535 5.7.8 Error: authentication failed: Invalid base64 data in continued response
+#   Jul-18-16 16:54:21 [Worker_2] [TLS-out] 0.0.0.0 [SMTP Error] 535 5.7.8 Error: authentication failed: Connection lost to authentication server
+#   Jul-18-16 17:14:23 m1-76453-02949 [Worker_1] [TLS-out] 0.0.0.0 [SMTP Error] 535 5.7.8 Error: authentication failed: Connection lost to authentication server
+
+#
+# Author: Enrico Labedzki (enrico.labedzki@deiwos.de)
+# V2 Filters: Robert Hardy (rhardy@webcon.ca)
diff --git a/njallavps/swag/fail2ban/filter.d/asterisk.conf b/njallavps/swag/fail2ban/filter.d/asterisk.conf
new file mode 100644
index 0000000..e15d7bf
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/asterisk.conf
@@ -0,0 +1,55 @@
+# Fail2Ban filter for asterisk authentication failures
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = asterisk
+
+__pid_re = (?:\s*\[\d+\])
+
+iso8601 = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+[+-]\d{4}
+
+# All Asterisk log messages begin like this:
+log_prefix= (?:NOTICE|SECURITY|WARNING)%(__pid_re)s:?(?:\[C-[\da-f]*\])?:? [^:]+:\d*(?:(?: in)? [^:]+:)?
+
+prefregex = ^%(__prefix_line)s%(log_prefix)s <F-CONTENT>.+</F-CONTENT>$
+
+failregex = ^Registration from '[^']*' failed for '<HOST>(:\d+)?' - (?:Wrong password|Username/auth name mismatch|No matching peer found|Not a local domain|Device does not match ACL|Peer is not supposed to register|ACL error \(permit/deny\)|Not a local domain)$
+            ^Call from '[^']*' \((?:(?:TCP|UDP):)?<HOST>:\d+\) to extension '[^']*' rejected because extension not found in context
+            ^(?:Host )?<HOST> (?:failed (?:to authenticate\b|MD5 authentication\b)|tried to authenticate with nonexistent user\b)
+            ^No registration for peer '[^']*' \(from <HOST>\)$
+            ^hacking attempt detected '<HOST>'$
+            ^SecurityEvent="(?:FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)"(?:(?:,(?!RemoteAddress=)\w+="[^"]*")*|.*?),RemoteAddress="IPV[46]/[^/"]+/<HOST>/\d+"(?:,(?!RemoteAddress=)\w+="[^"]*")*$
+            ^"Rejecting unknown SIP connection from <HOST>(?::\d+)?"$
+            ^Request (?:'[^']*' )?from '(?:[^']*|.*?)' failed for '<HOST>(?::\d+)?'\s\(callid: [^\)]*\) - (?:No matching endpoint found|Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to authenticate)\s*$
+
+# FreePBX (todo: make optional in v.0.10):
+#            ^(%(__prefix_line)s|\[\]\s*WARNING%(__pid_re)s:?(?:\[C-[\da-f]*\])? )[^:]+: Friendly Scanner from <HOST>$
+
+ignoreregex =
+
+datepattern = {^LN-BEG}
+
+# Author: Xavier Devlamynck / Daniel Black
+#
+# General log format - main/logger.c:ast_log
+# Address format - ast_sockaddr_stringify
+#
+# First regex: channels/chan_sip.c
+#
+# main/logger.c:ast_log_vsyslog - "in {functionname}:" only occurs in syslog
+
+journalmatch = _SYSTEMD_UNIT=asterisk.service
+
+
+[lt_journal]
+
+# asterisk can log timestamp if logs into systemd-journal (optional part matching this timestamp, gh-2383):
+__extra_timestamp = (?:\[[^\]]+\]\s+)?
+__prefix_line = %(known/__prefix_line)s%(__extra_timestamp)s
diff --git a/njallavps/swag/fail2ban/filter.d/bitwarden.conf b/njallavps/swag/fail2ban/filter.d/bitwarden.conf
new file mode 100644
index 0000000..b0651c8
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/bitwarden.conf
@@ -0,0 +1,13 @@
+# Fail2Ban filter for Bitwarden
+# Detecting failed login attempts
+# Logged in bwdata/logs/identity/Identity/log.txt
+
+[INCLUDES]
+before = common.conf
+
+[Definition]
+_daemon = Bitwarden-Identity
+failregex = ^%(__prefix_line)s\s*\[(?:W(?:RN|arning)|Bit\.Core\.[^\]]+)\]\s+Failed login attempt(?:, 2FA invalid)?\. <ADDR>$
+
+# DEV Notes:
+# __prefix_line can result to an empty string, so it can support syslog and non-syslog at once.
diff --git a/njallavps/swag/fail2ban/filter.d/botsearch-common.conf b/njallavps/swag/fail2ban/filter.d/botsearch-common.conf
new file mode 100644
index 0000000..6052fab
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/botsearch-common.conf
@@ -0,0 +1,19 @@
+# Generic configuration file for -botsearch filters
+
+[Init]
+
+# Block is the actual non-found directories to block
+block = \/?(<webmail>|<phpmyadmin>|<wordpress>|cgi-bin|mysqladmin)[^,]*
+
+# These are just convenient definitions that assist the blocking of stuff that 
+# isn't installed
+webmail = roundcube|(ext)?mail|horde|(v-?)?webmail
+
+phpmyadmin = (typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)
+
+wordpress = wp-(login|signup|admin)\.php
+
+# DEV Notes:
+# Taken from apache-botsearch filter
+# 
+# Author: Frantisek Sumsal
diff --git a/njallavps/swag/fail2ban/filter.d/centreon.conf b/njallavps/swag/fail2ban/filter.d/centreon.conf
new file mode 100644
index 0000000..fd3c848
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/centreon.conf
@@ -0,0 +1,9 @@
+# Fail2Ban filter for Centreon Web
+# Detecting unauthorized access to the Centreon Web portal
+# typically logged in /var/log/centreon/login.log
+
+[Init]
+datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S
+
+[Definition]
+failregex = ^(?:\|-?\d+){3}\|\[[^\]]*\] \[<HOST>\] Authentication failed for '<F-USER>[^']+</F-USER>'
diff --git a/njallavps/swag/fail2ban/filter.d/common.conf b/njallavps/swag/fail2ban/filter.d/common.conf
new file mode 100644
index 0000000..e6b3c64
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/common.conf
@@ -0,0 +1,89 @@
+# Generic configuration items (to be used as interpolations) in other
+# filters  or actions configurations
+#
+
+[INCLUDES]
+
+# Load customizations if any available
+after = common.local
+
+
+[DEFAULT]
+
+# Type of log-file resp. log-format (file, short, journal, rfc5424):
+logtype = file
+
+# Daemon definition is to be specialized (if needed) in .conf file
+_daemon = \S*
+
+#
+# Shortcuts for easier comprehension of the failregex
+#
+# PID.
+# EXAMPLES: [123]
+__pid_re = (?:\[\d+\])
+
+# Daemon name (with optional source_file:line or whatever)
+# EXAMPLES: pam_rhosts_auth, [sshd], pop(pam_unix)
+__daemon_re = [\[\(]?<_daemon>(?:\(\S+\))?[\]\)]?:?
+
+# extra daemon info
+# EXAMPLE: [ID 800047 auth.info]
+__daemon_extra_re = \[ID \d+ \S+\]
+
+# Combinations of daemon name and PID
+# EXAMPLES: sshd[31607], pop(pam_unix)[4920]
+__daemon_combs_re = (?:<__pid_re>?:\s+<__daemon_re>|<__daemon_re><__pid_re>?:?)
+
+# Some messages have a kernel prefix with a timestamp
+# EXAMPLES: kernel: [769570.846956]
+__kernel_prefix = kernel:\s?\[ *\d+\.\d+\]:?
+
+__hostname = \S+
+
+# A MD5 hex
+# EXAMPLES: 07:06:27:55:b0:e3:0c:3c:5a:28:2d:7c:7e:4c:77:5f
+__md5hex = (?:[\da-f]{2}:){15}[\da-f]{2}
+
+# bsdverbose is where syslogd is started with -v or -vv and results in <4.3> or
+# <auth.info> appearing before the host as per testcases/files/logs/bsd/*.
+__bsd_syslog_verbose = <[^.]+\.[^.]+>
+
+__vserver = @vserver_\S+
+
+__date_ambit = (?:\[\])
+
+# Common line prefixes (beginnings) which could be used in filters
+#
+#      [bsdverbose]? [hostname] [vserver tag] daemon_id spaces
+#
+# This can be optional (for instance if we match named native log files)
+__prefix_line = <lt_<logtype>/__prefix_line>
+
+# PAM authentication mechanism check for failures, e.g.: pam_unix, pam_sss,
+# pam_ldap
+__pam_auth = pam_unix
+
+# standardly all formats using prefix have line-begin anchored date:
+datepattern = <lt_<logtype>/datepattern>
+
+[lt_file]
+# Common line prefixes for logtype "file":
+__prefix_line = <__date_ambit>?\s*(?:<__bsd_syslog_verbose>\s+)?(?:<__hostname>\s+)?(?:<__kernel_prefix>\s+)?(?:<__vserver>\s+)?(?:<__daemon_combs_re>\s+)?(?:<__daemon_extra_re>\s+)?
+datepattern = {^LN-BEG}
+
+[lt_short]
+# Common (short) line prefix for logtype "journal" (corresponds output of formatJournalEntry):
+__prefix_line = \s*(?:<__hostname>\s+)?(?:<_daemon><__pid_re>?:?\s+)?(?:<__kernel_prefix>\s+)?
+datepattern = %(lt_file/datepattern)s
+[lt_journal]
+__prefix_line = %(lt_short/__prefix_line)s
+datepattern = %(lt_short/datepattern)s
+
+[lt_rfc5424]
+# RFC 5424 log-format, see gh-2309:
+#__prefix_line = \s*<__hostname> <__daemon_re> \d+ \S+ \S+\s+
+__prefix_line = \s*<__hostname> <__daemon_re> \d+ \S+ (?:[^\[\]\s]+|(?:\[(?:[^\]"]*|"[^"]*")*\])+)\s+
+datepattern = ^<\d+>\d+\s+{DATE}
+
+# Author: Yaroslav Halchenko, Sergey G. Brester (aka sebres)
diff --git a/njallavps/swag/fail2ban/filter.d/counter-strike.conf b/njallavps/swag/fail2ban/filter.d/counter-strike.conf
new file mode 100644
index 0000000..294927b
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/counter-strike.conf
@@ -0,0 +1,15 @@
+# Fail2Ban filter for failure attempts in Counter Strike-1.6
+#
+#
+
+[Definition]
+
+failregex = ^: Bad Rcon: "rcon \d+ "\S+"  sv_contact ".*?"" from "<HOST>:\d+"$
+
+ignoreregex =
+
+datepattern = ^L %%d/%%m/%%Y - %%H:%%M:%%S
+
+
+# Author: Daniel Black
+
diff --git a/njallavps/swag/fail2ban/filter.d/courier-auth.conf b/njallavps/swag/fail2ban/filter.d/courier-auth.conf
new file mode 100644
index 0000000..d5ba9c5
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/courier-auth.conf
@@ -0,0 +1,21 @@
+# Fail2Ban filter for courier authentication failures
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = (?:courier)?(?:imapd?|pop3d?)(?:login)?(?:-ssl)?
+
+failregex = ^%(__prefix_line)sLOGIN FAILED, (?:(?!ip=)(?:user=<F-USER>[^,]*</F-USER>|\w+=[^,]*), )*ip=\[<HOST>\]
+
+ignoreregex = 
+
+datepattern = {^LN-BEG}
+
+# Author: Christoph Haas
+# Modified by: Cyril Jaquier
diff --git a/njallavps/swag/fail2ban/filter.d/courier-smtp.conf b/njallavps/swag/fail2ban/filter.d/courier-smtp.conf
new file mode 100644
index 0000000..4b2b8d8
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/courier-smtp.conf
@@ -0,0 +1,22 @@
+# Fail2Ban filter to block relay attempts though a Courier smtp server
+#
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = courieresmtpd
+
+prefregex = ^%(__prefix_line)serror,relay=<HOST>,(?:port=\d+,)?<F-CONTENT>.+</F-CONTENT>$
+
+failregex = ^[^:]*: 550 User (<.*> )?unknown\.?$
+            ^msg="535 Authentication failed\.",cmd:( AUTH \S+)?( [0-9a-zA-Z\+/=]+)?(?: \S+)$
+
+ignoreregex = 
+
+# Author: Cyril Jaquier
diff --git a/njallavps/swag/fail2ban/filter.d/cyrus-imap.conf b/njallavps/swag/fail2ban/filter.d/cyrus-imap.conf
new file mode 100644
index 0000000..31dfda6
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/cyrus-imap.conf
@@ -0,0 +1,20 @@
+# Fail2Ban filter for authentication failures on Cyrus imap server
+#
+#
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = (?:cyrus/)?(?:imap(d|s)?|pop3(d|s)?)
+
+failregex = ^%(__prefix_line)sbadlogin: [^\[]*\[<HOST>\] \S+ .*?\[?SASL\(-13\): (authentication failure|user not found): .*\]?$
+
+ignoreregex = 
+
+# Author: Jan Wagner <waja@cyconet.org>
diff --git a/njallavps/swag/fail2ban/filter.d/directadmin.conf b/njallavps/swag/fail2ban/filter.d/directadmin.conf
new file mode 100644
index 0000000..87c7802
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/directadmin.conf
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file for Directadmin
+#
+#
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+failregex = ^: \'<HOST>\' \d{1,3} failed login attempt(s)?. \s*
+
+ignoreregex = 
+
+datepattern = ^%%Y:%%m:%%d-%%H:%%M:%%S
+
+#
+# Requires Directadmin v1.45.3 or higher. http://www.directadmin.com/features.php?id=1590
+#
+# Author: Cyril Roos
+
diff --git a/njallavps/swag/fail2ban/filter.d/domino-smtp.conf b/njallavps/swag/fail2ban/filter.d/domino-smtp.conf
new file mode 100644
index 0000000..638cd7c
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/domino-smtp.conf
@@ -0,0 +1,50 @@
+# Fail2Ban configuration file for IBM Domino SMTP Server TASK to detect failed login attempts
+#
+# Author: Christian Brandlehner
+#
+# $Revision: 003 $
+#
+# Configuration:
+# Set the following Domino Server parameters in notes.ini:
+#       console_log_enabled=1
+#       log_sessions=2
+# You also have to use a date and time format supported by fail2ban. Recommended notes.ini configuration is:
+#       DateOrder=DMY
+#       DateSeparator=-
+#       ClockType=24_Hour
+#       TimeSeparator=:
+#
+# Depending on your locale you might have to tweak the date and time format so fail2ban can read the log
+
+#[INCLUDES]
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+#before = common.conf
+
+[Definition]
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+# Sample log entries (used different time formats and an extra sample with process info in front of date)
+# 01-23-2009 19:54:51   SMTP Server: Authentication failed for user postmaster ; connecting host 1.2.3.4
+# [28325:00010-3735542592] 22-06-2014 09:56:12   smtp: postmaster [1.2.3.4] authentication failure using internet password
+# 08-09-2014 06:14:27   smtp: postmaster [1.2.3.4] authentication failure using internet password
+# 08-09-2014 06:14:27   SMTP Server: Authentication failed for user postmaster ; connecting host 1.2.3.4
+
+__prefix = (?:\[[^\]]+\])?\s*
+__opt_data = (?::|\s+\[[^\]]+\])
+failregex = ^%(__prefix)sSMTP Server%(__opt_data)s Authentication failed for user .*? \; connecting host \[?<HOST>\]?$
+            ^%(__prefix)ssmtp: (?:[^\[]+ )*\[?<HOST>\]? authentication failure using internet password\s*$
+            ^%(__prefix)sSMTP Server%(__opt_data)s Connection from \[?<HOST>\]? rejected for policy reasons\.
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+
+ignoreregex =
+
diff --git a/njallavps/swag/fail2ban/filter.d/dovecot.conf b/njallavps/swag/fail2ban/filter.d/dovecot.conf
new file mode 100644
index 0000000..dc3ebbc
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/dovecot.conf
@@ -0,0 +1,50 @@
+# Fail2Ban filter Dovecot authentication and pop3/imap server
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = (?:dovecot(?:-auth)?|auth)
+
+_auth_worker = (?:dovecot: )?auth(?:-worker)?
+_auth_worker_info = (?:conn \w+:auth(?:-worker)? \([^\)]+\): auth(?:-worker)?<\d+>: )?
+_bypass_reject_reason = (?:: (?:\w+\([^\):]*\) \w+|[^\(]+))*
+
+prefregex = ^%(__prefix_line)s(?:%(_auth_worker)s(?:\([^\)]+\))?: )?(?:%(__pam_auth)s(?:\(dovecot:auth\))?: |(?:pop3|imap|managesieve|submission)-login: )?(?:Info: )?%(_auth_worker_info)s<F-CONTENT>.+</F-CONTENT>$
+
+failregex = ^authentication failure; logname=<F-ALT_USER1>\S*</F-ALT_USER1> uid=\S* euid=\S* tty=dovecot ruser=<F-USER>\S*</F-USER> rhost=<HOST>(?:\s+user=<F-ALT_USER>\S*</F-ALT_USER>)?\s*$
+            ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)%(_bypass_reject_reason)s \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\):(?: user=<<F-USER>[^>]*</F-USER>>,)?(?: method=\S+,)? rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
+            ^pam\(\S+,<HOST>(?:,\S*)?\): pam_authenticate\(\) failed: (?:User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \([Pp]assword mismatch\?\)|Permission denied)\s*$
+            ^[a-z\-]{3,15}\(\S*,<HOST>(?:,\S*)?\): (?:[Uu]nknown user|[Ii]nvalid credentials|[Pp]assword mismatch)
+            <mdre-<mode>>
+
+mdre-aggressive = ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)%(_bypass_reject_reason)s \((?:no auth attempts|disconnected before auth was ready,|client didn't finish \S+ auth,)(?: (?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
+
+mdre-normal = 
+
+# Parameter `mode` - `normal` or `aggressive`.
+# Aggressive mode can be used to match log-entries like:
+#   'no auth attempts', 'disconnected before auth was ready', 'client didn't finish SASL auth'.
+# Note it may produce lots of false positives on misconfigured MTAs.
+# Ex.:
+# filter = dovecot[mode=aggressive]
+mode = normal
+
+ignoreregex = 
+
+journalmatch = _SYSTEMD_UNIT=dovecot.service
+
+datepattern = {^LN-BEG}TAI64N
+              {^LN-BEG}
+
+# DEV Notes:
+# * the first regex is essentially a copy of pam-generic.conf
+# * Probably doesn't do dovecot sql/ldap backends properly (resolved in edit 21/03/2016)
+#
+# Author: Martin Waschbuesch
+#         Daniel Black (rewrote with begin and end anchors)
+#         Martin O'Neal (added LDAP authentication failure regex)
+#         Sergey G. Brester aka sebres (reviewed, optimized, IPv6-compatibility)
diff --git a/njallavps/swag/fail2ban/filter.d/dropbear.conf b/njallavps/swag/fail2ban/filter.d/dropbear.conf
new file mode 100644
index 0000000..930bb12
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/dropbear.conf
@@ -0,0 +1,50 @@
+# Fail2Ban filter for dropbear
+#
+# NOTE: The regex below is ONLY intended to work with a patched
+# version of Dropbear as described here:
+# http://www.unchartedbackwaters.co.uk/pyblosxom/static/patches
+#            ^%(__prefix_line)sexit before auth from <HOST>.*\s*$
+#
+# The standard Dropbear output doesn't provide enough information to
+# ban all types of attack.  The Dropbear patch adds IP address
+# information to the 'exit before auth' message which is always
+# produced for any form of non-successful login. It is that message
+# which this file matches.
+#
+# More information: http://bugs.debian.org/546913
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = dropbear
+
+prefregex = ^%(__prefix_line)s<F-CONTENT>(?:[Ll]ogin|[Bb]ad|[Ee]xit).+</F-CONTENT>$
+
+failregex = ^[Ll]ogin attempt for nonexistent user ('.*' )?from <HOST>:\d+$
+            ^[Bb]ad (PAM )?password attempt for .+ from <HOST>(:\d+)?$
+            ^[Ee]xit before auth \(user '.+', \d+ fails\): Max auth tries reached - user '.+' from <HOST>:\d+\s*$
+
+ignoreregex = 
+
+# DEV Notes:
+#
+# The first two regexs here match the unmodified dropbear messages. It isn't
+# possible to match the source of the 'exit before auth' messages from dropbear
+# as they don't include the "from <HOST>" bit.
+#
+# The second last failregex line we need to match with the modified dropbear.
+#
+# For the second regex the following apply:
+#
+# http://www.netmite.com/android/mydroid/external/dropbear/svr-authpam.c
+# http://svn.dd-wrt.com/changeset/16642#file64
+#
+# http://svn.dd-wrt.com/changeset/16642/src/router/dropbear/svr-authpasswd.c
+#
+# Author: Francis Russell
+#         Zak B. Elep
diff --git a/njallavps/swag/fail2ban/filter.d/drupal-auth.conf b/njallavps/swag/fail2ban/filter.d/drupal-auth.conf
new file mode 100644
index 0000000..2404cc6
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/drupal-auth.conf
@@ -0,0 +1,26 @@
+# Fail2Ban filter to block repeated failed login attempts to Drupal site(s)
+#
+#
+# Drupal must be setup to use Syslog, which defaults to the following format:
+#
+#   !base_url|!timestamp|!type|!ip|!request_uri|!referer|!uid|!link|!message
+#
+#
+
+[INCLUDES]
+
+before = common.conf
+
+
+[Definition]
+
+failregex = ^%(__prefix_line)s(?:https?:\/\/)[^|]+\|[^|]+\|[^|]+\|<ADDR>\|(?:[^|]*\|)*Login attempt failed (?:for|from) <F-USER>[^|]+</F-USER>\.$
+
+ignoreregex =
+
+
+# DEV Notes:
+#
+# https://www.drupal.org/documentation/modules/syslog
+#
+# Author: Lee Clemens
diff --git a/njallavps/swag/fail2ban/filter.d/ejabberd-auth.conf b/njallavps/swag/fail2ban/filter.d/ejabberd-auth.conf
new file mode 100644
index 0000000..48e82df
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/ejabberd-auth.conf
@@ -0,0 +1,40 @@
+# Fail2Ban configuration file
+#
+# Author: Steven Hiscocks
+#
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+#          Multiline regexs should use tag "<SKIPLINES>" to separate lines.
+#          This allows lines between the matching lines to continue to be
+#          searched for other failures. This tag can be used multiple times.
+# Values:  TEXT
+#
+failregex = ^=INFO REPORT====  ===\nI\(<0\.\d+\.0>:ejabberd_c2s:\d+\) : \([^)]+\) Failed authentication for \S+ from (?:IP )?<HOST>(?: \({{(?:\d+,){3}\d+},\d+}\))?$
+            ^(?:\.\d+)? \[info\] <0\.\d+\.\d>@ejabberd_c2s:\w+:\d+ \([^\)]+\) Failed (?:c2s \w+ )?authentication for \S+ from (?:IP )?(?:::FFFF:)?<HOST>(?:: |$)
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
+
+# "maxlines" is number of log lines to buffer for multi-line regex searches
+maxlines = 2
+
+# Option:  journalmatch
+# Notes.:  systemd journalctl style match filter for journal based backend
+# Values:  TEXT
+#
+journalmatch = 
+
+#datepattern = ^(?:=[^=]+={3,} )?({DATE})
+# explicit time format using prefix =...==== and no date in second string begins with I(...)... 
+datepattern = ^(?:=[^=]+={3,} )?(%%ExY(?P<_sep>[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\s*%%z)?)
+              ^I\(()**
diff --git a/njallavps/swag/fail2ban/filter.d/exim-common.conf b/njallavps/swag/fail2ban/filter.d/exim-common.conf
new file mode 100644
index 0000000..36644e9
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/exim-common.conf
@@ -0,0 +1,20 @@
+# Fail2Ban filter file for common exim expressions
+#
+# This is to be used by other exim filters
+
+[INCLUDES]
+
+# Load customizations if any available
+after = exim-common.local
+
+[Definition]
+
+host_info_pre = (?:H=([\w.-]+ )?(?:\(\S+\) )?)?
+host_info_suf = (?::\d+)?(?: I=\[\S+\](:\d+)?)?(?: U=\S+)?(?: P=e?smtp)?(?: F=(?:<>|[^@]+@\S+))?\s
+host_info = %(host_info_pre)s\[<HOST>\]%(host_info_suf)s
+pid = (?: \[\d+\]| \w+ exim\[\d+\]:)?
+
+# DEV Notes:
+# From exim source code: ./src/receive.c:add_host_info_for_log
+#
+# Author:  Daniel Black
diff --git a/njallavps/swag/fail2ban/filter.d/exim-spam.conf b/njallavps/swag/fail2ban/filter.d/exim-spam.conf
new file mode 100644
index 0000000..733c884
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/exim-spam.conf
@@ -0,0 +1,50 @@
+# Fail2Ban filter for exim the spam rejection messages
+#
+# Honeypot traps are very useful for fighting spam. You just activate an email
+# address on your domain that you do not intend to use at all, and that normal
+# people do not risk to try for contacting you. It may be something that 
+# spammers often test. You can also hide the address on a web page to be picked
+# by spam spiders. Or simply parse your mail logs for an invalid address 
+# already being frequently targeted by spammers. Enable the address and 
+# redirect it to the blackhole. In Exim's alias file, you would add the 
+# following line (assuming the address is honeypot@yourdomain.com):
+#
+# honeypot:  :blackhole:
+#
+# For the SA: Action: silently tossed message... to be logged exim's SAdevnull option needs to be used.
+#
+# To this filter use the jail.local should contain in the right jail:
+#
+# filter = exim-spam[honeypot=honeypot@yourdomain.com]
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# exim-common.local
+before = exim-common.conf
+
+[Definition]
+
+failregex =  ^%(pid)s \S+ F=(<>|\S+@\S+) %(host_info)srejected by local_scan\(\): .{0,256}$
+             ^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: .*dnsbl.*\s*$
+             ^%(pid)s \S+ %(host_info)sF=(<>|[^@]+@\S+) rejected after DATA: This message contains a virus \(\S+\)\.\s*$
+             ^%(pid)s \S+ SA: Action: flagged as Spam but accepted: score=\d+\.\d+ required=\d+\.\d+ \(scanned in \d+/\d+ secs \| Message-Id: \S+\)\. From \S+ \(host=\S+ \[<HOST>\]\) for <honeypot>$
+             ^%(pid)s \S+ SA: Action: silently tossed message: score=\d+\.\d+ required=\d+\.\d+ trigger=\d+\.\d+ \(scanned in \d+/\d+ secs \| Message-Id: \S+\)\. From \S+ \(host=(\S+ )?\[<HOST>\]\) for \S+$
+
+ignoreregex = 
+
+[Init]
+
+# Option:  honeypot
+# Notes.:  honeypot is an email address that isn't published anywhere that a
+#          legitimate email sender would send email too.
+# Values:  email address
+
+honeypot = trap@example.com
+
+# DEV Notes:
+# The %(host_info) defination contains a <HOST> match
+#
+# Author: Cyril Jaquier
+#         Daniel Black (rewrote with strong regexs)
diff --git a/njallavps/swag/fail2ban/filter.d/exim.conf b/njallavps/swag/fail2ban/filter.d/exim.conf
new file mode 100644
index 0000000..6a8c12c
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/exim.conf
@@ -0,0 +1,54 @@
+# Fail2Ban filter for exim
+#
+# This includes the rejection messages of exim. For spam and filter
+# related bans use the exim-spam.conf
+#
+
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# exim-common.local
+before = exim-common.conf
+
+[Definition]
+
+# Fre-filter via "prefregex" is currently inactive because of too different failure syntax in exim-log (testing needed):
+#prefregex = ^%(pid)s <F-CONTENT>\b(?:\w+ authenticator failed|([\w\-]+ )?SMTP (?:(?:call|connection) from|protocol(?: synchronization)? error)|no MAIL in|(?:%(host_info_pre)s\[[^\]]+\]%(host_info_suf)s(?:sender verify fail|rejected RCPT|dropped|AUTH command))).+</F-CONTENT>$
+
+failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$
+            ^%(pid)s \w+ authenticator failed for (?:[^\[\( ]* )?(?:\(\S*\) )?\[<HOST>\](?::\d+)?(?: I=\[\S+\](:\d+)?)?: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$
+            ^%(pid)s %(host_info)srejected RCPT [^@]+@\S+: (?:relay not permitted|Sender verify failed|Unknown user|Unrouteable address)\s*$
+            ^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected (?:connection from|"\S+") %(host_info)s(?:next )?input=".*"\s*$
+            ^%(pid)s SMTP call from (?:[^\[\( ]* )?%(host_info)sdropped: too many (?:nonmail commands|syntax or protocol errors) \(last (?:command )?was "[^"]*"\)\s*$
+            ^%(pid)s SMTP protocol error in "[^"]+(?:"+[^"]*(?="))*?" %(host_info)sAUTH command used when not advertised\s*$
+            ^%(pid)s no MAIL in SMTP connection from (?:[^\[\( ]* )?(?:\(\S*\) )?%(host_info)sD=\d\S*s(?: C=\S*)?\s*$
+            ^%(pid)s (?:[\w\-]+ )?SMTP connection from (?:[^\[\( ]* )?(?:\(\S*\) )?%(host_info)sclosed by DROP in ACL\s*$
+            <mdre-<mode>>
+
+mdre-aggressive = ^%(pid)s no host name found for IP address <HOST>$
+                  ^%(pid)s no IP address found for host \S+ \(during SMTP connection from \[<HOST>\]\)$
+
+mdre-normal = 
+
+# Parameter `mode` - `normal` or `aggressive`.
+# Aggressive mode can be used to match flood and ddos-similar log-entries like:
+#   'no host found for IP', 'no IP found for host'.
+# Note this is not an authentication failures, so it may produce lots of false 
+# positives on misconfigured MTAs.
+# Ex.:
+#   filter = exim[mode=aggressive]
+mode = normal
+
+ignoreregex = 
+
+# DEV Notes:
+# The %(host_info) defination contains a <HOST> match
+#
+# SMTP protocol synchronization error \([^)]*\)  <- This needs to be non-greedy
+# to void capture beyond ")" to avoid a DoS Injection vulnerabilty as input= is
+# user injectable data.
+#
+# Author: Cyril Jaquier
+#         Daniel Black (rewrote with strong regexs)
+#         Martin O'Neal (added additional regexs to detect authentication failures, protocol errors, and drops)
diff --git a/njallavps/swag/fail2ban/filter.d/freeswitch.conf b/njallavps/swag/fail2ban/filter.d/freeswitch.conf
new file mode 100644
index 0000000..0fdcf1f
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/freeswitch.conf
@@ -0,0 +1,58 @@
+# Fail2Ban configuration file
+#
+# Enable "log-auth-failures" on each Sofia profile to monitor
+# <param name="log-auth-failures" value="true"/>
+# -- this requires a high enough loglevel on your logs to save these messages.
+#
+# In the fail2ban jail.local file for this filter set ignoreip to the internal
+# IP addresses on your LAN.
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = freeswitch
+
+# Parameter "mode": normal, ddos or extra (default, combines all)
+# Usage example (for jail.local):
+#   [freeswitch]
+#   mode = normal
+#   # or with rewrite filter parameters of jail:
+#   [freeswitch-ddos]
+#   filter = freeswitch[mode=ddos]
+#
+mode = extra
+              
+# Prefix contains common prefix line (server, daemon, etc.) and 2 datetimes if used systemd backend
+_pref_line = ^%(__prefix_line)s(?:(?:\d+-)?\d+-\d+ \d+:\d+:\d+\.\d+)?
+
+prefregex = ^%(_pref_line)s \[WARN(?:ING)?\](?: \[SOFIA\])? \[?sofia_reg\.c:\d+\]? <F-CONTENT>.+</F-CONTENT>$
+
+cmnfailre = ^Can't find user \[[^@]+@[^\]]+\] from <HOST>$
+
+mdre-normal = %(cmnfailre)s
+              ^SIP auth failure \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[[^\]]*\] from ip <HOST>$
+
+mdre-ddos   = ^SIP auth (?:failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[[^\]]*\] from ip <HOST>$
+
+mdre-extra  = %(cmnfailre)s
+              <mdre-ddos>
+
+failregex = <mdre-<mode>>
+
+ignoreregex =
+
+datepattern = ^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?
+              {^LN-BEG}
+
+# Author: Rupa SChomaker, soapee01, Daniel Black, Sergey Brester aka sebres
+# https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban
+# Thanks to Jim on mailing list of samples and guidance
+#
+# No need to match the following. Its a duplicate of the SIP auth regex.
+#  ^\.\d+ \[DEBUG\] sofia\.c:\d+ IP <HOST> Rejected by acl "\S+"\. Falling back to Digest auth\.$
diff --git a/njallavps/swag/fail2ban/filter.d/froxlor-auth.conf b/njallavps/swag/fail2ban/filter.d/froxlor-auth.conf
new file mode 100644
index 0000000..d8f3785
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/froxlor-auth.conf
@@ -0,0 +1,40 @@
+# Fail2Ban configuration file to block repeated failed login attempts to Frolor installation(s)
+# 
+# Froxlor needs to log to Syslog User (e.g. /var/log/user.log) with one of the following messages
+# <syslog prefix> Froxlor: [Login Action <HOST>] Unknown user '<USER>' tried to login.
+# <syslog prefix> Froxlor: [Login Action <HOST>] User '<USER>' tried to login with wrong password.
+#
+# Author: Joern Muehlencord
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+_daemon = Froxlor
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+
+prefregex = ^%(__prefix_line)s\[Login Action <HOST>\] <F-CONTENT>.+</F-CONTENT>$
+
+failregex = ^Unknown user \S* tried to login.$
+            ^User \S* tried to login with wrong password.$
+
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
+
diff --git a/njallavps/swag/fail2ban/filter.d/gitea.conf b/njallavps/swag/fail2ban/filter.d/gitea.conf
new file mode 100644
index 0000000..753f135
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/gitea.conf
@@ -0,0 +1,4 @@
+# gitea.conf
+[Definition]
+failregex =  .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
+ignoreregex =
diff --git a/njallavps/swag/fail2ban/filter.d/gitlab.conf b/njallavps/swag/fail2ban/filter.d/gitlab.conf
new file mode 100644
index 0000000..0c614ae
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/gitlab.conf
@@ -0,0 +1,6 @@
+# Fail2Ban filter for Gitlab
+# Detecting unauthorized access to the Gitlab Web portal
+# typically logged in /var/log/gitlab/gitlab-rails/application.log
+
+[Definition]
+failregex = ^: Failed Login: username=<F-USER>.+</F-USER> ip=<HOST>$
diff --git a/njallavps/swag/fail2ban/filter.d/grafana.conf b/njallavps/swag/fail2ban/filter.d/grafana.conf
new file mode 100644
index 0000000..e7f0f42
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/grafana.conf
@@ -0,0 +1,9 @@
+# Fail2Ban filter for Grafana
+# Detecting unauthorized access
+# Typically logged in /var/log/grafana/grafana.log
+
+[Init]
+datepattern = ^t=%%Y-%%m-%%dT%%H:%%M:%%S%%z
+
+[Definition]
+failregex = ^(?: lvl=err?or)? msg="Invalid username or password"(?: uname=(?:"<F-ALT_USER>[^"]+</F-ALT_USER>"|<F-USER>\S+</F-USER>)| error="<F-ERROR>[^"]+</F-ERROR>"| \S+=(?:\S*|"[^"]+"))* remote_addr=<ADDR>$
diff --git a/njallavps/swag/fail2ban/filter.d/groupoffice.conf b/njallavps/swag/fail2ban/filter.d/groupoffice.conf
new file mode 100644
index 0000000..166c5fe
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/groupoffice.conf
@@ -0,0 +1,14 @@
+# Fail2Ban filter for Group-Office
+#
+# Enable logging with:
+# $config['info_log']='/home/groupoffice/log/info.log';
+#
+
+[Definition]
+
+failregex = ^\[\]LOGIN FAILED for user: "\S+" from IP: <HOST>$
+
+ignoreregex =
+
+# Author: Daniel Black
+
diff --git a/njallavps/swag/fail2ban/filter.d/gssftpd.conf b/njallavps/swag/fail2ban/filter.d/gssftpd.conf
new file mode 100644
index 0000000..5f9fb6a
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/gssftpd.conf
@@ -0,0 +1,18 @@
+# Fail2Ban filter file for gssftp
+#
+# Note: gssftp is part of the krb5-appl-servers in Fedora
+#
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = ftpd
+
+failregex = ^%(__prefix_line)srepeated login failures from <HOST> \(\S+\)$
+
+ignoreregex = 
+
+# Author: Kevin Zembower
+# Edited: Daniel Black - syslog based daemon
diff --git a/njallavps/swag/fail2ban/filter.d/guacamole.conf b/njallavps/swag/fail2ban/filter.d/guacamole.conf
new file mode 100644
index 0000000..bc6dbea
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/guacamole.conf
@@ -0,0 +1,51 @@
+# Fail2Ban configuration file for guacamole
+#
+# Author: Steven Hiscocks
+#
+
+[Definition]
+
+logging = catalina
+failregex = <L_<logging>/failregex>
+maxlines = <L_<logging>/maxlines>
+datepattern = <L_<logging>/datepattern>
+
+[L_catalina]
+
+failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user "[^"]*" failed\.$
+
+maxlines = 2
+
+datepattern = ^%%b %%d, %%ExY %%I:%%M:%%S %%p
+              ^WARNING:()**
+              {^LN-BEG}
+
+[L_webapp]
+
+failregex = ^ \[\S+\] WARN  \S+ - Authentication attempt from <HOST> for user "<F-USER>[^"]+</F-USER>" failed.
+
+maxlines = 1
+
+datepattern = ^%%H:%%M:%%S.%%f
+
+# DEV Notes:
+#
+# failregex is based on the default pattern given in Guacamole documentation :
+# https://guacamole.apache.org/doc/gug/configuring-guacamole.html#webapp-logging
+#
+# The following logback.xml Guacamole configuration file can then be used accordingly :
+# <configuration>
+#   <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+#     <file>/var/log/guacamole.log</file>
+#     <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+#       <fileNamePattern>/var/log/guacamole.%d.log.gz</fileNamePattern>
+#       <maxHistory>32</maxHistory>
+#     </rollingPolicy>
+#     <encoder>
+#       <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+#     </encoder>
+#   </appender>
+#   <root level="info">
+#     <appender-ref ref="FILE" />
+#   </root>
+# </configuration>
diff --git a/njallavps/swag/fail2ban/filter.d/haproxy-http-auth.conf b/njallavps/swag/fail2ban/filter.d/haproxy-http-auth.conf
new file mode 100644
index 0000000..f92f9d6
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/haproxy-http-auth.conf
@@ -0,0 +1,37 @@
+# Fail2Ban filter configuration file to match failed login attempts to
+# HAProxy HTTP Authentication protected servers.
+#
+# PLEASE NOTE - When a user first hits the HTTP Auth a 401 is returned by the server
+# which prompts their browser to ask for login details.
+# This initial 401 is logged by HAProxy.
+# In other words, even successful logins will have at least 1 fail regex match.
+# Please keep this in mind when setting findtime and maxretry for jails.
+#
+# Author: Jordan Moeser
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+_daemon = haproxy
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = ^%(__prefix_line)s<HOST>(?::\d+)?\s+.*<NOSRV> -1/-1/-1/-1/\+*\d* 401
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
diff --git a/njallavps/swag/fail2ban/filter.d/horde.conf b/njallavps/swag/fail2ban/filter.d/horde.conf
new file mode 100644
index 0000000..b94ebf6
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/horde.conf
@@ -0,0 +1,16 @@
+# fail2ban filter configuration for horde
+
+
+[Definition]
+
+
+failregex = ^ HORDE \[error\] \[(horde|imp)\] FAILED LOGIN for \S+ \[<HOST>\](\(forwarded for \[\S+\]\))? to (Horde|{[^}]+}) \[(pid \d+ )?on line \d+ of \S+\]$
+
+
+ignoreregex = 
+
+# DEV NOTES:
+# https://github.com/horde/horde/blob/master/imp/lib/Auth.php#L132
+# https://github.com/horde/horde/blob/master/horde/login.php
+# 
+# Author: Daniel Black
diff --git a/njallavps/swag/fail2ban/filter.d/ignorecommands/apache-fakegooglebot b/njallavps/swag/fail2ban/filter.d/ignorecommands/apache-fakegooglebot
new file mode 100755
index 0000000..8351efa
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/ignorecommands/apache-fakegooglebot
@@ -0,0 +1,49 @@
+#!/usr/bin/env fail2ban-python
+# Inspired by https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/
+#
+# Written in Python to reuse built-in Python batteries and not depend on
+# presence of host and cut commands
+#
+import sys
+from fail2ban.server.ipdns import DNSUtils, IPAddr
+from threading import Thread
+
+def process_args(argv):
+    if len(argv) - 1 not in (1, 2):
+       raise ValueError("Usage %s ip ?timeout?. Got: %s\n"
+                        % (argv[0], argv[1:]))
+    ip = argv[1]
+
+    if not IPAddr(ip).isValid:
+       raise ValueError("Argument must be a single valid IP. Got: %s\n"
+                        % ip)
+    return argv[1:]
+
+google_ips = None
+
+def is_googlebot(ip, timeout=55):
+    import re
+
+    timeout = float(timeout or 0)
+    if timeout:
+      def ipToNameTO(host, ip, timeout):
+        host[0] = DNSUtils.ipToName(ip)
+      host = [None]
+      th = Thread(target=ipToNameTO, args=(host, ip, timeout)); th.daemon=True; th.start()
+      th.join(timeout)
+      host = host[0]
+    else:
+      host = DNSUtils.ipToName(ip)
+
+    if not host or not re.match(r'.*\.google(bot)?\.com$', host):
+       return False
+    host_ips = DNSUtils.dnsToIp(host)
+    return (ip in host_ips)
+
+if __name__ == '__main__': # pragma: no cover
+    try:
+      ret = is_googlebot(*process_args(sys.argv))
+    except ValueError as e:
+      sys.stderr.write(str(e))
+      sys.exit(2)
+    sys.exit(0 if ret else 1)
diff --git a/njallavps/swag/fail2ban/filter.d/kerio.conf b/njallavps/swag/fail2ban/filter.d/kerio.conf
new file mode 100644
index 0000000..0fde092
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/kerio.conf
@@ -0,0 +1,24 @@
+# Fail2ban filter for kerio
+
+[Definition]
+
+failregex = ^ SMTP Spam attack detected from <HOST>,
+            ^ IP address <HOST> found in DNS blacklist
+            ^ Relay attempt from IP address <HOST>
+            ^ Attempt to deliver to unknown recipient \S+, from \S+, IP address <HOST>$
+            ^ Failed SMTP login from <HOST>
+            ^ SMTP: User \S+ doesn't exist. Attempt from IP address <HOST>
+            ^ Client with IP address <HOST> has no reverse DNS entry, connection rejected before SMTP greeting$
+            ^ Administration login into Web Administration from <HOST> failed: IP address not allowed$
+            ^ Message from IP address <HOST>, sender \S+ rejected: sender domain does not exist$
+
+ignoreregex =
+
+datepattern = ^\[%%d/%%b/%%Y %%H:%%M:%%S\]
+
+# DEV NOTES:
+# 
+# Author: A.P. Lawrence
+# Updated by: M. Bischoff <https://github.com/herrbischoff>
+#
+# Based off: http://aplawrence.com/Kerio/fail2ban.html
diff --git a/njallavps/swag/fail2ban/filter.d/lighttpd-auth.conf b/njallavps/swag/fail2ban/filter.d/lighttpd-auth.conf
new file mode 100644
index 0000000..dcf19d3
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/lighttpd-auth.conf
@@ -0,0 +1,10 @@
+# Fail2Ban filter to match wrong passwords as notified by lighttpd's auth Module
+#
+
+[Definition]
+
+failregex = ^\s*(?:: )?\(?(?:http|mod)_auth\.c\.\d+\) (?:password doesn\'t match for (?:\S+|.*?) username:\s+<F-USER>(?:\S+|.*?)</F-USER>\s*|digest: auth failed(?: for\s+<F-ALT_USER>(?:\S+|.*?)</F-ALT_USER>\s*)?: (?:wrong password|uri mismatch \([^\)]*\))|get_password failed),? IP: <HOST>\s*$
+
+ignoreregex = 
+
+# Author: Francois Boulogne <fboulogne@april.org>
diff --git a/njallavps/swag/fail2ban/filter.d/mongodb-auth.conf b/njallavps/swag/fail2ban/filter.d/mongodb-auth.conf
new file mode 100644
index 0000000..66c27ab
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/mongodb-auth.conf
@@ -0,0 +1,49 @@
+# Fail2Ban filter for unsuccesfull MongoDB authentication attempts
+#
+# Logfile /var/log/mongodb/mongodb.log
+#
+# add setting in /etc/mongodb.conf
+# logpath=/var/log/mongodb/mongodb.log
+#
+# and use of the authentication
+# auth = true
+#
+
+[Definition]
+#failregex = ^\s+\[initandlisten\] connection accepted from <HOST>:\d+ \#(?P<__connid>\d+) \(1 connection now open\)<SKIPLINES>\s+\[conn(?P=__connid)\] Failed to authenticate\s+
+failregex = ^\s+\[conn(?P<__connid>\d+)\] Failed to authenticate [^\n]+<SKIPLINES>\s+\[conn(?P=__connid)\] end connection <HOST>
+
+ignoreregex =
+
+
+[Init]
+maxlines = 10
+
+# DEV Notes:
+#
+# Regarding the multiline regex:
+#
+# There can be a nunber of non-related lines between the first and second part
+# of this regex maxlines of 10 is quite generious.
+#
+# Note the capture __connid, includes the connection ID, used in second part of regex.
+#
+# The first regex is commented out (but will match also), because it is better to use
+# the host from "end connection" line (uncommented above):
+#  -  it has the same prefix, searching begins directly with failure message
+#     (so faster, because ignores success connections at all)
+#  -  it is not so vulnerable in case of possible race condition
+#
+# Log example:
+# 2016-10-20T09:54:27.108+0200 [initandlisten] connection accepted from 127.0.0.1:53276 #1 (1 connection now open)
+# 2016-10-20T09:54:27.109+0200 [conn1]  authenticate db: test { authenticate: 1, nonce: "xxx", user: "root", key: "xxx" }
+# 2016-10-20T09:54:27.110+0200 [conn1] Failed to authenticate root@test with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user root@test
+# 2016-11-09T09:54:27.894+0100 [conn1] end connection 127.0.0.1:53276 (0 connections now open)
+# 2016-11-09T11:55:58.890+0100 [initandlisten] connection accepted from 127.0.0.1:54266 #1510 (1 connection now open)
+# 2016-11-09T11:55:58.892+0100 [conn1510]  authenticate db: admin { authenticate: 1, nonce: "xxx", user: "root", key: "xxx" }
+# 2016-11-09T11:55:58.892+0100 [conn1510] Failed to authenticate root@admin with mechanism MONGODB-CR: AuthenticationFailed key mismatch
+# 2016-11-09T11:55:58.894+0100 [conn1510] end connection 127.0.0.1:54266 (0 connections now open)
+#
+# Authors: Alexander Finkhäuser
+#          Sergey G. Brester (sebres)
+
diff --git a/njallavps/swag/fail2ban/filter.d/monit.conf b/njallavps/swag/fail2ban/filter.d/monit.conf
new file mode 100644
index 0000000..fdaee9c
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/monit.conf
@@ -0,0 +1,25 @@
+# Fail2Ban filter for monit.conf, looks for failed access attempts
+#
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+# [DEFAULT]
+# logtype = short
+
+[Definition]
+
+_daemon = monit
+
+_prefix = Warning|HttpRequest
+
+# Regexp for previous (accessing monit httpd) and new (access denied) versions
+failregex = ^%(__prefix_line)s(?:error\s*:\s+)?(?:%(_prefix)s):\s+(?:access denied\s+--\s+)?[Cc]lient '?<HOST>'?(?:\s+supplied|\s*:)\s+(?:unknown user '<F-ALT_USER>[^']+</F-ALT_USER>'|wrong password for user '<F-USER>[^']*</F-USER>'|empty password)
+
+# Ignore login with empty user (first connect, no user specified)
+# ignoreregex = %(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '')
+ignoreregex =
diff --git a/njallavps/swag/fail2ban/filter.d/monitorix.conf b/njallavps/swag/fail2ban/filter.d/monitorix.conf
new file mode 100644
index 0000000..ff69f1b
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/monitorix.conf
@@ -0,0 +1,25 @@
+# Fail2Ban filter for Monitorix (HTTP built-in server)
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = monitorix-httpd
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+failregex = ^(?:\s+-)?\s*(?:NOTEXIST|AUTHERR|NOTALLOWED) - <ADDR>\b
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
diff --git a/njallavps/swag/fail2ban/filter.d/mssql-auth.conf b/njallavps/swag/fail2ban/filter.d/mssql-auth.conf
new file mode 100644
index 0000000..65bbd91
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/mssql-auth.conf
@@ -0,0 +1,15 @@
+# Fail2Ban filter for failed MSSQL Server authentication attempts
+
+[Definition]
+
+failregex = ^\s*Logon\s+Login failed for user '<F-USER>(?:[^']*|.*)</F-USER>'\. [^'\[]+\[CLIENT: <ADDR>\]$
+
+
+# DEV Notes:
+#	Tested with SQL Server 2019 on Ubuntu 18.04
+#
+# Example:
+#	2020-02-24 14:48:55.12 Logon       Login failed for user 'root'. Reason: Could not find a login matching the name provided. [CLIENT: 127.0.0.1]
+#
+# Author: Rüdiger Olschewsky
+#
\ No newline at end of file
diff --git a/njallavps/swag/fail2ban/filter.d/murmur.conf b/njallavps/swag/fail2ban/filter.d/murmur.conf
new file mode 100644
index 0000000..efdaf8b
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/murmur.conf
@@ -0,0 +1,34 @@
+# Fail2Ban filter for murmur/mumble-server
+#
+
+[Definition]
+
+_daemon = murmurd
+
+# N.B. If you allow users to have usernames that include the '>' character you
+#      should change this to match the regex assigned to the 'username'
+#      variable in your server config file (murmur.ini / mumble-server.ini).
+_usernameregex = [^>]+
+
+# Prefix for systemd-journal (with second date-pattern as optional match):
+#
+__prefix_journal = (?:\S+\s+%(_daemon)s\[\d+\]:(?:\s+\<W\>[\d\-]+ [\d:]+.\d+)?)
+
+__prefix_line = %(__prefix_journal)s?
+
+_prefix = %(__prefix_line)s\s+\d+ => <\d+:%(_usernameregex)s\(-1\)> Rejected connection from <HOST>:\d+:
+
+prefregex = ^%(_prefix)s <F-CONTENT>.+</F-CONTENT>$
+
+failregex = ^Invalid server password$
+            ^Wrong certificate or password for existing user$
+
+ignoreregex =
+
+datepattern = ^<W>{DATE}
+
+journalmatch = _SYSTEMD_UNIT=murmurd.service + _COMM=murmurd
+
+# DEV Notes:
+#
+# Author: Ross Brown
diff --git a/njallavps/swag/fail2ban/filter.d/mysqld-auth.conf b/njallavps/swag/fail2ban/filter.d/mysqld-auth.conf
new file mode 100644
index 0000000..930c9b5
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/mysqld-auth.conf
@@ -0,0 +1,32 @@
+# Fail2Ban filter for unsuccesful MySQL authentication attempts
+#
+#
+# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld]:
+# log-error=/var/log/mysqld.log
+# log-warnings = 2
+#
+# If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = mysqld
+
+failregex = ^%(__prefix_line)s(?:(?:\d{6}|\d{4}-\d{2}-\d{2})[ T]\s?\d{1,2}:\d{2}:\d{2} )?(?:\d+ )?\[\w+\] (?:\[[^\]]+\] )*Access denied for user '<F-USER>[^']+</F-USER>'@'<HOST>' (to database '[^']*'|\(using password: (YES|NO)\))*\s*$
+
+ignoreregex = 
+
+# DEV Notes:
+#
+# Technically __prefix_line can equate to an empty string hence it can support
+# syslog and non-syslog at once.
+# Example:
+# 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES)
+#
+# Authors: Artur Penttinen
+#          Yaroslav O. Halchenko
diff --git a/njallavps/swag/fail2ban/filter.d/nagios.conf b/njallavps/swag/fail2ban/filter.d/nagios.conf
new file mode 100644
index 0000000..0429d3f
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/nagios.conf
@@ -0,0 +1,17 @@
+# Fail2Ban filter for Nagios Remote Plugin Executor (nrpe2)
+# Detecting unauthorized access to the nrpe2 daemon 
+# typically logged in /var/log/messages syslog
+#
+
+[INCLUDES]
+# Read syslog common prefixes
+before = common.conf
+
+[Definition]
+_daemon     = nrpe
+failregex   = ^%(__prefix_line)sHost <HOST> is not allowed to talk to us!\s*$
+ignoreregex =
+
+# DEV Notes:
+# 
+# Author: Ivo Truxa - 2014/02/03
diff --git a/njallavps/swag/fail2ban/filter.d/named-refused.conf b/njallavps/swag/fail2ban/filter.d/named-refused.conf
new file mode 100644
index 0000000..798f66e
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/named-refused.conf
@@ -0,0 +1,53 @@
+# Fail2Ban filter file for named (bind9).
+#
+
+# This filter blocks attacks against named (bind9) however it requires special
+# configuration on bind.
+#
+# By default, logging is off with bind9 installation.
+#
+# You will need something like this in your named.conf to provide proper logging.
+#
+# logging {
+#     channel security_file {
+#         file "/var/log/named/security.log" versions 3 size 30m;
+#         severity dynamic;
+#         print-time yes;
+#     };
+#     category security {
+#         security_file;
+#     };
+# };
+
+[Definition]
+
+# Daemon name
+_daemon=named(?:-\w+)?
+
+# Shortcuts for easier comprehension of the failregex
+
+__pid_re=(?:\[\d+\])
+__daemon_re=\(?%(_daemon)s(?:\(\S+\))?\)?:?
+__daemon_combs_re=(?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
+
+_category = (?!error|info)[\w-]+
+_category_re = (?:%(_category)s: )?
+
+#       hostname       daemon_id         spaces
+# this can be optional (for instance if we match named native log files)
+__line_prefix=\s*(?:\S+ %(__daemon_combs_re)s\s+)?%(_category_re)s
+
+prefregex = ^%(__line_prefix)s(?:(?:error|info):\s*)?client(?: @\S*)? <HOST>#\S+(?: \([\S.]+\))?: <F-CONTENT>.+</F-CONTENT>\s(?:denied|\(NOTAUTH\))\s*$
+
+failregex = ^(?:view (?:internal|external): )?query(?: \(cache\))?
+            ^zone transfer
+            ^bad zone transfer request: '\S+/IN': non-authoritative zone
+
+ignoreregex =
+
+# DEV Notes:
+# Trying to generalize the
+#          structure which is general to capture general patterns in log
+#          lines to cover different configurations/distributions
+#          
+# Author: Yaroslav Halchenko
diff --git a/njallavps/swag/fail2ban/filter.d/nginx-bad-request.conf b/njallavps/swag/fail2ban/filter.d/nginx-bad-request.conf
new file mode 100644
index 0000000..12c14ab
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/nginx-bad-request.conf
@@ -0,0 +1,16 @@
+# Fail2Ban filter to match bad requests to nginx
+#
+
+[Definition]
+
+# The request often doesn't contain a method, only some encoded garbage
+# This will also match requests that are entirely empty
+failregex = ^<HOST> - \S+ \[\] "[^"]*" 400
+
+datepattern = {^LN-BEG}%%ExY(?P<_sep>[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\s*%%z)?
+              ^[^\[]*\[({DATE})
+              {^LN-BEG}
+
+journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
+
+# Author: Jan Przybylak
diff --git a/njallavps/swag/fail2ban/filter.d/nginx-badbots.conf b/njallavps/swag/fail2ban/filter.d/nginx-badbots.conf
new file mode 100644
index 0000000..48b3066
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/nginx-badbots.conf
@@ -0,0 +1,21 @@
+# Fail2Ban configuration file
+#
+# Regexp to catch known spambots and software alike. Please verify
+# that it is your intent to block IPs which were driven by
+# above mentioned bots.
+
+
+[Definition]
+
+badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider
+badbots = Atomic_Email_Hunter/4\.0|atSpider/1\.0|autoemailspider|bwh3_user_agent|China Local Browse 2\.6|ContactBot/0\.2|ContentSmartz|DataCha0s/2\.0|DBrowse 1\.4b|DBrowse 1\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\.4b|Educate Search VxB|EmailSiphon|EmailSpider|EmailWolf 1\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Guestbook Auto Submitter|Industry Program 1\.0\.x|ISC Systems iRc Search 2\.1|IUPUI Research Bot v 1\.9a|LARBIN-EXPERIMENTAL \(efp@gmx\.net\)|LetsCrawl\.com/1\.0 \+http\://letscrawl\.com/|Lincoln State Web Browser|LMQueueBot/0\.2|LWP\:\:Simple/5\.803|Mac Finder 1\.0\.xx|MFC Foundation Class Library 4\.0|Microsoft URL Control - 6\.00\.8xxx|Missauga Locate 1\.0\.0|Missigua Locator 1\.9|Missouri College Browse|Mizzu Labs 2\.2|Mo College 1\.9|MVAClient|Mozilla/2\.0 \(compatible; NEWT ActiveX; Win32\)|Mozilla/3\.0 \(compatible; Indy Library\)|Mozilla/3\.0 \(compatible; scan4mail \(advanced version\) http\://www\.peterspages\.net/?scan4mail\)|Mozilla/4\.0 \(compatible; Advanced Email Extractor v2\.xx\)|Mozilla/4\.0 \(compatible; Iplexx Spider/1\.0 http\://www\.iplexx\.at\)|Mozilla/4\.0 \(compatible; MSIE 5\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\.0 efp@gmx\.net|Mozilla/5\.0 \(Version\: xxxx Type\:xx\)|NameOfAgent \(CMS Spider\)|NASA Search 1\.0|Nsauditor/1\.x|PBrowse 1\.4b|PEval 1\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\.0\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\.com|ShablastBot 1\.0|snap\.com beta crawler v0|Snapbot/1\.0|Snapbot/1\.0 \(Snap Shots&#44; \+http\://www\.snap\.com\)|sogou develop spider|Sogou Orion spider/3\.0\(\+http\://www\.sogou\.com/docs/help/webmasters\.htm#07\)|sogou spider|Sogou web spider/3\.0\(\+http\://www\.sogou\.com/docs/help/webmasters\.htm#07\)|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\.2|User-Agent\: Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1\)|VadixBot|WebVulnCrawl\.unknown/1\.0 libwww-perl/5\.803|Wells Search II|WEP Search 00
+
+failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$
+
+ignoreregex =
+
+# DEV Notes:
+# List of bad bots fetched from http://www.user-agents.org
+# Generated on Thu Nov  7 14:23:35 PST 2013 by files/gen_badbots.
+#
+# Author: Yaroslav Halchenko
diff --git a/njallavps/swag/fail2ban/filter.d/nginx-botsearch.conf b/njallavps/swag/fail2ban/filter.d/nginx-botsearch.conf
new file mode 100644
index 0000000..2bd2307
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/nginx-botsearch.conf
@@ -0,0 +1,25 @@
+# Fail2Ban filter to match web requests for selected URLs that don't exist
+#
+
+[INCLUDES]
+
+# Load regexes for filtering
+before = botsearch-common.conf
+
+[Definition]
+
+failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) \/<block> \S+\" 404 .+$
+            ^ \[error\] \d+#\d+: \*\d+ (\S+ )?\"\S+\" (failed|is not found) \(2\: No such file or directory\), client\: <HOST>\, server\: \S*\, request: \"(GET|POST|HEAD) \/<block> \S+\"\, .*?$
+
+ignoreregex = 
+
+datepattern = {^LN-BEG}%%ExY(?P<_sep>[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\s*%%z)?
+              ^[^\[]*\[({DATE})
+              {^LN-BEG}
+
+journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
+
+# DEV Notes:
+# Based on apache-botsearch filter
+# 
+# Author: Frantisek Sumsal
diff --git a/njallavps/swag/fail2ban/filter.d/nginx-deny.conf b/njallavps/swag/fail2ban/filter.d/nginx-deny.conf
new file mode 100644
index 0000000..d9f4694
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/nginx-deny.conf
@@ -0,0 +1,15 @@
+# fail2ban filter configuration for nginx
+
+
+[Definition]
+
+
+failregex = ^ \[error\] \d+#\d+: \*\d+ (access forbidden by rule), client: <HOST>, server: \S*, request: "\S+ \S+ HTTP\/\d+\.\d+", host: "\S+"(?:, referrer: "\S+")?\s*$
+
+ignoreregex =
+
+datepattern = {^LN-BEG}
+
+# DEV NOTES:
+#
+# Author: Will L (driz@linuxserver.io)
diff --git a/njallavps/swag/fail2ban/filter.d/nginx-http-auth.conf b/njallavps/swag/fail2ban/filter.d/nginx-http-auth.conf
new file mode 100644
index 0000000..71806e8
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/nginx-http-auth.conf
@@ -0,0 +1,34 @@
+# fail2ban filter configuration for nginx
+
+
+[Definition]
+
+mode = normal
+
+mdre-auth = ^\s*\[error\] \d+#\d+: \*\d+ user "(?:[^"]+|.*?)":? (?:password mismatch|was not found in "[^\"]*"), client: <HOST>, server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(?:, referrer: "\S+")?\s*$
+mdre-fallback = ^\s*\[crit\] \d+#\d+: \*\d+ SSL_do_handshake\(\) failed \(SSL: error:\S+(?: \S+){1,3} too (?:long|short)\)[^,]*, client: <HOST>
+
+mdre-normal = %(mdre-auth)s
+mdre-aggressive = %(mdre-auth)s
+                  %(mdre-fallback)s
+
+failregex = <mdre-<mode>>
+
+ignoreregex = 
+
+datepattern = {^LN-BEG}
+
+journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
+
+# DEV NOTES:
+# mdre-auth:
+# Based on samples in https://github.com/fail2ban/fail2ban/pull/43/files
+# Extensive search of all nginx auth failures not done yet.
+# 
+# Author: Daniel Black
+
+# mdre-fallback:
+# Ban people checking for TLS_FALLBACK_SCSV repeatedly
+# https://stackoverflow.com/questions/28010492/nginx-critical-error-with-ssl-handshaking/28010608#28010608
+# Author: Stephan Orlowsky
+
diff --git a/njallavps/swag/fail2ban/filter.d/nginx-limit-req.conf b/njallavps/swag/fail2ban/filter.d/nginx-limit-req.conf
new file mode 100644
index 0000000..2f45e83
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/nginx-limit-req.conf
@@ -0,0 +1,49 @@
+# Fail2ban filter configuration for nginx :: limit_req
+# used to ban hosts, that were failed through nginx by limit request processing rate 
+#
+# Author: Serg G. Brester (sebres)
+#
+# To use 'nginx-limit-req' filter you should have `ngx_http_limit_req_module`
+# and define `limit_req` and `limit_req_zone` as described in nginx documentation
+# http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
+#
+# Example:
+#
+#   http {
+#     ...
+#     limit_req_zone $binary_remote_addr zone=lr_zone:10m rate=1r/s;
+#     ...
+#     # http, server, or location:
+#     location ... {
+#       limit_req zone=lr_zone burst=1 nodelay;
+#       ...
+#     }
+#     ...
+#   }
+#   ...
+#
+
+[Definition]
+
+# Specify following expression to define exact zones, if you want to ban IPs limited 
+# from specified zones only.
+# Example:
+#
+#   ngx_limit_req_zones = lr_zone|lr_zone2
+#
+ngx_limit_req_zones = [^"]+
+
+# Use following full expression if you should range limit request to specified 
+# servers, requests, referrers etc. only :
+#
+# failregex = ^\s*\[[a-z]+\] \d+#\d+: \*\d+ limiting requests, excess: [\d\.]+ by zone "(?:%(ngx_limit_req_zones)s)", client: <HOST>, server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(, referrer: "\S+")?\s*$
+
+# Shortly, much faster and stable version of regexp:
+failregex = ^\s*\[[a-z]+\] \d+#\d+: \*\d+ limiting requests, excess: [\d\.]+ by zone "(?:%(ngx_limit_req_zones)s)", client: <HOST>,
+
+ignoreregex = 
+
+datepattern = {^LN-BEG}
+
+journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
+
diff --git a/njallavps/swag/fail2ban/filter.d/nginx-unauthorized.conf b/njallavps/swag/fail2ban/filter.d/nginx-unauthorized.conf
new file mode 100644
index 0000000..fbd3385
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/nginx-unauthorized.conf
@@ -0,0 +1,7 @@
+# A fail2ban filter for unauthorized log messages
+
+[Definition]
+
+failregex = ^<HOST>.*"(GET|POST|HEAD).*" (401) .*$
+
+ignoreregex = .*(?i)plex.*
diff --git a/njallavps/swag/fail2ban/filter.d/nsd.conf b/njallavps/swag/fail2ban/filter.d/nsd.conf
new file mode 100644
index 0000000..0589c16
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/nsd.conf
@@ -0,0 +1,31 @@
+# Fail2Ban configuration file
+#
+# Author: Bas van den Dikkenberg
+#
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+_daemon = nsd
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+
+failregex =  ^%(__prefix_line)sinfo: ratelimit block .* query <ADDR> TYPE255$
+             ^%(__prefix_line)sinfo: .* from(?: client)? <ADDR> refused, no acl matches\.?$
+
+ignoreregex =
+
+datepattern = {^LN-BEG}Epoch
+              {^LN-BEG}
diff --git a/njallavps/swag/fail2ban/filter.d/openhab.conf b/njallavps/swag/fail2ban/filter.d/openhab.conf
new file mode 100644
index 0000000..f6b9633
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/openhab.conf
@@ -0,0 +1,15 @@
+# Openhab brute force auth filter: /etc/fail2ban/filter.d/openhab.conf:
+#
+# Block IPs trying to auth openhab by web or rest api
+#
+# Matches e.g.
+# 12.34.33.22 -  -  [26/sept./2015:18:04:43 +0200] "GET /openhab.app HTTP/1.1" 401 1382 
+# 175.18.15.10 -  -  [02/sept./2015:00:11:31 +0200] "GET /rest/bindings HTTP/1.1" 401 1384
+
+[Definition] 
+failregex = ^<HOST>\s+-\s+-\s+\[\]\s+"[A-Z]+ .*" 401 \d+\s*$
+
+datepattern = %%d/%%b[^/]*/%%Y:%%H:%%M:%%S %%z
+
+
+
diff --git a/njallavps/swag/fail2ban/filter.d/openwebmail.conf b/njallavps/swag/fail2ban/filter.d/openwebmail.conf
new file mode 100644
index 0000000..ef51031
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/openwebmail.conf
@@ -0,0 +1,15 @@
+# Fail2Ban filter for Openwebmail
+# banning hosts with authentication errors in /var/log/openwebmail.log
+# OpenWebMail http://openwebmail.org
+#
+
+[Definition]
+
+failregex = ^ - \[\d+\] \(<HOST>\) (?P<USER>\S+) - login error - (no such user - loginname=(?P=USER)|auth_unix.pl, ret -4, Password incorrect)$
+            ^ - \[\d+\] \(<HOST>\) (?P<USER>\S+) - userinfo error - auth_unix.pl, ret -4, User (?P=USER) doesn't exist$
+
+ignoreregex =
+
+# DEV Notes:
+#
+# Author: Ivo Truxa (c) 2013 truXoft.com
diff --git a/njallavps/swag/fail2ban/filter.d/oracleims.conf b/njallavps/swag/fail2ban/filter.d/oracleims.conf
new file mode 100644
index 0000000..7d75c32
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/oracleims.conf
@@ -0,0 +1,63 @@
+# Fail2Ban configuration file
+# for Oracle IMS with XML logging
+#
+# Author: Joel Snyder/jms@opus1.com/2014-June-01
+#
+#
+
+
+[INCLUDES]
+
+# Read common prefixes.
+# If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages
+# in the logfile. The host must be matched by a
+# group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching and is
+# only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+#
+# CONFIGURATION REQUIREMENTS FOR ORACLE IMS v6 and ABOVE:
+#
+# In OPTION.DAT you must have LOG_FORMAT=4 and
+#  bit 5 of LOG_CONNECTION must be set. 
+#
+# Many of these sub-fields are optional and can be turned on and off
+# by the system manager.  We need the "tr" field
+#  (transport information (present if bit 5 of LOG_CONNECTION is
+# set and transport information is available)).
+# "di" should be there by default if you have LOG_FORMAT=4.
+# Do not use "mi" as this is not included by default.
+#
+# Typical line IF YOU ARE USING TAGGING ! ! ! is:
+# <co ts="2014-06-02T09:45:50.29" pi="123f.3f8.4397"
+# sc="tcp_local" dr="+" ac="U"
+# tr="TCP|192.245.12.223|25|151.1.71.144|59762" ap="SMTP"
+# mi="Bad password"
+# us="01ko8hqnoif09qx0np@imap.opus1.com"
+# di="535 5.7.8 Bad username or password (Authentication failed)."/>
+# Format is generally documented in the PORT_ACCESS mapping 
+# at http://docs.oracle.com/cd/E19563-01/819-4428/bgaur/index.html
+#
+# All that would be on one line.
+# Note that you MUST have LOG_FORMAT=4 for this to work!
+#
+
+failregex = tr="[A-Z]+\|[0-9.]+\|\d+\|<HOST>\|\d+" ap="[^"]*" mi="Bad password" us="[^"]*" di="535 5.7.8 Bad username or password( \(Authentication failed\))?\."/>$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
+
+datepattern = ^<co ts="{DATE}"\s+
diff --git a/njallavps/swag/fail2ban/filter.d/pam-generic.conf b/njallavps/swag/fail2ban/filter.d/pam-generic.conf
new file mode 100644
index 0000000..0cadbee
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/pam-generic.conf
@@ -0,0 +1,33 @@
+# Fail2Ban configuration file for generic PAM authentication errors
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+# if you want to catch only login errors from specific daemons, use something like
+#_ttys_re=(?:ssh|pure-ftpd|ftp)
+#
+# Default: catch all failed logins
+_ttys_re=\S*
+
+__pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:?
+_daemon = \S+
+
+prefregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure;(?:\s+(?:(?:logname|e?uid)=\S*)){0,3} tty=%(_ttys_re)s <F-CONTENT>.+</F-CONTENT>$
+
+failregex = ^ruser=<F-ALT_USER>(?:\S*|.*?)</F-ALT_USER> rhost=<HOST>(?:\s+user=<F-USER>(?:\S*|.*?)</F-USER>)?\s*$
+
+ignoreregex = 
+
+datepattern = {^LN-BEG}
+
+# DEV Notes:
+#
+# for linux-pam before 0.99.2.0 (late 2005) (removed before 0.8.11 release)
+# _daemon = \S*\(?pam_unix\)?
+# failregex = ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+#
+# Author: Yaroslav Halchenko
diff --git a/njallavps/swag/fail2ban/filter.d/perdition.conf b/njallavps/swag/fail2ban/filter.d/perdition.conf
new file mode 100644
index 0000000..c47dcac
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/perdition.conf
@@ -0,0 +1,18 @@
+# Fail2Ban filter for perdition
+#
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon=perdition.\S+
+
+failregex = ^%(__prefix_line)sAuth: <HOST>:\d+->(\d{1,3}\.){3}\d{1,3}:\d+ client-secure=\S+ authorisation_id=NONE authentication_id=".+" server="\S+" protocol=\S+ server-secure=\S+ status="failed: (local authentication failure|Re-Authentication Failure)"$
+            ^%(__prefix_line)sFatal Error reading authentication information from client <HOST>:\d+->(\d{1,3}\.){3}\d{1,3}:\d+: Exiting child$
+
+ignoreregex =
+
+# Author: Christophe Carles and Daniel Black
diff --git a/njallavps/swag/fail2ban/filter.d/php-url-fopen.conf b/njallavps/swag/fail2ban/filter.d/php-url-fopen.conf
new file mode 100644
index 0000000..a7957c9
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/php-url-fopen.conf
@@ -0,0 +1,23 @@
+# Fail2Ban filter for URLs with a URL as a script parameters
+# which can be an indication of a fopen url php injection
+#
+# Example of web requests in Apache access log:
+# 66.185.212.172 - - [26/Mar/2009:08:44:20 -0500] "GET /index.php?n=http://eatmyfood.hostinginfive.com/pizza.htm? HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
+
+[Definition]
+
+failregex = ^<HOST> -.*"(GET|POST).*\?.*\=http\:\/\/.* HTTP\/.*$
+
+ignoreregex = 
+
+# DEV Notes:
+#
+# Version 2
+# fixes the failregex so REFERERS that contain =http:// don't get blocked
+# (mentioned by "fasuto" (no real email provided... blog comment) in this entry:
+# http://blogs.buanzo.com.ar/2009/04/fail2ban-filter-for-php-injection-attacks.html#comment-1489
+#
+# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
+
+datepattern = ^[^\[]*\[({DATE})
+              {^LN-BEG}
diff --git a/njallavps/swag/fail2ban/filter.d/phpmyadmin-syslog.conf b/njallavps/swag/fail2ban/filter.d/phpmyadmin-syslog.conf
new file mode 100644
index 0000000..4378bed
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/phpmyadmin-syslog.conf
@@ -0,0 +1,18 @@
+# Fail2Ban filter for the phpMyAdmin-syslog
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = phpMyAdmin
+
+failregex = ^%(__prefix_line)suser denied: (?:\S+|.*?) \(mysql-denied\) from <HOST>\s*$
+
+ignoreregex =
+
+
+# Author: Pavel Mihadyuk
+# Regex fixes: Serg G. Brester
diff --git a/njallavps/swag/fail2ban/filter.d/portsentry.conf b/njallavps/swag/fail2ban/filter.d/portsentry.conf
new file mode 100644
index 0000000..35ca2a3
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/portsentry.conf
@@ -0,0 +1,15 @@
+# Fail2Ban filter for failure attempts in Counter Strike-1.6
+#
+#
+
+[Definition]
+
+failregex = \/<HOST> Port\: [0-9]+ (TCP|UDP) Blocked$
+
+ignoreregex =
+
+datepattern = {^LN-BEG}Epoch
+              {^LN-BEG}
+
+# Author: Pacop <pacoparu@gmail.com>
+
diff --git a/njallavps/swag/fail2ban/filter.d/postfix.conf b/njallavps/swag/fail2ban/filter.d/postfix.conf
new file mode 100644
index 0000000..b374f47
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/postfix.conf
@@ -0,0 +1,81 @@
+# Fail2Ban filter for selected Postfix SMTP rejections
+#
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = postfix(-\w+)?/\w+(?:/smtp[ds])?
+_port = (?::\d+)?
+_pref = [A-Z]{4}
+
+prefregex = ^%(__prefix_line)s<mdpr-<mode>> <F-CONTENT>.+</F-CONTENT>$
+
+# Extended RE for normal mode to match reject by unknown users or undeliverable address, can be set to empty to avoid this:
+exre-user = |[Uu](?:ser unknown|ndeliverable address)
+
+mdpr-normal = (?:\w+: (?:milter-)?reject:|(?:improper command pipelining|too many errors) after \S+)
+mdre-normal=^%(_pref)s from [^[]*\[<HOST>\]%(_port)s: [45][50][04] [45]\.\d\.\d+ (?:(?:<[^>]*>)?: )?(?:(?:Helo command|(?:Sender|Recipient) address) rejected: )?(?:Service unavailable|(?:Client host|Command|Data command) rejected|Relay access denied|(?:Host|Domain) not found|need fully-qualified hostname|match%(exre-user)s)\b
+            ^from [^[]*\[<HOST>\]%(_port)s:?
+
+mdpr-auth = warning:
+mdre-auth = ^[^[]*\[<HOST>\]%(_port)s: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:(?! Connection lost to authentication server| Invalid authentication mechanism)
+mdre-auth2= ^[^[]*\[<HOST>\]%(_port)s: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:(?! Connection lost to authentication server)
+# todo: check/remove "Invalid authentication mechanism" from ignore list, if gh-1243 will get finished (see gh-1297).
+
+# Mode "rbl" currently included in mode "normal", but if needed for jail "postfix-rbl" only:
+mdpr-rbl = %(mdpr-normal)s
+mdre-rbl  = ^%(_pref)s from [^[]*\[<HOST>\]%(_port)s: [45]54 [45]\.7\.1 Service unavailable; Client host \[\S+\] blocked\b
+
+# Mode "rbl" currently included in mode "normal" (within 1st rule)
+mdpr-more = %(mdpr-normal)s
+mdre-more = %(mdre-normal)s
+
+# Includes some of the log messages described in
+# <http://www.postfix.org/POSTSCREEN_README.html>.
+mdpr-ddos = (?:lost connection after(?! DATA) [A-Z]+|disconnect(?= from \S+(?: \S+=\d+)* auth=0/(?:[1-9]|\d\d+))|(?:PREGREET \d+|HANGUP) after \S+|COMMAND (?:TIME|COUNT|LENGTH) LIMIT)
+mdre-ddos = ^from [^[]*\[<HOST>\]%(_port)s:?
+
+mdpr-extra = (?:%(mdpr-auth)s|%(mdpr-normal)s)
+mdre-extra = %(mdre-auth)s
+            %(mdre-normal)s
+
+mdpr-aggressive = (?:%(mdpr-auth)s|%(mdpr-normal)s|%(mdpr-ddos)s)
+mdre-aggressive = %(mdre-auth2)s
+                  %(mdre-normal)s
+
+mdpr-errors = too many errors after \S+
+mdre-errors = ^from [^[]*\[<HOST>\]%(_port)s$
+
+
+failregex = <mdre-<mode>>
+
+# Parameter "mode": more (default combines normal and rbl), auth, normal, rbl, ddos, extra or aggressive (combines all)
+# Usage example (for jail.local):
+#   [postfix]
+#   mode = aggressive
+#
+#   # or another jail (rewrite filter parameters of jail):
+#   [postfix-rbl]
+#   filter = postfix[mode=rbl]
+#
+#   # jail to match "too many errors", related postconf `smtpd_hard_error_limit`:
+#   # (normally included in other modes (normal, more, extra, aggressive), but this jail'd allow to ban on the first message)
+#   [postfix-many-errors]
+#   filter = postfix[mode=errors]
+#   maxretry = 1
+#
+mode = more
+
+ignoreregex = 
+
+[Init]
+
+journalmatch = _SYSTEMD_UNIT=postfix.service
+
+# Author: Cyril Jaquier
diff --git a/njallavps/swag/fail2ban/filter.d/proftpd.conf b/njallavps/swag/fail2ban/filter.d/proftpd.conf
new file mode 100644
index 0000000..71f2ba7
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/proftpd.conf
@@ -0,0 +1,33 @@
+# Fail2Ban filter for the Proftpd FTP daemon
+#
+# Set "UseReverseDNS off" in proftpd.conf to avoid the need for DNS.
+# See: http://www.proftpd.org/docs/howto/DNS.html
+# When the default locale for your system is not en_US.UTF-8
+# on Debian-based systems be sure to add this to /etc/default/proftpd
+# export LC_TIME="en_US.UTF-8"
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = proftpd
+
+__suffix_failed_login = ([uU]ser not authorized for login|[nN]o such user found|[iI]ncorrect password|[pP]assword expired|[aA]ccount disabled|[iI]nvalid shell: '\S+'|[uU]ser in \S+|[lL]imit (access|configuration) denies login|[nN]ot a UserAlias|[mM]aximum login length exceeded)
+
+
+prefregex = ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ <F-CONTENT>(?:USER|SECURITY|Maximum) .+</F-CONTENT>$
+
+
+failregex = ^USER <F-USER>\S+|.*?</F-USER>(?: \(Login failed\))?: %(__suffix_failed_login)s
+            ^SECURITY VIOLATION: <F-USER>\S+|.*?</F-USER> login attempted
+            ^Maximum login attempts \(\d+\) exceeded
+
+ignoreregex = 
+
+[Init]
+journalmatch = _SYSTEMD_UNIT=proftpd.service
+
+# Author: Yaroslav Halchenko
+#         Daniel Black - hardening of regex
diff --git a/njallavps/swag/fail2ban/filter.d/pure-ftpd.conf b/njallavps/swag/fail2ban/filter.d/pure-ftpd.conf
new file mode 100644
index 0000000..034336f
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/pure-ftpd.conf
@@ -0,0 +1,40 @@
+# Fail2Ban filter for pureftp
+#
+# Disable hostname based logging by:
+#
+# Start pure-ftpd with the -H switch or on Ubuntu 'echo yes > /etc/pure-ftpd/conf/DontResolve'
+#
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = pure-ftpd
+
+# Error message specified in multiple languages
+__errmsg = (?:Godkendelse mislykkedes for \[.*\]|Authentifizierung fehlgeschlagen für Benutzer \[.*\].|Authentication failed for user \[.*\]|Autentificación fallida para el usuario \[.*\]|\[.*\] c'est un batard, il connait pas son code|Erreur d'authentification pour l'utilisateur \[.*\]|Azonosítás sikertelen \[.*\] felhasználónak|Autenticazione falita per l'utente \[.*\]|Autorisatie faalde voor gebruiker \[.*\]|Godkjennelse mislyktes for \[.*\]|\[.*\] kullanýcýsý için giriþ hatalý|Autenticação falhou para usuário \[.*\]|Autentificare esuata pentru utilizatorul \[.*\]|Autentifikace uživatele selhala \[.*\]|Autentyfikacja nie powiodła się dla użytkownika \[.*\]|Autentifikacia uzivatela zlyhala \[.*\]|Behörighetskontroll misslyckas för användare \[.*\]|Авторизация не удалась пользователю \[.*\]|\[.*\] 嶸盪 檣隸 褒ぬ|妏蚚氪\[.*\]桄痐囮啖|使用者\[.*\]驗證失敗)
+
+failregex = ^%(__prefix_line)s\(.+?@<HOST>\) \[WARNING\] %(__errmsg)s\s*$
+
+ignoreregex = 
+
+[Init]
+
+journalmatch = _SYSTEMD_UNIT=pure-ftpd.service + _COMM=pure-ftpd
+
+# Author: Cyril Jaquier
+# Modified: Yaroslav Halchenko for pure-ftpd
+# Documentation thanks to Blake on http://www.fail2ban.org/wiki/index.php?title=Fail2ban:Community_Portal
+# UTF-8 editing and mechanism thanks to Johannes Weberhofer
+#
+# Only logs to syslog though facility can be changed configuration file/command line
+#
+# To get messages in the right encoding:
+# grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_[defhint]* | grep -Po '".?"' | recode latin1..utf-8 | tr -d '"' > messages
+# grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_[pr][to] | grep -Po '".?"' | recode latin1..utf-8 | tr -d '"' >> messages
+# grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_[cps][slkv] | grep -Po '".?"' | recode latin2..utf-8 | tr -d '"' >> messages
+# grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_ru | grep -Po '".?"' | recode KOI8-R..utf-8 | tr -d '"' >> messages
+# grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_[kz] | grep -Po '".*?"' | tr -d '"' | recode big5..utf-8 >> messages
diff --git a/njallavps/swag/fail2ban/filter.d/qmail.conf b/njallavps/swag/fail2ban/filter.d/qmail.conf
new file mode 100644
index 0000000..62d499c
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/qmail.conf
@@ -0,0 +1,31 @@
+# Fail2Ban filters for qmail RBL patches/fake proxies
+#
+# the default djb RBL implementation doesn't log any rejections 
+# so is useless with this filter.
+#
+# One patch is here:
+#
+# http://www.tjsi.com/rblsmtpd/faq/ patch to rblsmtpd
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = (?:qmail|rblsmtpd)
+
+failregex = ^%(__prefix_line)s\d+\.\d+ rblsmtpd: <HOST> pid \d+ \S+ 4\d\d \S+\s*$
+            ^%(__prefix_line)s\d+\.\d+ qmail-smtpd: 4\d\d badiprbl: ip <HOST> rbl: \S+\s*$
+            ^%(__prefix_line)s\S+ blocked <HOST> \S+ -\s*$
+
+ignoreregex =
+
+# DEV Notes:
+#
+# These seem to be for two or 3 different patches to qmail or rblsmtpd
+# so you'll probably only ever see one of these regex's that match.
+#
+# ref: https://github.com/fail2ban/fail2ban/pull/386
+#
+# Author: Daniel Black
diff --git a/njallavps/swag/fail2ban/filter.d/recidive.conf b/njallavps/swag/fail2ban/filter.d/recidive.conf
new file mode 100644
index 0000000..63833ca
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/recidive.conf
@@ -0,0 +1,38 @@
+# Fail2Ban filter for repeat bans
+#
+# This filter monitors the fail2ban log file, and enables you to add long 
+# time bans for ip addresses that get banned by fail2ban multiple times.
+#
+# Reasons to use this: block very persistent attackers for a longer time, 
+# stop receiving email notifications about the same attacker over and 
+# over again.
+#
+# This jail is only useful if you set the 'findtime' and 'bantime' parameters 
+# in jail.conf to a higher value than the other jails. Also, this jail has its
+# drawbacks, namely in that it works only with iptables, or if you use a 
+# different blocking mechanism for this jail versus others (e.g. hostsdeny 
+# for most jails, and shorewall for this one).
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = (?:fail2ban(?:-server|\.actions)\s*)
+
+# The name of the jail that this filter is used for. In jail.conf, name the jail using
+# this filter 'recidive', or supply another name with `filter = recidive[_jailname="jail"]`
+_jailname = recidive
+
+failregex = ^%(__prefix_line)s(?:\s*fail2ban\.actions\s*%(__pid_re)s?:\s+)?NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
+
+datepattern = ^{DATE}
+
+ignoreregex = 
+
+journalmatch = _SYSTEMD_UNIT=fail2ban.service PRIORITY=5
+
+# Author: Tom Hendrikx, modifications by Amir Caspi 
diff --git a/njallavps/swag/fail2ban/filter.d/roundcube-auth.conf b/njallavps/swag/fail2ban/filter.d/roundcube-auth.conf
new file mode 100644
index 0000000..9912ff4
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/roundcube-auth.conf
@@ -0,0 +1,39 @@
+# Fail2Ban configuration file for roundcube web server
+#
+# By default failed logins are printed to 'errors'. The first regex matches those
+# The second regex matches those printed to 'userlogins'
+#   The userlogins log file can be enabled by setting $config['log_logins'] = true; in config.inc.php
+#
+# The logpath in your jail can be updated to userlogins if you wish
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+prefregex = ^\s*(\[\])?(%(__hostname)s\s*(?:roundcube(?:\[(\d*)\])?:)?\s*(<[\w]+>)? IMAP Error)?: <F-CONTENT>.+</F-CONTENT>$
+
+failregex = ^(?:FAILED login|Login failed) for <F-USER>.*</F-USER> from <HOST>(?:(?:\([^\)]*\))?\. (?:(?! from ).)*(?: user=(?P=user))? in \S+\.php on line \d+ \(\S+ \S+\))?$
+            ^(?:<[\w]+> )?Failed login for <F-USER>.*</F-USER> from <HOST> in session \w+( \(error: \d\))?$
+
+ignoreregex = 
+
+journalmatch = SYSLOG_IDENTIFIER=roundcube
+
+# DEV Notes:
+#
+# Source: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L180
+#
+# Part after <HOST> comes straight from IMAP server up until the " in ....."
+# Earlier versions didn't log the IMAP response hence optional.
+#
+# DoS resistance:
+#
+# Assume that the user can inject "from <HOST>" into the imap response
+# somehow. Write test cases around this to ensure that the combination of
+# arbitrary user input and IMAP response doesn't inject the wrong IP for
+# fail2ban
+#
+# Author: Teodor Micu & Yaroslav Halchenko & terence namusonge & Daniel Black & Lee Clemens
diff --git a/njallavps/swag/fail2ban/filter.d/scanlogd.conf b/njallavps/swag/fail2ban/filter.d/scanlogd.conf
new file mode 100644
index 0000000..d3fe78b
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/scanlogd.conf
@@ -0,0 +1,17 @@
+# Fail2Ban filter for port scans detected by scanlogd
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = scanlogd
+
+failregex =  ^%(__prefix_line)s<ADDR>(?::<F-PORT/>)? to \S+ ports\b
+
+ignoreregex =
+
+# Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
diff --git a/njallavps/swag/fail2ban/filter.d/screensharingd.conf b/njallavps/swag/fail2ban/filter.d/screensharingd.conf
new file mode 100644
index 0000000..4cd7646
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/screensharingd.conf
@@ -0,0 +1,31 @@
+# Fail2Ban configuration file
+#
+# Author: Simon Brown
+#
+# Filter for Mac OS X Screen Sharing service
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+_daemon = screensharingd
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = ^%(__prefix_line)sAuthentication: FAILED :: User Name: .+ :: Viewer Address: <HOST> :: Type: DH$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
diff --git a/njallavps/swag/fail2ban/filter.d/selinux-common.conf b/njallavps/swag/fail2ban/filter.d/selinux-common.conf
new file mode 100644
index 0000000..b3e0ae4
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/selinux-common.conf
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file for generic SELinux audit messages
+#
+# This file is not intended to be used directly, and should be included into a
+# filter file which would define following variables. See selinux-ssh.conf as
+# and example.
+#
+# _type
+# _uid
+# _auid 
+# _subj
+# _msg
+#
+# Also one of these variables must include <HOST>.
+
+[Definition]
+
+failregex = ^type=%(_type)s msg=audit\(:\d+\): (user )?pid=\d+ uid=%(_uid)s auid=%(_auid)s ses=\d+ subj=%(_subj)s msg='%(_msg)s'$
+
+ignoreregex =
+
+datepattern = EPOCH
+
+# Author: Daniel Black
diff --git a/njallavps/swag/fail2ban/filter.d/selinux-ssh.conf b/njallavps/swag/fail2ban/filter.d/selinux-ssh.conf
new file mode 100644
index 0000000..6955094
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/selinux-ssh.conf
@@ -0,0 +1,25 @@
+# Fail2Ban configuration file for SELinux ssh authentication errors
+#
+
+[INCLUDES]
+
+after = selinux-common.conf
+
+[Definition]
+
+_type = USER_(ERR|AUTH)
+_uid  = 0
+_auid = \d+
+_subj = (?:unconfined_u|system_u):system_r:sshd_t:s0-s0:c0\.c1023
+
+_exe  =/usr/sbin/sshd
+_terminal = ssh
+
+_msg = op=\S+ acct=(?P<_quote_acct>"?)\S+(?P=_quote_acct) exe="%(_exe)s" hostname=(\?|(\d+\.){3}\d+) addr=<HOST> terminal=%(_terminal)s res=failed
+
+# DEV Notes:
+#
+# Note: USER_LOGIN is ignored as this is the duplicate messsage
+# ssh logs after 3 USER_AUTH failures.
+# 
+# Author: Daniel Black
diff --git a/njallavps/swag/fail2ban/filter.d/sendmail-auth.conf b/njallavps/swag/fail2ban/filter.d/sendmail-auth.conf
new file mode 100644
index 0000000..3fa3c70
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/sendmail-auth.conf
@@ -0,0 +1,25 @@
+# Fail2Ban filter for sendmail authentication failures
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = (?:sendmail|sm-(?:mta|acceptingconnections))
+# "\w{14,20}" will give support for IDs from 14 up to 20 characters long
+__prefix_line = %(known/__prefix_line)s(?:\w{14,20}: )?
+addr = (?:IPv6:<IP6>|<IP4>)
+
+prefregex = ^<F-MLFID>%(__prefix_line)s</F-MLFID><F-CONTENT>.+</F-CONTENT>$
+
+failregex = ^(\S+ )?\[%(addr)s\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$
+            ^AUTH failure \([^\)]+\):(?: [^:]+:)? (?:authentication failure|user not found): [^,]*, (?:user=<F-USER>(?:\S+|.*?)</F-USER>, )?relay=(?:\S+ )?\[%(addr)s\](?: \(may be forged\))?$
+ignoreregex =
+
+journalmatch = _SYSTEMD_UNIT=sendmail.service
+
+# DEV Notes:
+#
+# Author: Daniel Black
diff --git a/njallavps/swag/fail2ban/filter.d/sendmail-reject.conf b/njallavps/swag/fail2ban/filter.d/sendmail-reject.conf
new file mode 100644
index 0000000..41035e5
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/sendmail-reject.conf
@@ -0,0 +1,68 @@
+# Fail2Ban filter for sendmail spam/relay type failures
+#
+# Some of the below failregex will only work properly, when the following
+# options are set in the .mc file (see your Sendmail documentation on how
+# to modify it and generate the corresponding .cf file):
+#
+# FEATURE(`delay_checks')
+# FEATURE(`greet_pause', `500')
+# FEATURE(`ratecontrol', `nodelay', `terminate')
+# FEATURE(`conncontrol', `nodelay', `terminate')
+#
+# ratecontrol and conncontrol also need corresponding options ClientRate:
+# and ClientConn: in the access file, see documentation for ratecontrol and
+# conncontrol in the sendmail/cf/README file.
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = (?:(sm-(mta|acceptingconnections)|sendmail))
+__prefix_line = %(known/__prefix_line)s(?:\w{14,20}: )?
+addr = (?:(?:IPv6:)?<IP6>|<IP4>)
+
+prefregex = ^<F-MLFID>%(__prefix_line)s</F-MLFID><F-CONTENT>.+</F-CONTENT>$
+
+cmnfailre = ^ruleset=check_rcpt, arg1=(?P<email><\S+@\S+>), relay=(\S+ )?\[%(addr)s\](?: \(may be forged\))?, reject=(?:550 5\.7\.1(?: (?P=email)\.\.\.)?(?: Relaying denied\.)? (?:IP name possibly forged \[(\d+\.){3}\d+\]|Proper authentication required\.|IP name lookup failed \[(\d+\.){3}\d+\]|Fix reverse DNS for \S+)|553 5\.1\.8(?: (?P=email)\.\.\.)? Domain of sender address \S+ does not exist|550 5\.[71]\.1 (?P=email)\.\.\. (Rejected: .*|User unknown))$
+            ^ruleset=check_relay(?:, arg\d+=\S*)*, relay=(\S+ )?\[%(addr)s\](?: \(may be forged\))?, reject=421 4\.3\.2 (Connection rate limit exceeded\.|Too many open connections\.)$
+            ^rejecting commands from (\S* )?\[%(addr)s\] due to pre-greeting traffic after \d+ seconds$
+            ^(?:\S+ )?\[%(addr)s\]: (?:(?i)expn|vrfy) \S+ \[rejected\]$
+            ^<[^@]+@[^>]+>\.\.\. No such user here$
+            ^<F-NOFAIL>from=<[^@]+@[^>]+></F-NOFAIL>, size=\d+, class=\d+, nrcpts=\d+, bodytype=\w+, proto=E?SMTP, daemon=MTA, relay=\S+ \[%(addr)s\]$
+
+mdre-normal =
+
+mdre-extra = ^(?:\S+ )?\[%(addr)s\](?: \(may be forged\))? did not issue \S+ during connection
+
+mdre-aggressive = %(mdre-extra)s
+
+failregex = %(cmnfailre)s
+            <mdre-<mode>>
+
+# Parameter "mode": normal (default), extra or aggressive
+# Usage example (for jail.local):
+#   [sendmail-reject]
+#   filter = sendmail-reject[mode=extra]
+#
+mode = normal
+
+ignoreregex = 
+
+journalmatch = SYSLOG_IDENTIFIER=sm-mta + _SYSTEMD_UNIT=sendmail.service
+
+# DEV NOTES:
+# 
+# Regarding the multiline regex:
+#
+# "No such user" lines generate a failure and needs to be matched together with
+# another line with the HOST, therefore no-failure line was added as regex, that
+# contains HOST (see line with tag <F-NOFAIL>).
+#
+# Note the capture <F-MLFID>, includes both the __prefix_lines (which includes
+# the sendmail PID), but also the `\w{14}` which the the sendmail assigned 
+# mail ID (todo: check this is necessary, possible obsolete).
+#
+# Author: Daniel Black, Fabian Wenk and Sergey Brester aka sebres.
+# Rewritten using prefregex by Serg G. Brester.
diff --git a/njallavps/swag/fail2ban/filter.d/sieve.conf b/njallavps/swag/fail2ban/filter.d/sieve.conf
new file mode 100644
index 0000000..4ec9c45
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/sieve.conf
@@ -0,0 +1,18 @@
+# Fail2Ban filter for sieve authentication failures
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = (?:cyrus/)?(?:tim)?sieved?
+
+failregex = ^%(__prefix_line)sbadlogin: \S+ ?\[<HOST>\] \S+ authentication failure$
+
+ignoreregex = 
+
+# Author: Jan Wagner <waja@cyconet.org>
diff --git a/njallavps/swag/fail2ban/filter.d/slapd.conf b/njallavps/swag/fail2ban/filter.d/slapd.conf
new file mode 100644
index 0000000..22cf430
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/slapd.conf
@@ -0,0 +1,25 @@
+# slapd (Stand-alone LDAP Daemon) openldap daemon filter
+#
+# Detecting invalid credentials: error code 49
+# http://www.openldap.org/doc/admin24/appendix-ldap-result-codes.html#invalidCredentials (49)
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = slapd
+
+failregex = ^(?P<__prefix>%(__prefix_line)s)conn=(?P<_conn_>\d+) fd=\d+ ACCEPT from IP=<HOST>:\d{1,5} \(IP=\S+\)\s*<SKIPLINES>(?P=__prefix)conn=(?P=_conn_) op=\d+ RESULT(?:\s(?!err)\S+=\S*)* err=49 text=[\w\s]*$
+
+ignoreregex =
+
+[Init]
+
+# "maxlines" is number of log lines to buffer for multi-line regex searches
+maxlines = 20
+
+# Author: Andrii Melnyk
diff --git a/njallavps/swag/fail2ban/filter.d/softethervpn.conf b/njallavps/swag/fail2ban/filter.d/softethervpn.conf
new file mode 100644
index 0000000..f7e7c0c
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/softethervpn.conf
@@ -0,0 +1,9 @@
+# Fail2Ban filter for SoftEtherVPN
+# Detecting unauthorized access to SoftEtherVPN
+# typically logged in /usr/local/vpnserver/security_log/*/sec.log, or in syslog, depending on configuration
+
+[INCLUDES]
+before = common.conf
+
+[Definition]
+failregex = ^%(__prefix_line)s(?:(?:\([\d\-]+ [\d:.]+\) )?<SECURITY_LOG>: )?Connection "[^"]+": User authentication failed. The user name that has been provided was "<F-USER>(?:[^"]+|.+)</F-USER>", from <ADDR>\.$
diff --git a/njallavps/swag/fail2ban/filter.d/sogo-auth.conf b/njallavps/swag/fail2ban/filter.d/sogo-auth.conf
new file mode 100644
index 0000000..4155f89
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/sogo-auth.conf
@@ -0,0 +1,22 @@
+# Fail2ban filter for SOGo authentcation
+#
+# Log file usually in /var/log/sogo/sogo.log
+
+[Definition]
+
+failregex = ^ sogod \[\d+\]: SOGoRootPage Login from '<HOST>(?:,[^']*)?' for user '[^']*' might not have worked( - password policy: \d*  grace: -?\d*  expire: -?\d*  bound: -?\d*)?\s*$
+
+ignoreregex = "^<ADDR>"
+
+datepattern = {^LN-BEG}%%ExY(?P<_sep>[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\s*%%z)?
+              {^LN-BEG}(?:%%a )?%%b %%d %%H:%%M:%%S(?:\.%%f)?(?: %%ExY)?
+              ^[^\[]*\[({DATE})
+              {^LN-BEG}
+
+# 
+# DEV Notes:
+#
+# The error log may contain multiple hosts, whereas the first one 
+# is the client and all others are poxys. We match the first one, only
+#
+# Author: Arnd Brandes
diff --git a/njallavps/swag/fail2ban/filter.d/solid-pop3d.conf b/njallavps/swag/fail2ban/filter.d/solid-pop3d.conf
new file mode 100644
index 0000000..ba19d66
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/solid-pop3d.conf
@@ -0,0 +1,32 @@
+# Fail2Ban filter for unsuccessful solid-pop3 authentication attempts
+#
+# Doesn't currently provide PAM support as PAM log messages don't include rhost as
+# remote IP.
+#
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = solid-pop3d
+
+failregex = ^%(__prefix_line)sauthentication failed: (no such user|can't map user name): .*? - <HOST>$
+            ^%(__prefix_line)s(APOP )?authentication failed for (mapped )?user .*? - <HOST>$
+            ^%(__prefix_line)sroot login not allowed - <HOST>$
+            ^%(__prefix_line)scan't find APOP secret for user .*? - <HOST>$
+
+ignoreregex = 
+
+# DEV Notes:
+#
+# solid-pop3d needs to be compiled with --enable-logextend to support
+# IP addresses in log messages.
+#
+# solid-pop3d-0.15/src/main.c contains all authentication errors
+# except for PAM authentication messages ( src/authenticate.c )
+#
+# A pam authentication failure message (note no IP for rhost).
+# Nov 17 23:17:50 emf1pt2-2-35-70 solid-pop3d[17176]: pam_unix(solid-pop3d:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=jacques
+# 
+# Authors: Daniel Black
diff --git a/njallavps/swag/fail2ban/filter.d/squid.conf b/njallavps/swag/fail2ban/filter.d/squid.conf
new file mode 100644
index 0000000..58694c4
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/squid.conf
@@ -0,0 +1,16 @@
+# Fail2Ban filter for Squid attempted proxy bypasses
+#
+#
+
+[Definition]
+
+failregex = ^\s+\d\s<HOST>\s+[A-Z_]+_DENIED/403 .*$
+            ^\s+\d\s<HOST>\s+NONE/405 .*$
+
+ignoreregex =
+
+datepattern = {^LN-BEG}Epoch
+              {^LN-BEG}
+
+# Author: Daniel Black
+
diff --git a/njallavps/swag/fail2ban/filter.d/squirrelmail.conf b/njallavps/swag/fail2ban/filter.d/squirrelmail.conf
new file mode 100644
index 0000000..31e922e
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/squirrelmail.conf
@@ -0,0 +1,12 @@
+
+[Definition]
+
+failregex = ^ \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect\.$
+
+ignoreregex =
+
+datepattern = ^%%m/%%d/%%Y %%H:%%M:%%S
+
+# DEV NOTES:
+#
+# Author: Daniel Black
diff --git a/njallavps/swag/fail2ban/filter.d/sshd.conf b/njallavps/swag/fail2ban/filter.d/sshd.conf
new file mode 100644
index 0000000..d5d189b
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/sshd.conf
@@ -0,0 +1,138 @@
+# Fail2Ban filter for openssh
+#
+# If you want to protect OpenSSH from being bruteforced by password
+# authentication then get public key authentication working before disabling
+# PasswordAuthentication in sshd_config.
+#
+#
+# "Connection from <HOST> port \d+" requires LogLevel VERBOSE in sshd_config
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[DEFAULT]
+
+_daemon = sshd
+
+# optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
+__pref = (?:(?:error|fatal): (?:PAM: )?)?
+# optional suffix (logged from several ssh versions) like " [preauth]"
+#__suff = (?: port \d+)?(?: \[preauth\])?\s*
+__suff = (?: (?:port \d+|on \S+|\[preauth\])){0,3}\s*
+__on_port_opt = (?: (?:port \d+|on \S+)){0,2}
+# close by authenticating user:
+__authng_user = (?: (?:invalid|authenticating) user <F-USER>\S+|.*?</F-USER>)?
+
+# for all possible (also future) forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found",
+# see ssherr.c for all possible SSH_ERR_..._ALG_MATCH errors.
+__alg_match = (?:(?:\w+ (?!found\b)){0,2}\w+)
+
+# PAM authentication mechanism, can be overridden, e. g. `filter = sshd[__pam_auth='pam_ldap']`:
+__pam_auth = pam_[a-z]+
+
+[Definition]
+
+prefregex = ^<F-MLFID>%(__prefix_line)s</F-MLFID>%(__pref)s<F-CONTENT>.+</F-CONTENT>$
+
+cmnfailre = ^[aA]uthentication (?:failure|error|failed) for <F-USER>.*</F-USER> from <HOST>( via \S+)?%(__suff)s$
+            ^User not known to the underlying authentication module for <F-USER>.*</F-USER> from <HOST>%(__suff)s$
+            <cmnfailre-failed-pub-<publickey>>
+            ^Failed <cmnfailed> for (?P<cond_inv>invalid user )?<F-USER>(?P<cond_user>\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)</F-USER> from <HOST>%(__on_port_opt)s(?: ssh\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)
+            ^<F-USER>ROOT</F-USER> LOGIN REFUSED FROM <HOST>
+            ^[iI](?:llegal|nvalid) user <F-USER>.*?</F-USER> from <HOST>%(__suff)s$
+            ^User <F-USER>\S+|.*?</F-USER> from <HOST> not allowed because not listed in AllowUsers%(__suff)s$
+            ^User <F-USER>\S+|.*?</F-USER> from <HOST> not allowed because listed in DenyUsers%(__suff)s$
+            ^User <F-USER>\S+|.*?</F-USER> from <HOST> not allowed because not in any group%(__suff)s$
+            ^refused connect from \S+ \(<HOST>\)
+            ^Received <F-MLFFORGET>disconnect</F-MLFFORGET> from <HOST>%(__on_port_opt)s:\s*3: .*: Auth fail%(__suff)s$
+            ^User <F-USER>\S+|.*?</F-USER> from <HOST> not allowed because a group is listed in DenyGroups%(__suff)s$
+            ^User <F-USER>\S+|.*?</F-USER> from <HOST> not allowed because none of user's groups are listed in AllowGroups%(__suff)s$
+            ^<F-NOFAIL>%(__pam_auth)s\(sshd:auth\):\s+authentication failure;</F-NOFAIL>(?:\s+(?:(?:logname|e?uid|tty)=\S*)){0,4}\s+ruser=<F-ALT_USER>\S*</F-ALT_USER>\s+rhost=<HOST>(?:\s+user=<F-USER>\S*</F-USER>)?%(__suff)s$
+            ^maximum authentication attempts exceeded for <F-USER>.*</F-USER> from <HOST>%(__on_port_opt)s(?: ssh\d*)?%(__suff)s$
+            ^User <F-USER>\S+|.*?</F-USER> not allowed because account is locked%(__suff)s
+            ^<F-MLFFORGET>Disconnecting</F-MLFFORGET>(?: from)?(?: (?:invalid|authenticating)) user <F-USER>\S+</F-USER> <HOST>%(__on_port_opt)s:\s*Change of username or service not allowed:\s*.*\[preauth\]\s*$
+            ^Disconnecting: Too many authentication failures(?: for <F-USER>\S+|.*?</F-USER>)?%(__suff)s$
+            ^<F-NOFAIL>Received <F-MLFFORGET>disconnect</F-MLFFORGET></F-NOFAIL> from <HOST>%(__on_port_opt)s:\s*11:
+            <mdre-<mode>-other>
+            ^<F-MLFFORGET><F-MLFGAINED>Accepted \w+</F-MLFGAINED></F-MLFFORGET> for <F-USER>\S+</F-USER> from <HOST>(?:\s|$)
+
+cmnfailed-any = \S+
+cmnfailed-ignore = \b(?!publickey)\S+
+cmnfailed-invalid = <cmnfailed-ignore>
+cmnfailed-nofail = (?:<F-NOFAIL>publickey</F-NOFAIL>|\S+)
+cmnfailed = <cmnfailed-<publickey>>
+
+mdre-normal =
+# used to differentiate "connection closed" with and without `[preauth]` (fail/nofail cases in ddos mode)
+mdre-normal-other = ^<F-NOFAIL><F-MLFFORGET>(Connection (?:closed|reset)|Disconnected)</F-MLFFORGET></F-NOFAIL> (?:by|from)%(__authng_user)s <HOST>(?:%(__suff)s|\s*)$
+
+mdre-ddos = ^Did not receive identification string from <HOST>
+            ^kex_exchange_identification: (?:read: )?(?:[Cc]lient sent invalid protocol identifier|[Cc]onnection (?:closed by remote host|reset by peer))
+            ^Bad protocol version identification '.*' from <HOST>
+            ^<F-NOFAIL>SSH: Server;Ltype:</F-NOFAIL> (?:Authname|Version|Kex);Remote: <HOST>-\d+;[A-Z]\w+:
+            ^Read from socket failed: Connection <F-MLFFORGET>reset</F-MLFFORGET> by peer
+            ^banner exchange: Connection from <HOST><__on_port_opt>: invalid format
+# same as mdre-normal-other, but as failure (without <F-NOFAIL> with [preauth] and with <F-NOFAIL> on no preauth phase as helper to identify address):
+mdre-ddos-other = ^<F-MLFFORGET>(Connection (?:closed|reset)|Disconnected)</F-MLFFORGET> (?:by|from)%(__authng_user)s <HOST>%(__on_port_opt)s\s+\[preauth\]\s*$
+                  ^<F-NOFAIL><F-MLFFORGET>(Connection (?:closed|reset)|Disconnected)</F-MLFFORGET></F-NOFAIL> (?:by|from)%(__authng_user)s <HOST>(?:%(__on_port_opt)s|\s*)$
+
+mdre-extra = ^Received <F-MLFFORGET>disconnect</F-MLFFORGET> from <HOST>%(__on_port_opt)s:\s*14: No(?: supported)? authentication methods available
+            ^Unable to negotiate with <HOST>%(__on_port_opt)s: no matching <__alg_match> found.
+            ^Unable to negotiate a <__alg_match>
+            ^no matching <__alg_match> found:
+# part of mdre-ddos-other, but user name is supplied (invalid/authenticating) on [preauth] phase only:
+mdre-extra-other = ^<F-MLFFORGET>Disconnected</F-MLFFORGET>(?: from)?(?: (?:invalid|authenticating)) user <F-USER>\S+|.*?</F-USER> <HOST>%(__on_port_opt)s \[preauth\]\s*$
+
+mdre-aggressive = %(mdre-ddos)s
+                  %(mdre-extra)s
+# mdre-extra-other is fully included within mdre-ddos-other:
+mdre-aggressive-other = %(mdre-ddos-other)s
+
+# Parameter "publickey": nofail (default), invalid, any, ignore
+publickey = nofail
+# consider failed publickey for invalid users only:
+cmnfailre-failed-pub-invalid = ^Failed publickey for invalid user <F-USER>(?P<cond_user>\S+)|(?:(?! from ).)*?</F-USER> from <HOST>%(__on_port_opt)s(?: ssh\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)
+# consider failed publickey for valid users too (don't need RE, see cmnfailed):
+cmnfailre-failed-pub-any =
+# same as invalid, but consider failed publickey for valid users too, just as no failure (helper to get IP and user-name only, see cmnfailed):
+cmnfailre-failed-pub-nofail = <cmnfailre-failed-pub-invalid>
+# don't consider failed publickey as failures (don't need RE, see cmnfailed):
+cmnfailre-failed-pub-ignore =
+
+cfooterre = ^<F-NOFAIL>Connection from</F-NOFAIL> <HOST>
+
+failregex = %(cmnfailre)s
+            <mdre-<mode>>
+            %(cfooterre)s
+
+# Parameter "mode": normal (default), ddos, extra or aggressive (combines all)
+# Usage example (for jail.local):
+#   [sshd]
+#   mode = extra
+#   # or another jail (rewrite filter parameters of jail):
+#   [sshd-aggressive]
+#   filter = sshd[mode=aggressive]
+#
+mode = normal
+
+#filter = sshd[mode=aggressive]
+
+ignoreregex = 
+
+maxlines = 1
+
+journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd
+
+# DEV Notes:
+#
+#   "Failed \S+ for .*? from <HOST>..." failregex uses non-greedy catch-all because
+#   it is coming before use of <HOST> which is not hard-anchored at the end as well,
+#   and later catch-all's could contain user-provided input, which need to be greedily
+#   matched away first.
+#
+# Author: Cyril Jaquier, Yaroslav Halchenko, Petr Voralek, Daniel Black and Sergey Brester aka sebres
+# Rewritten using prefregex (and introduced "mode" parameter) by Serg G. Brester.
diff --git a/njallavps/swag/fail2ban/filter.d/stunnel.conf b/njallavps/swag/fail2ban/filter.d/stunnel.conf
new file mode 100644
index 0000000..2396d89
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/stunnel.conf
@@ -0,0 +1,13 @@
+# Fail2ban filter for stunnel
+
+[Definition]
+
+failregex = ^ LOG\d\[\d+:\d+\]:\ SSL_accept from <HOST>:\d+ : (?P<CODE>[\dA-F]+): error:(?P=CODE):SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate$
+
+ignoreregex =
+
+# DEV NOTES:
+# 
+# Author: Daniel Black
+#
+# Based off: http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal#stunnel4
diff --git a/njallavps/swag/fail2ban/filter.d/suhosin.conf b/njallavps/swag/fail2ban/filter.d/suhosin.conf
new file mode 100644
index 0000000..46fbe38
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/suhosin.conf
@@ -0,0 +1,28 @@
+# Fail2Ban filter for suhosian PHP hardening
+#
+# This occurs with lighttpd or directly from the plugin
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+_daemon = (?:lighttpd|suhosin)
+
+
+_lighttpd_prefix = (?:\(mod_fastcgi\.c\.\d+\) FastCGI-stderr:\s)
+
+failregex = ^%(__prefix_line)s%(_lighttpd_prefix)s?ALERT - .*? \(attacker '<HOST>', file '[^']*'(?:, line \d+)?\)$
+
+ignoreregex = 
+
+# DEV Notes:
+#
+# https://github.com/stefanesser/suhosin/blob/1fba865ab73cc98a3109f88d85eb82c1bfc29b37/log.c#L161
+#
+# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
diff --git a/njallavps/swag/fail2ban/filter.d/tine20.conf b/njallavps/swag/fail2ban/filter.d/tine20.conf
new file mode 100644
index 0000000..a80d89e
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/tine20.conf
@@ -0,0 +1,24 @@
+# Fail2Ban filter for Tine 2.0 authentication
+#
+# Enable logging with:
+# $config['info_log']='/var/log/tine20/tine20.log';
+#
+
+[Definition]
+
+failregex =  ^[\da-f]{5,} [\da-f]{5,} (-- none --|.*?)( \d+(\.\d+)?(h|m|s|ms)){0,2} -  WARN \(\d+\): Tinebase_Controller::login::\d+ Login with username .*? from <HOST> failed \(-[13]\)!$
+
+ignoreregex = 
+
+datepattern = ^[^-]+ -- [^-]+ -- - ({DATE})
+              {^LN-BEG}
+
+# Author: Mika (mkl) from Tine20.org forum: https://www.tine20.org/forum/viewtopic.php?f=2&t=15688&p=54766
+# Editor: Daniel Black
+# Advisor: Lars Kneschke
+#
+# Usernames can contain spaces.
+#
+# Authentication: http://git.tine20.org/git?p=tine20;a=blob;f=tine20/Tinebase/Controller.php#l105
+# Logger: http://git.tine20.org/git?p=tine20;a=blob;f=tine20/Tinebase/Log/Formatter.php
+# formatMicrotimeDiff: http://git.tine20.org/git?p=tine20;a=blob;f=tine20/Tinebase/Helper.php#l276
diff --git a/njallavps/swag/fail2ban/filter.d/traefik-auth.conf b/njallavps/swag/fail2ban/filter.d/traefik-auth.conf
new file mode 100644
index 0000000..8022fee
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/traefik-auth.conf
@@ -0,0 +1,76 @@
+# Fail2ban filter configuration for traefik :: auth
+# used to ban hosts, that were failed through traefik
+#
+# Author: CrazyMax
+#
+# To use 'traefik-auth' filter you have to configure your Traefik instance to write
+# the access logs as describe in https://docs.traefik.io/configuration/logs/#access-logs
+# into a log file on host and specifiy users for Basic Authentication
+# https://docs.traefik.io/configuration/entrypoints/#basic-authentication
+#
+# Example:
+#
+# version: "3.2"
+#
+# services:
+#   traefik:
+#     image: traefik:latest
+#     command:
+#       - "--loglevel=INFO"
+#       - "--accesslog=true"
+#       - "--accessLog.filePath=/var/log/access.log"
+# #       - "--accessLog.filters.statusCodes=400-499"
+#       - "--defaultentrypoints=http,https"
+#       - "--entryPoints=Name:http Address::80"
+#       - "--entryPoints=Name:https Address::443 TLS"
+#       - "--docker.domain=example.com"
+#       - "--docker.watch=true"
+#       - "--docker.exposedbydefault=false"
+#       - "--api=true"
+#       - "--api.dashboard=true"
+#     ports:
+#       - target: 80
+#         published: 80
+#         protocol: tcp
+#         mode: host
+#       - target: 443
+#         published: 443
+#         protocol: tcp
+#         mode: host
+#     labels:
+#       - "traefik.enable=true"
+#       - "traefik.port=8080"
+#       - "traefik.backend=traefik"
+#       - "traefik.frontend.rule=Host:traefik.example.com"
+#       - "traefik.frontend.auth.basic.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/"
+#     volumes:
+#       - "/var/log/traefik:/var/log"
+#       - "/var/run/docker.sock:/var/run/docker.sock"
+#     restart: always
+#
+
+[Definition]
+
+# Parameter "method" can be used to specifiy request method
+req-method = \S+
+# Usage example (for jail.local):
+#   filter = traefik-auth[req-method="GET|POST|HEAD"]
+
+failregex = ^<HOST> \- <usrre-<mode>> \[\] \"(?:<req-method>) [^\"]+\" 401\b
+
+ignoreregex =
+
+# Parameter "mode": normal (default), ddos or aggressive
+# Usage example (for jail.local):
+#   [traefik-auth]
+#   mode = aggressive
+#   # or another jail (rewrite filter parameters of jail):
+#   [traefik-auth-ddos]
+#   filter = traefik-auth[mode=ddos]
+#
+mode = normal
+
+# part of failregex matches user name (must be available in normal mode, must be empty in ddos mode, and both for aggressive mode):
+usrre-normal = (?!- )<F-USER>\S+</F-USER>
+usrre-ddos = -
+usrre-aggressive = <F-USER>\S+</F-USER>
\ No newline at end of file
diff --git a/njallavps/swag/fail2ban/filter.d/uwimap-auth.conf b/njallavps/swag/fail2ban/filter.d/uwimap-auth.conf
new file mode 100644
index 0000000..f734eb7
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/uwimap-auth.conf
@@ -0,0 +1,17 @@
+# Fail2Ban filter for uwimap
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = (?:ipop3d|imapd)
+
+failregex = ^%(__prefix_line)sLogin (?:failed|excessive login failures|disabled|SYSTEM BREAK-IN ATTEMPT) user=\S* auth=\S* host=.*\[<HOST>\]\s*$ 
+            ^%(__prefix_line)sFailed .* override of user=.* host=.*\[<HOST>\]\s*$
+
+ignoreregex = 
+
+# Author: Amir Caspi
diff --git a/njallavps/swag/fail2ban/filter.d/vsftpd.conf b/njallavps/swag/fail2ban/filter.d/vsftpd.conf
new file mode 100644
index 0000000..2ecc44d
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/vsftpd.conf
@@ -0,0 +1,22 @@
+# Fail2Ban filter for vsftp
+#
+# Configure VSFTP for "dual_log_enable=YES", and have fail2ban watch
+# /var/log/vsftpd.log instead of /var/log/secure. vsftpd.log file shows the
+# incoming ip address rather than domain names.
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+__pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:?
+_daemon =  vsftpd
+
+failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+            ^ \[pid \d+\] \[[^\]]+\] FAIL LOGIN: Client "<HOST>"(?:\s*$|,)
+
+ignoreregex = 
+
+# Author: Cyril Jaquier
+# Documentation from fail2ban wiki
diff --git a/njallavps/swag/fail2ban/filter.d/webmin-auth.conf b/njallavps/swag/fail2ban/filter.d/webmin-auth.conf
new file mode 100644
index 0000000..a0f014c
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/webmin-auth.conf
@@ -0,0 +1,22 @@
+# Fail2Ban filter for webmin
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = webmin
+
+failregex = ^%(__prefix_line)sNon-existent login as .+ from <HOST>\s*$
+            ^%(__prefix_line)sInvalid login as .+ from <HOST>\s*$
+
+ignoreregex = 
+
+# DEV Notes:
+#
+# pattern :     webmin[15673]: Non-existent login as toto from 86.0.6.217
+#               webmin[29544]: Invalid login as root from 86.0.6.217
+#
+# Rule Author: Delvit Guillaume
diff --git a/njallavps/swag/fail2ban/filter.d/wuftpd.conf b/njallavps/swag/fail2ban/filter.d/wuftpd.conf
new file mode 100644
index 0000000..6f6700e
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/wuftpd.conf
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file for wuftpd
+#
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = wu-ftpd
+__pam_re=\(?%(__pam_auth)s(?:\(wu-ftpd:auth\))?\)?:?
+
+failregex = ^%(__prefix_line)sfailed login from \S+ \[<HOST>\]\s*$
+            ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+
+
+ignoreregex = 
+
+# Author: Yaroslav Halchenko
diff --git a/njallavps/swag/fail2ban/filter.d/xinetd-fail.conf b/njallavps/swag/fail2ban/filter.d/xinetd-fail.conf
new file mode 100644
index 0000000..b4093d9
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/xinetd-fail.conf
@@ -0,0 +1,29 @@
+# Fail2Ban filter for xinetd failures
+#
+# Cfr.: /var/log/(daemon\.|sys)log
+#
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = xinetd
+
+prefregex = ^%(__prefix_line)sFAIL: <F-CONTENT>.+</F-CONTENT>$
+
+failregex = ^\S+ address from=<HOST>$
+            ^\S+ libwrap from=<HOST>$
+
+ignoreregex = 
+
+# DEV Notes:
+#
+# libwrap => tcp wrappers: hosts.(allow|deny)
+# address => xinetd: deny_from|only_from
+#
+# Author: Guido Bozzetto
diff --git a/njallavps/swag/fail2ban/filter.d/znc-adminlog.conf b/njallavps/swag/fail2ban/filter.d/znc-adminlog.conf
new file mode 100644
index 0000000..8faa25e
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/znc-adminlog.conf
@@ -0,0 +1,34 @@
+# Fail2Ban filter for ZNC (requires adminlog module)
+#
+# to use this module, enable the adminlog module from within ZNC and point
+# logpath to its logfile (e.g. /var/lib/znc/moddata/adminlog/znc.log).
+
+[DEFAULT]
+
+logtype = file
+
+[Definition]
+
+_daemon = znc
+
+# Prefix for different logtype (file, journal):
+#
+__prefix_file = (?:\[\]\s+)?
+__prefix_short = (?:\S+\s+%(_daemon)s\[\d+\]:)\s+
+__prefix_journal = %(__prefix_short)s
+
+__prefix_line = <__prefix_<logtype>>
+
+failregex = ^%(__prefix_line)s\[[^]]+\] failed to login from <ADDR>
+
+ignoreregex = 
+
+journalmatch = _SYSTEMD_UNIT=znc.service + _COMM=znc
+
+# DEV Notes:
+# Log format is: [<DATE+TIME>] [<USERNAME>] <ACTION> from <ADDR>
+# [2018-10-27 01:40:17] [girst] connected to ZNC from 1.2.3.4
+# [2018-10-27 01:40:21] [girst] disconnected from ZNC from 1.2.3.4
+# [2018-10-27 01:40:55] [girst] failed to login from 1.2.3.4
+#
+# Author: Tobias Girstmair (//gir.st/)
diff --git a/njallavps/swag/fail2ban/filter.d/zoneminder.conf b/njallavps/swag/fail2ban/filter.d/zoneminder.conf
new file mode 100644
index 0000000..8e8ed43
--- /dev/null
+++ b/njallavps/swag/fail2ban/filter.d/zoneminder.conf
@@ -0,0 +1,27 @@
+# Fail2Ban filter for Zoneminder login failures
+
+[INCLUDES]
+before = apache-common.conf
+
+[Definition]
+
+# patterns: [Mon Mar 28 16:50:49.522240 2016] [:error] [pid 1795] [client 10.1.1.1:50700] WAR [Login denied for user "username1"], referer: https://zoneminder/
+#           [Sun Mar 28 16:53:00.472693 2021] [php7:notice] [pid 11328] [client 10.1.1.1:39568] ERR [Could not retrieve user test details], referer: https://zm/
+#           [Sun Mar 28 16:59:14.150625 2021] [php7:notice] [pid 11336] [client 10.1.1.1:39654] ERR [Login denied for user "john"], referer: https://zm/
+#
+# Option:  failregex
+# Notes.:  regex to match the login failure and non-existent user error messages in the logfile.
+
+prefregex = ^%(_apache_error_client)s (?:ERR|WAR) <F-CONTENT>\[(?:Login denied|Could not retrieve).*</F-CONTENT>$
+
+failregex = ^\[Login denied for user "<F-USER>[^"]*</F-USER>"\]
+            ^\[Could not retrieve user <F-USER>\S*</F-USER>
+
+ignoreregex =
+
+# Notes:
+#	Tested on Zoneminder 1.29 and 1.35.21
+#
+#	Zoneminder versions > 1.3x use "ERR" and < 1.3x use "WAR" level logs, so i've kept both for compatibility reasons
+#
+# Author: John Marzella
diff --git a/njallavps/swag/fail2ban/jail.local b/njallavps/swag/fail2ban/jail.local
new file mode 100644
index 0000000..c641c41
--- /dev/null
+++ b/njallavps/swag/fail2ban/jail.local
@@ -0,0 +1,78 @@
+## Version 2022/01/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/jail.local
+# This is the custom version of the jail.conf for fail2ban
+# Feel free to modify this and add additional filters
+# Then you can drop the new filter conf files into the fail2ban-filters
+# folder and restart the container
+
+[DEFAULT]
+# Prevents banning LAN subnets
+ignoreip = 10.0.0.0/8
+           192.168.0.0/16
+           172.16.0.0/12
+
+# Changes the default ban action from "iptables-multiport", which causes issues on some platforms, to "iptables-allports".
+banaction = iptables-allports
+
+# "bantime" is the number of seconds that a host is banned.
+bantime  = 600
+
+# A host is banned if it has generated "maxretry" during the last "findtime"
+# seconds.
+findtime  = 600
+
+# "maxretry" is the number of failures before a host get banned.
+maxretry = 5
+
+
+[ssh]
+enabled = false
+
+[nginx-http-auth]
+enabled  = true
+filter   = nginx-http-auth
+port     = http,https
+logpath  = /config/log/nginx/error.log
+
+[nginx-badbots]
+enabled  = true
+port     = http,https
+filter   = nginx-badbots
+logpath  = /config/log/nginx/access.log
+maxretry = 2
+
+[nginx-botsearch]
+enabled  = true
+port     = http,https
+filter   = nginx-botsearch
+logpath  = /config/log/nginx/access.log
+
+[nginx-deny]
+enabled  = true
+port     = http,https
+filter   = nginx-deny
+logpath  = /config/log/nginx/error.log
+
+[nginx-unauthorized]
+enabled  = true
+port     = http,https
+filter   = nginx-unauthorized
+logpath  = /config/log/nginx/unauthorized.log
+
+#[gitea]
+#enabled = true
+#filter = gitea
+#logpath = /var/lib/gitea/log/gitea.log
+#maxretry = 10
+#findtime = 3600
+#bantime = 900
+#action = iptables-allports
+
+#[gitea-docker]
+#enabled = true
+#filter = gitea
+#logpath = /var/lib/gitea/log/gitea.log
+#maxretry = 10
+#findtime = 3600
+#bantime = 900
+#action = iptables-allports[chain="FORWARD"]
+
diff --git a/njallavps/swag/nginx/authelia-location.conf b/njallavps/swag/nginx/authelia-location.conf
new file mode 100644
index 0000000..e3c1e98
--- /dev/null
+++ b/njallavps/swag/nginx/authelia-location.conf
@@ -0,0 +1,15 @@
+## Version 2021/04/21 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-location.conf
+# Make sure that your authelia container is in the same user defined bridge network and is named authelia
+# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
+
+auth_request /authelia/api/verify;
+auth_request_set $target_url $scheme://$http_host$request_uri;
+auth_request_set $user $upstream_http_remote_user;
+auth_request_set $groups $upstream_http_remote_groups;
+auth_request_set $name $upstream_http_remote_name;
+auth_request_set $email $upstream_http_remote_email;
+proxy_set_header Remote-User $user;
+proxy_set_header Remote-Groups $groups;
+proxy_set_header Remote-Name $name;
+proxy_set_header Remote-Email $email;
+error_page 401 =302 https://$http_host/authelia/?rd=$target_url;
diff --git a/njallavps/swag/nginx/authelia-location.conf.sample b/njallavps/swag/nginx/authelia-location.conf.sample
new file mode 100644
index 0000000..b7e37ae
--- /dev/null
+++ b/njallavps/swag/nginx/authelia-location.conf.sample
@@ -0,0 +1,15 @@
+## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
+# Make sure that your authelia container is in the same user defined bridge network and is named authelia
+# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
+
+auth_request /authelia/api/verify;
+auth_request_set $target_url $scheme://$http_host$request_uri;
+auth_request_set $user $upstream_http_remote_user;
+auth_request_set $groups $upstream_http_remote_groups;
+auth_request_set $name $upstream_http_remote_name;
+auth_request_set $email $upstream_http_remote_email;
+proxy_set_header Remote-User $user;
+proxy_set_header Remote-Groups $groups;
+proxy_set_header Remote-Name $name;
+proxy_set_header Remote-Email $email;
+error_page 401 =302 https://$http_host/authelia/?rd=$target_url;
diff --git a/njallavps/swag/nginx/authelia-server.conf b/njallavps/swag/nginx/authelia-server.conf
new file mode 100644
index 0000000..8bd63d0
--- /dev/null
+++ b/njallavps/swag/nginx/authelia-server.conf
@@ -0,0 +1,52 @@
+## Version 2021/05/28 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-server.conf
+# Make sure that your authelia container is in the same user defined bridge network and is named authelia
+
+location ^~ /authelia {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_authelia authelia;
+    proxy_pass http://$upstream_authelia:9091;
+}
+
+location = /authelia/api/verify {
+    internal;
+    if ($request_uri ~ [^a-zA-Z0-9_+-=\!@$%&*?~.:#'\;\(\)\[\]]) {
+        return 401;
+    }
+    include /config/nginx/resolver.conf;
+    set $upstream_authelia authelia;
+    proxy_pass_request_body off;
+    proxy_pass http://$upstream_authelia:9091;
+    proxy_set_header Content-Length "";
+
+    # Timeout if the real server is dead
+    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+
+    # [REQUIRED] Needed by Authelia to check authorizations of the resource.
+    # Provide either X-Original-URL and X-Forwarded-Proto or
+    # X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both.
+    # Those headers will be used by Authelia to deduce the target url of the user.
+    # Basic Proxy Config
+    client_body_buffer_size 128k;
+    proxy_set_header Host $host;
+    proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_set_header X-Forwarded-Method $request_method;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Host $http_host;
+    proxy_set_header X-Forwarded-Uri $request_uri;
+    proxy_set_header X-Forwarded-Ssl on;
+    proxy_redirect  http://  $scheme://;
+    proxy_http_version 1.1;
+    proxy_set_header Connection "";
+    proxy_cache_bypass $cookie_session;
+    proxy_no_cache $cookie_session;
+    proxy_buffers 4 32k;
+
+    # Advanced Proxy Config
+    send_timeout 5m;
+    proxy_read_timeout 240;
+    proxy_send_timeout 240;
+    proxy_connect_timeout 240;
+}
diff --git a/njallavps/swag/nginx/authelia-server.conf.sample b/njallavps/swag/nginx/authelia-server.conf.sample
new file mode 100644
index 0000000..dfb34f3
--- /dev/null
+++ b/njallavps/swag/nginx/authelia-server.conf.sample
@@ -0,0 +1,50 @@
+## Version 2022/09/22 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
+# Make sure that your authelia container is in the same user defined bridge network and is named authelia
+
+location ^~ /authelia {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_authelia authelia;
+    proxy_pass http://$upstream_authelia:9091;
+}
+
+location = /authelia/api/verify {
+    internal;
+
+    include /config/nginx/resolver.conf;
+    set $upstream_authelia authelia;
+    proxy_pass_request_body off;
+    proxy_pass http://$upstream_authelia:9091;
+    proxy_set_header Content-Length "";
+
+    # Timeout if the real server is dead
+    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+
+    # [REQUIRED] Needed by Authelia to check authorizations of the resource.
+    # Provide either X-Original-URL and X-Forwarded-Proto or
+    # X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both.
+    # Those headers will be used by Authelia to deduce the target url of the user.
+    # Basic Proxy Config
+    client_body_buffer_size 128k;
+    proxy_set_header Host $host;
+    proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_set_header X-Forwarded-Method $request_method;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Host $http_host;
+    proxy_set_header X-Forwarded-Uri $request_uri;
+    proxy_set_header X-Forwarded-Ssl on;
+    proxy_redirect  http://  $scheme://;
+    proxy_http_version 1.1;
+    proxy_set_header Connection "";
+    proxy_cache_bypass $cookie_session;
+    proxy_no_cache $cookie_session;
+    proxy_buffers 4 32k;
+
+    # Advanced Proxy Config
+    send_timeout 5m;
+    proxy_read_timeout 240;
+    proxy_send_timeout 240;
+    proxy_connect_timeout 240;
+}
diff --git a/njallavps/swag/nginx/default b/njallavps/swag/nginx/default
new file mode 100644
index 0000000..e69de29
diff --git a/njallavps/swag/nginx/dhparams.pem b/njallavps/swag/nginx/dhparams.pem
new file mode 100644
index 0000000..eed4c41
--- /dev/null
+++ b/njallavps/swag/nginx/dhparams.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
+8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
+iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
+zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
+-----END DH PARAMETERS-----
\ No newline at end of file
diff --git a/njallavps/swag/nginx/elementssl.conf b/njallavps/swag/nginx/elementssl.conf
new file mode 100644
index 0000000..f42a4fc
--- /dev/null
+++ b/njallavps/swag/nginx/elementssl.conf
@@ -0,0 +1,47 @@
+## Version 2021/09/19 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ssl.conf
+
+### Mozilla Recommendations
+# generated 2020-06-17, Mozilla Guideline v5.4, nginx 1.18.0-r0, OpenSSL 1.1.1g-r0, intermediate configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0-r0&config=intermediate&openssl=1.1.1g-r0&guideline=5.4
+
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+ssl_session_tickets off;
+
+# intermediate configuration
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ssl_prefer_server_ciphers off;
+
+# OCSP stapling
+ssl_stapling on;
+ssl_stapling_verify on;
+
+
+### Linuxserver.io Defaults
+
+# Certificates
+ssl_certificate /config/keys/letsencrypt/fullchain.pem;
+ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
+# verify chain of trust of OCSP response using Root CA and Intermediate certs
+ssl_trusted_certificate /config/keys/letsencrypt/fullchain.pem;
+
+# Diffie-Hellman Parameters
+ssl_dhparam /config/nginx/dhparams.pem;
+
+# Enable TLS 1.3 early data
+ssl_early_data on;
+
+# HSTS, remove # from the line below to enable HSTS
+add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
+
+# Optional additional headers
+#add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src * https: data:; img-src * https: data:; manifest-src * https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'";
+add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
+add_header Referrer-Policy "same-origin" always;
+add_header X-Content-Type-Options "nosniff" always;
+#add_header X-UA-Compatible "IE=Edge" always;
+add_header X-XSS-Protection "0" always;
+#add_header Cross-Origin-Resource-Policy same-origin;
+#add_header Cross-Origin-Embedder-Policy require-corp;
+add_header Cross-Origin-Opener-Policy same-origin;
diff --git a/njallavps/swag/nginx/gitssl.conf b/njallavps/swag/nginx/gitssl.conf
new file mode 100644
index 0000000..8bb59dd
--- /dev/null
+++ b/njallavps/swag/nginx/gitssl.conf
@@ -0,0 +1,48 @@
+## Version 2021/09/19 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ssl.conf
+
+### Mozilla Recommendations
+# generated 2020-06-17, Mozilla Guideline v5.4, nginx 1.18.0-r0, OpenSSL 1.1.1g-r0, intermediate configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0-r0&config=intermediate&openssl=1.1.1g-r0&guideline=5.4
+
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+ssl_session_tickets off;
+
+# intermediate configuration
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ssl_prefer_server_ciphers off;
+
+# OCSP stapling
+ssl_stapling on;
+ssl_stapling_verify on;
+
+
+### Linuxserver.io Defaults
+
+# Certificates
+ssl_certificate /config/keys/letsencrypt/fullchain.pem;
+ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
+# verify chain of trust of OCSP response using Root CA and Intermediate certs
+ssl_trusted_certificate /config/keys/letsencrypt/fullchain.pem;
+
+# Diffie-Hellman Parameters
+ssl_dhparam /config/nginx/dhparams.pem;
+
+# Enable TLS 1.3 early data
+ssl_early_data on;
+
+# HSTS, remove # from the line below to enable HSTS
+add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
+
+# Optional additional headers
+add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src * https: data:; img-src * https: data:; manifest-src * https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'";
+add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
+add_header Referrer-Policy "same-origin" always;
+add_header X-Content-Type-Options "nosniff" always;
+#add_header X-UA-Compatible "IE=Edge" always;
+add_header X-XSS-Protection "0" always;
+add_header Cross-Origin-Resource-Policy same-origin;
+#add_header Cross-Origin-Embedder-Policy require-corp;
+add_header Cross-Origin-Opener-Policy same-origin;
+add_header X-Frame-Options SAMEORIGIN;
diff --git a/njallavps/swag/nginx/ldap-location.conf b/njallavps/swag/nginx/ldap-location.conf
new file mode 100644
index 0000000..fb9cac1
--- /dev/null
+++ b/njallavps/swag/nginx/ldap-location.conf
@@ -0,0 +1,4 @@
+## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/ldap-location.conf.sample
+
+auth_request /auth;
+error_page 401 =200 /ldaplogin;
diff --git a/njallavps/swag/nginx/ldap-location.conf.sample b/njallavps/swag/nginx/ldap-location.conf.sample
new file mode 100644
index 0000000..fb9cac1
--- /dev/null
+++ b/njallavps/swag/nginx/ldap-location.conf.sample
@@ -0,0 +1,4 @@
+## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/ldap-location.conf.sample
+
+auth_request /auth;
+error_page 401 =200 /ldaplogin;
diff --git a/njallavps/swag/nginx/ldap-server.conf b/njallavps/swag/nginx/ldap-server.conf
new file mode 100644
index 0000000..90120c7
--- /dev/null
+++ b/njallavps/swag/nginx/ldap-server.conf
@@ -0,0 +1,92 @@
+## Version 2020/06/02 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ldap.conf
+## this conf is meant to be used in conjunction with our ldap-auth image: https://github.com/linuxserver/docker-ldap-auth
+## see the heimdall example in the default site config for info on enabling ldap auth
+## for further instructions on this conf, see https://github.com/nginxinc/nginx-ldap-auth
+
+    location /ldaplogin {
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_auth_app ldap-auth;
+        set $upstream_auth_port 9000;
+        set $upstream_auth_proto http;
+        proxy_pass $upstream_auth_proto://$upstream_auth_app:$upstream_auth_port;
+        proxy_set_header X-Target $request_uri;
+    }
+
+    location = /auth {
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_auth_app ldap-auth;
+        set $upstream_auth_port 8888;
+        set $upstream_auth_proto http;
+        proxy_pass $upstream_auth_proto://$upstream_auth_app:$upstream_auth_port;
+
+        proxy_pass_request_body off;
+        proxy_set_header Content-Length "";
+
+        #Before enabling the below caching options, make sure you have the line "proxy_cache_path cache/ keys_zone=auth_cache:10m;" at the bottom your default site config
+        #proxy_cache auth_cache;
+        #proxy_cache_valid 200 10m;
+        #proxy_cache_key "$http_authorization$cookie_nginxauth";
+
+        # As implemented in nginx-ldap-auth-daemon.py, the ldap-auth daemon
+        # communicates with a LDAP server, passing in the following
+        # parameters to specify which user account to authenticate. To
+        # eliminate the need to modify the Python code, this file contains
+        # 'proxy_set_header' directives that set the values of the
+        # parameters. Set or change them as instructed in the comments.
+        #
+        #    Parameter      Proxy header
+        #    -----------    ----------------
+        #    url            X-Ldap-URL
+        #    starttls       X-Ldap-Starttls
+        #    basedn         X-Ldap-BaseDN
+        #    binddn         X-Ldap-BindDN
+        #    bindpasswd     X-Ldap-BindPass
+        #    cookiename     X-CookieName
+        #    realm          X-Ldap-Realm
+        #    template       X-Ldap-Template
+
+        # (Required) Set the URL and port for connecting to the LDAP server,
+        # by replacing 'example.com'.
+        # Do not mix ldaps-style URL and X-Ldap-Starttls as it will not work.
+        proxy_set_header X-Ldap-URL      "ldap://example.com";
+
+        # (Optional) Establish a TLS-enabled LDAP session after binding to the
+        # LDAP server.
+        # This is the 'proper' way to establish encrypted TLS connections, see
+        # http://www.openldap.org/faq/data/cache/185.html
+        #proxy_set_header X-Ldap-Starttls "true";
+
+        # (Required) Set the Base DN, by replacing the value enclosed in
+        # double quotes.
+        proxy_set_header X-Ldap-BaseDN   "cn=Users,dc=test,dc=local";
+
+        # (Required) Set the Bind DN, by replacing the value enclosed in
+        # double quotes.
+        # If AD, use "root@test.local"
+        proxy_set_header X-Ldap-BindDN   "cn=root,dc=test,dc=local";
+
+        # (Required) Set the Bind password, by replacing 'secret'.
+        proxy_set_header X-Ldap-BindPass "secret";
+
+        # (Required) The following directives set the cookie name and pass
+        # it, respectively. They are required for cookie-based
+        # authentication. Comment them out if using HTTP basic
+        # authentication.
+        proxy_set_header X-CookieName "nginxauth";
+        proxy_set_header Cookie nginxauth=$cookie_nginxauth;
+
+        # (Required if using Microsoft Active Directory as the LDAP server)
+        # Set the LDAP template by uncommenting the following directive.
+        #proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)";
+
+        # (Optional if using OpenLDAP as the LDAP server) Set the LDAP
+        # template by uncommenting the following directive and replacing
+        # '(cn=%(username)s)' which is the default set in
+        # nginx-ldap-auth-daemon.py.
+        #proxy_set_header X-Ldap-Template "(cn=%(username)s)";
+
+        # (Optional) Set the realm name, by uncommenting the following
+        # directive and replacing 'Restricted' which is the default set
+        # in nginx-ldap-auth-daemon.py.
+        #proxy_set_header X-Ldap-Realm    "Restricted";
+    }
diff --git a/njallavps/swag/nginx/ldap-server.conf.sample b/njallavps/swag/nginx/ldap-server.conf.sample
new file mode 100644
index 0000000..e6e2bfe
--- /dev/null
+++ b/njallavps/swag/nginx/ldap-server.conf.sample
@@ -0,0 +1,90 @@
+## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/ldap-server.conf.sample
+## this conf is meant to be used in conjunction with our ldap-auth image: https://github.com/linuxserver/docker-ldap-auth
+## see the heimdall example in the default site config for info on enabling ldap auth
+## for further instructions on this conf, see https://github.com/nginxinc/nginx-ldap-auth
+
+location /ldaplogin {
+
+    set $upstream_auth_app ldap-auth;
+    set $upstream_auth_port 9000;
+    set $upstream_auth_proto http;
+    proxy_pass $upstream_auth_proto://$upstream_auth_app:$upstream_auth_port;
+    proxy_set_header X-Target $request_uri;
+}
+
+location = /auth {
+
+    set $upstream_auth_app ldap-auth;
+    set $upstream_auth_port 8888;
+    set $upstream_auth_proto http;
+    proxy_pass $upstream_auth_proto://$upstream_auth_app:$upstream_auth_port;
+
+    proxy_pass_request_body off;
+    proxy_set_header Content-Length "";
+
+    #Before enabling the below caching options, make sure you have the line "proxy_cache_path cache/ keys_zone=auth_cache:10m;" at the bottom your default site config
+    #proxy_cache auth_cache;
+    #proxy_cache_valid 200 10m;
+    #proxy_cache_key "$http_authorization$cookie_nginxauth";
+
+    # As implemented in nginx-ldap-auth-daemon.py, the ldap-auth daemon
+    # communicates with a LDAP server, passing in the following
+    # parameters to specify which user account to authenticate. To
+    # eliminate the need to modify the Python code, this file contains
+    # 'proxy_set_header' directives that set the values of the
+    # parameters. Set or change them as instructed in the comments.
+    #
+    #    Parameter      Proxy header
+    #    -----------    ----------------
+    #    url            X-Ldap-URL
+    #    starttls       X-Ldap-Starttls
+    #    basedn         X-Ldap-BaseDN
+    #    binddn         X-Ldap-BindDN
+    #    bindpasswd     X-Ldap-BindPass
+    #    cookiename     X-CookieName
+    #    realm          X-Ldap-Realm
+    #    template       X-Ldap-Template
+    # (Required) Set the URL and port for connecting to the LDAP server,
+    # by replacing 'example.com'.
+    # Do not mix ldaps-style URL and X-Ldap-Starttls as it will not work.
+    proxy_set_header X-Ldap-URL "ldap://example.com";
+
+    # (Optional) Establish a TLS-enabled LDAP session after binding to the
+    # LDAP server.
+    # This is the 'proper' way to establish encrypted TLS connections, see
+    # http://www.openldap.org/faq/data/cache/185.html
+    #proxy_set_header X-Ldap-Starttls "true";
+
+    # (Required) Set the Base DN, by replacing the value enclosed in
+    # double quotes.
+    proxy_set_header X-Ldap-BaseDN "cn=Users,dc=test,dc=local";
+
+    # (Required) Set the Bind DN, by replacing the value enclosed in
+    # double quotes.
+    # If AD, use "root@test.local"
+    proxy_set_header X-Ldap-BindDN "cn=root,dc=test,dc=local";
+
+    # (Required) Set the Bind password, by replacing 'secret'.
+    proxy_set_header X-Ldap-BindPass "secret";
+
+    # (Required) The following directives set the cookie name and pass
+    # it, respectively. They are required for cookie-based
+    # authentication. Comment them out if using HTTP basic
+    # authentication.
+    proxy_set_header X-CookieName "nginxauth";
+    proxy_set_header Cookie nginxauth=$cookie_nginxauth;
+
+    # (Required if using Microsoft Active Directory as the LDAP server)
+    # Set the LDAP template by uncommenting the following directive.
+    #proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)";
+
+    # (Optional if using OpenLDAP as the LDAP server) Set the LDAP
+    # template by uncommenting the following directive and replacing
+    # '(cn=%(username)s)' which is the default set in
+    # nginx-ldap-auth-daemon.py.
+    #proxy_set_header X-Ldap-Template "(cn=%(username)s)";
+    # (Optional) Set the realm name, by uncommenting the following
+    # directive and replacing 'Restricted' which is the default set
+    # in nginx-ldap-auth-daemon.py.
+    #proxy_set_header X-Ldap-Realm    "Restricted";
+}
diff --git a/njallavps/swag/nginx/ldap.conf b/njallavps/swag/nginx/ldap.conf
new file mode 100644
index 0000000..90120c7
--- /dev/null
+++ b/njallavps/swag/nginx/ldap.conf
@@ -0,0 +1,92 @@
+## Version 2020/06/02 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ldap.conf
+## this conf is meant to be used in conjunction with our ldap-auth image: https://github.com/linuxserver/docker-ldap-auth
+## see the heimdall example in the default site config for info on enabling ldap auth
+## for further instructions on this conf, see https://github.com/nginxinc/nginx-ldap-auth
+
+    location /ldaplogin {
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_auth_app ldap-auth;
+        set $upstream_auth_port 9000;
+        set $upstream_auth_proto http;
+        proxy_pass $upstream_auth_proto://$upstream_auth_app:$upstream_auth_port;
+        proxy_set_header X-Target $request_uri;
+    }
+
+    location = /auth {
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_auth_app ldap-auth;
+        set $upstream_auth_port 8888;
+        set $upstream_auth_proto http;
+        proxy_pass $upstream_auth_proto://$upstream_auth_app:$upstream_auth_port;
+
+        proxy_pass_request_body off;
+        proxy_set_header Content-Length "";
+
+        #Before enabling the below caching options, make sure you have the line "proxy_cache_path cache/ keys_zone=auth_cache:10m;" at the bottom your default site config
+        #proxy_cache auth_cache;
+        #proxy_cache_valid 200 10m;
+        #proxy_cache_key "$http_authorization$cookie_nginxauth";
+
+        # As implemented in nginx-ldap-auth-daemon.py, the ldap-auth daemon
+        # communicates with a LDAP server, passing in the following
+        # parameters to specify which user account to authenticate. To
+        # eliminate the need to modify the Python code, this file contains
+        # 'proxy_set_header' directives that set the values of the
+        # parameters. Set or change them as instructed in the comments.
+        #
+        #    Parameter      Proxy header
+        #    -----------    ----------------
+        #    url            X-Ldap-URL
+        #    starttls       X-Ldap-Starttls
+        #    basedn         X-Ldap-BaseDN
+        #    binddn         X-Ldap-BindDN
+        #    bindpasswd     X-Ldap-BindPass
+        #    cookiename     X-CookieName
+        #    realm          X-Ldap-Realm
+        #    template       X-Ldap-Template
+
+        # (Required) Set the URL and port for connecting to the LDAP server,
+        # by replacing 'example.com'.
+        # Do not mix ldaps-style URL and X-Ldap-Starttls as it will not work.
+        proxy_set_header X-Ldap-URL      "ldap://example.com";
+
+        # (Optional) Establish a TLS-enabled LDAP session after binding to the
+        # LDAP server.
+        # This is the 'proper' way to establish encrypted TLS connections, see
+        # http://www.openldap.org/faq/data/cache/185.html
+        #proxy_set_header X-Ldap-Starttls "true";
+
+        # (Required) Set the Base DN, by replacing the value enclosed in
+        # double quotes.
+        proxy_set_header X-Ldap-BaseDN   "cn=Users,dc=test,dc=local";
+
+        # (Required) Set the Bind DN, by replacing the value enclosed in
+        # double quotes.
+        # If AD, use "root@test.local"
+        proxy_set_header X-Ldap-BindDN   "cn=root,dc=test,dc=local";
+
+        # (Required) Set the Bind password, by replacing 'secret'.
+        proxy_set_header X-Ldap-BindPass "secret";
+
+        # (Required) The following directives set the cookie name and pass
+        # it, respectively. They are required for cookie-based
+        # authentication. Comment them out if using HTTP basic
+        # authentication.
+        proxy_set_header X-CookieName "nginxauth";
+        proxy_set_header Cookie nginxauth=$cookie_nginxauth;
+
+        # (Required if using Microsoft Active Directory as the LDAP server)
+        # Set the LDAP template by uncommenting the following directive.
+        #proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)";
+
+        # (Optional if using OpenLDAP as the LDAP server) Set the LDAP
+        # template by uncommenting the following directive and replacing
+        # '(cn=%(username)s)' which is the default set in
+        # nginx-ldap-auth-daemon.py.
+        #proxy_set_header X-Ldap-Template "(cn=%(username)s)";
+
+        # (Optional) Set the realm name, by uncommenting the following
+        # directive and replacing 'Restricted' which is the default set
+        # in nginx-ldap-auth-daemon.py.
+        #proxy_set_header X-Ldap-Realm    "Restricted";
+    }
diff --git a/njallavps/swag/nginx/nginx.conf b/njallavps/swag/nginx/nginx.conf
new file mode 100644
index 0000000..030557d
--- /dev/null
+++ b/njallavps/swag/nginx/nginx.conf
@@ -0,0 +1,78 @@
+## Version 2022/08/16 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/nginx.conf.sample
+
+### Based on alpine defaults
+# https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.15-stable
+
+user abc;
+
+# Set number of worker processes automatically based on number of CPU cores.
+include /config/nginx/worker_processes.conf;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Includes files with directives to load dynamic modules.
+include /etc/nginx/modules/*.conf;
+
+# Include files with config snippets into the root context.
+include /etc/nginx/conf.d/*.conf;
+
+events {
+    # The maximum number of simultaneous connections that can be opened by
+    # a worker process.
+    worker_connections 1024;
+}
+
+http {
+    # Includes mapping of file name extensions to MIME types of responses
+    # and defines the default type.
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Name servers used to resolve names of upstream servers into addresses.
+    # It's also needed when using tcpsocket and udpsocket in Lua modules.
+    #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
+    include /config/nginx/resolver.conf;
+
+    # Don't tell nginx version to the clients. Default is 'on'.
+    server_tokens off;
+
+    # Specifies the maximum accepted body size of a client request, as
+    # indicated by the request header Content-Length. If the stated content
+    # length is greater than this size, then the client receives the HTTP
+    # error code 413. Set to 0 to disable. Default is '1m'.
+    client_max_body_size 20m;
+
+    # Sendfile copies data between one FD and other from within the kernel,
+    # which is more efficient than read() + write(). Default is off.
+    sendfile on;
+
+    # Causes nginx to attempt to send its HTTP response head in one packet,
+    # instead of using partial frames. Default is 'off'.
+    tcp_nopush on;
+
+    # all ssl related config moved to ssl.conf
+    include /config/nginx/ssl.conf;
+
+    # Enable gzipping of responses.
+    #gzip on;
+
+    # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
+    gzip_vary on;
+
+    # Helper variable for proxying websockets.
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        '' close;
+    }
+
+    # Disables logs
+    access_log off;
+
+    # Includes virtual hosts configs.
+    include /etc/nginx/http.d/*.conf;
+    include /config/nginx/site-confs/*.conf;
+}
+
+daemon off;
+pid /run/nginx.pid;
diff --git a/njallavps/swag/nginx/nginx.conf.sample b/njallavps/swag/nginx/nginx.conf.sample
new file mode 100644
index 0000000..561260b
--- /dev/null
+++ b/njallavps/swag/nginx/nginx.conf.sample
@@ -0,0 +1,81 @@
+## Version 2022/08/16 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/nginx.conf.sample
+
+### Based on alpine defaults
+# https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.15-stable
+
+user abc;
+
+# Set number of worker processes automatically based on number of CPU cores.
+include /config/nginx/worker_processes.conf;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Configures default error logger.
+error_log /config/log/nginx/error.log;
+
+# Includes files with directives to load dynamic modules.
+include /etc/nginx/modules/*.conf;
+
+# Include files with config snippets into the root context.
+include /etc/nginx/conf.d/*.conf;
+
+events {
+    # The maximum number of simultaneous connections that can be opened by
+    # a worker process.
+    worker_connections 1024;
+}
+
+http {
+    # Includes mapping of file name extensions to MIME types of responses
+    # and defines the default type.
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Name servers used to resolve names of upstream servers into addresses.
+    # It's also needed when using tcpsocket and udpsocket in Lua modules.
+    #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
+    include /config/nginx/resolver.conf;
+
+    # Don't tell nginx version to the clients. Default is 'on'.
+    server_tokens off;
+
+    # Specifies the maximum accepted body size of a client request, as
+    # indicated by the request header Content-Length. If the stated content
+    # length is greater than this size, then the client receives the HTTP
+    # error code 413. Set to 0 to disable. Default is '1m'.
+    client_max_body_size 0;
+
+    # Sendfile copies data between one FD and other from within the kernel,
+    # which is more efficient than read() + write(). Default is off.
+    sendfile on;
+
+    # Causes nginx to attempt to send its HTTP response head in one packet,
+    # instead of using partial frames. Default is 'off'.
+    tcp_nopush on;
+
+    # all ssl related config moved to ssl.conf
+    include /config/nginx/ssl.conf;
+
+    # Enable gzipping of responses.
+    #gzip on;
+
+    # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
+    gzip_vary on;
+
+    # Helper variable for proxying websockets.
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        '' close;
+    }
+
+    # Sets the path, format, and configuration for a buffered log write.
+    access_log /config/log/nginx/access.log;
+
+    # Includes virtual hosts configs.
+    include /etc/nginx/http.d/*.conf;
+    include /config/nginx/site-confs/*.conf;
+}
+
+daemon off;
+pid /run/nginx.pid;
diff --git a/njallavps/swag/nginx/proxy-confs/.editorconfig b/njallavps/swag/nginx/proxy-confs/.editorconfig
new file mode 100644
index 0000000..9d5c05a
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/.editorconfig
@@ -0,0 +1,13 @@
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+# trim_trailing_whitespace may cause unintended issues and should not be globally set true
+trim_trailing_whitespace = false
+
+[{*.conf,*.conf.sample}]
+indent_style = space
+indent_size = 4
diff --git a/njallavps/swag/nginx/proxy-confs/README.md b/njallavps/swag/nginx/proxy-confs/README.md
new file mode 100644
index 0000000..2ba74b2
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/README.md
@@ -0,0 +1,50 @@
+![](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_small.png)
+
+# How to use these Reverse Proxy Configs
+
+This folder contains sample reverse proxy configs for various docker images linuxserver provides and other commonly used applications. 
+
+NOTE: We avoid providing samples that publicly expose server management software (ex: syno, qnap, unraid, proxmox, esxi, etc). Pull requests to add samples for this category of applications will not be accepted.
+
+They are grouped in two:
+
+1. `subfolder` these will allow accessing services at https://yourdomain.com/servicename
+2. `subdomain` these will allow accessing services at https://servicename.yourdomain.com
+
+## To enable the reverse proxy configs:
+
+### Configure your default site config
+
+Make sure that your default site config contains the following lines in the appropriate spots as seen in the default version:
+
+1) For subfolder methods: `include /config/nginx/proxy-confs/*.subfolder.conf;`
+2) For subdomain methods: `include /config/nginx/proxy-confs/*.subdomain.conf;`
+
+### Ensure you have a custom docker network
+
+These confs assume that the swag container can reach other containers via their dns hostnames (defaults to container name) resolved via docker's internal dns. This is achieved through having the containers attached to the same user defined docker bridge network. 
+
+- If you are using docker-compose and the containers are managed through the same yaml file, docker-compose will automatically create a custom network and attach all containers to it. Nothing extra is required.
+
+- If you are starting the containers via command line, first create a bridge network with the command `docker network create [networkname]` Then define that network in the container run/create command via `--network [networkname]`.
+
+- If you are using a gui manager like portainer, you can create a custom bridge network in the gui, and select it when creating a new container.
+
+- If you are using unraid, create a custom network in command line via `docker network create [networkname]`, then go to docker service settings (under advanced) and set the option `Preserve user defined networks:` to `Yes`. Then in each container setting, including the swag container, in the network type dropdown, select `Custom : [networkname]`.  This is a necessary step as the bridge network that unraid uses by default does not allow container to container communication.
+
+If the reverse proxied containers are not reachable via dns or they are running on a different machine, you will have to modify these confs to fit your needs.
+
+### Rename the required proxy configs
+
+1) Rename the conf files and remove the `.sample` at the end (ie. `sonarr.subfolder.conf`)
+2) Restart the swag container
+
+### Make any necessary changes detailed in the config
+
+Some applications require you to make changes to the service containers such as adding base urls in their settings. Each conf file lists the required changes on the first line.
+
+If you are reverse proxying linuxserver containers installed on the same host with the recommended options, you shouldn't need to edit these conf files.
+
+## To disable the configs:
+
+Simply delete the confs and restart swag.
diff --git a/njallavps/swag/nginx/proxy-confs/_template.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/_template.subdomain.conf.sample
new file mode 100644
index 0000000..0046268
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/_template.subdomain.conf.sample
@@ -0,0 +1,56 @@
+## Version 2022/09/08
+# REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template.
+# REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done.
+# REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings.
+# make sure that your dns has a cname set for <container_name> and that your <container_name> container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name <container_name>.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app <container_name>;
+        set $upstream_port <port_number>;
+        set $upstream_proto <http or https>;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
+    }
+
+    # REMOVE THIS LINE BEFORE SUBMITTING: Some proxies require one or more additional location blocks for things like API or RPC endpoints.
+    # REMOVE THIS LINE BEFORE SUBMITTING: If the proxy you are making a sample for does not require an additional location block please remove the commented out section below.
+    # location ~ (/<container_name>)?/api {
+    #     include /config/nginx/proxy.conf;
+    #     include /config/nginx/resolver.conf;
+    #     set $upstream_app <container_name>;
+    #     set $upstream_port <port_number>;
+    #     set $upstream_proto <http or https>;
+    #     proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    #
+    #     # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
+    # }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/_template.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/_template.subfolder.conf.sample
new file mode 100644
index 0000000..46be8cc
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/_template.subfolder.conf.sample
@@ -0,0 +1,43 @@
+## Version 2022/09/08
+# REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template.
+# REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done.
+# REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings.
+# first go into <container_name> settings, under "General" set the URL Base to /<container_name>/ and restart the <container_name> container
+
+location /<container_name> {
+    return 301 $scheme://$host/<container_name>/;
+}
+
+location ^~ /<container_name>/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app <container_name>;
+    set $upstream_port <port_number>;
+    set $upstream_proto <http or https>;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
+}
+
+# REMOVE THIS LINE BEFORE SUBMITTING: Some proxies require one or more additional location blocks for things like API or RPC endpoints.
+# REMOVE THIS LINE BEFORE SUBMITTING: If the proxy you are making a sample for does not require an additional location block please remove the commented out section below.
+# location ^~ /<container_name>/api {
+#     include /config/nginx/proxy.conf;
+#     include /config/nginx/resolver.conf;
+#     set $upstream_app <container_name>;
+#     set $upstream_port <port_number>;
+#     set $upstream_proto <http or https>;
+#     proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+#
+#     # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
+# }
diff --git a/njallavps/swag/nginx/proxy-confs/adguard.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/adguard.subdomain.conf.sample
new file mode 100644
index 0000000..73ea6f3
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/adguard.subdomain.conf.sample
@@ -0,0 +1,61 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for adguard and that your adguard container is named adguard
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name adguard.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app adguard;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location /control {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app adguard;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location /dns-query {
+        # to properly use this please set `allow_unencrypted_doh: true` and `force_https: false` in adguard
+        # see https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app adguard;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/adminer.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/adminer.subfolder.conf.sample
new file mode 100644
index 0000000..c9b0ee0
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/adminer.subfolder.conf.sample
@@ -0,0 +1,26 @@
+## Version 2022/09/08
+# adminer does not require a base url setting, but the container needs to be named adminer
+
+location /adminer {
+    return 301 $scheme://$host/adminer/;
+}
+
+location ^~ /adminer/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app adminer;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/adminmongo.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/adminmongo.subdomain.conf.sample
new file mode 100644
index 0000000..509a661
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/adminmongo.subdomain.conf.sample
@@ -0,0 +1,38 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for adminmongo and that your adminmongo container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name adminmongo.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app adminmongo;
+        set $upstream_port 1234;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/airsonic.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/airsonic.subdomain.conf.sample
new file mode 100644
index 0000000..197bc7f
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/airsonic.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for airsonic and that your airsonic container is not using a base url
+# add `server.use-forward-headers=true` to `/config/application.properties` to ensure logs contain real source IP
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name airsonic.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app airsonic;
+        set $upstream_port 4040;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/airsonic.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/airsonic.subfolder.conf.sample
new file mode 100644
index 0000000..aa97b18
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/airsonic.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# set the CONTEXT_PATH variable to /airsonic in airsonic container.
+
+location ^~ /airsonic {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app airsonic;
+    set $upstream_port 4040;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/apprise-api.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/apprise-api.subdomain.conf.sample
new file mode 100644
index 0000000..a5fd3a9
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/apprise-api.subdomain.conf.sample
@@ -0,0 +1,41 @@
+## Version 2022/08/16
+# make sure that your dns has a cname set for apprise-api and that your apprise-api container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name apprise-api.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app apprise-api;
+        set $upstream_port 8000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/archisteamfarm.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/archisteamfarm.subdomain.conf.sample
new file mode 100644
index 0000000..7d5d589
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/archisteamfarm.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for archisteamfarm
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name archisteamfarm.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app archisteamfarm;
+        set $upstream_port 1242;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/aria2-with-webui.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/aria2-with-webui.subdomain.conf.sample
new file mode 100644
index 0000000..5223f6b
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/aria2-with-webui.subdomain.conf.sample
@@ -0,0 +1,63 @@
+## Version 2022/09/08
+# Make sure that your dns has a cname set for aria2 and that your aria2-with-webui container is not using a base url
+#
+# The RPC port will need to be changed to 443 in the AriaNg/WebUI-Aria2 settings or by using the AriaNg command api
+# e.g. https://aria2.example.com/#!/settings/rpc/set/https/aria2.example.com/443/jsonrpc
+#      https://aria2.example.com/#!/settings/rpc/set?protocol=https&host=aria2.example.com&port=443&interface=aria2-with-webui/jsonrpc
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name aria2.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app aria2-with-webui;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/aria2-with-webui)?/jsonrpc {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app aria2-with-webui;
+        set $upstream_port 6800;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port/jsonrpc;
+
+    }
+
+    location ~ (/aria2-with-webui)?/rpc {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app aria2-with-webui;
+        set $upstream_port 6800;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port/rpc;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/audiobookshelf.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/audiobookshelf.subdomain.conf.sample
new file mode 100644
index 0000000..1e2c286
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/audiobookshelf.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for audiobookshelf and that your audiobookshelf container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name audiobookshelf.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app audiobookshelf;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/audiobookshelf.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/audiobookshelf.subfolder.conf.sample
new file mode 100644
index 0000000..94d1a5d
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/audiobookshelf.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# set the CONTEXT_PATH variable to /audiobookshelf in audiobookshelf container.
+
+location ^~ /audiobookshelf {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app audiobookshelf;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/authelia.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/authelia.subdomain.conf.sample
new file mode 100644
index 0000000..004920b
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/authelia.subdomain.conf.sample
@@ -0,0 +1,28 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for authelia
+# the default authelia-server and authelia-location confs included with letsencrypt rely on
+# subfolder proxy at "/authelia" and enabling of this proxy conf is not necessary.
+# But if you'd like to use authelia via subdomain, you can enable this proxy and set up your own
+# authelia-server and authelia-location confs as described in authelia docs.
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name authelia.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app authelia;
+        set $upstream_port 9091;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/babybuddy.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/babybuddy.subdomain.conf.sample
new file mode 100644
index 0000000..1e0c21e
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/babybuddy.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for babybuddy
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name babybuddy.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app babybuddy;
+        set $upstream_port 8000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/bazarr.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/bazarr.subdomain.conf.sample
new file mode 100644
index 0000000..61dc9c7
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/bazarr.subdomain.conf.sample
@@ -0,0 +1,49 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for bazarr and that your bazarr container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name bazarr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app bazarr;
+        set $upstream_port 6767;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/bazarr)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app bazarr;
+        set $upstream_port 6767;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/bazarr.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/bazarr.subfolder.conf.sample
new file mode 100644
index 0000000..3b65447
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/bazarr.subfolder.conf.sample
@@ -0,0 +1,36 @@
+## Version 2022/09/08
+# first go into bazarr settings, under "General" set the URL Base to /bazarr/ and restart the bazarr container
+
+location /bazarr {
+    return 301 $scheme://$host/bazarr/;
+}
+
+location ^~ /bazarr/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app bazarr;
+    set $upstream_port 6767;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /bazarr/api {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app bazarr;
+    set $upstream_port 6767;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/beets.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/beets.subdomain.conf.sample
new file mode 100644
index 0000000..80f953b
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/beets.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/08
+#First edit beets.yml and enable the reverse proxy settings, under "web" add "reverse_proxy: true" and restart the beets container.
+#Make sure that your dns has a cname set for beets and that your beets container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name beets.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        #enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app beets;
+        set $upstream_port 8337;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/beets.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/beets.subfolder.conf.sample
new file mode 100644
index 0000000..fa47d93
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/beets.subfolder.conf.sample
@@ -0,0 +1,24 @@
+## Version 2022/09/08
+#first edit beets.yml and enable the reverse proxy settings, under "web" add "reverse_proxy: true" and restart the beets container
+
+location /beets {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app beets;
+    set $upstream_port 8337;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    proxy_set_header X-Scheme $scheme;
+    proxy_set_header X-Script-Name /beets;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/bitwarden.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/bitwarden.subdomain.conf.sample
new file mode 100644
index 0000000..2499f59
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/bitwarden.subdomain.conf.sample
@@ -0,0 +1,81 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for bitwarden and that your bitwarden container is not using a base url
+# make sure your bitwarden container is named "bitwarden"
+# set the environment variable WEBSOCKET_ENABLED=true on your bitwarden container
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name bitwarden.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 128M;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app bitwarden;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/bitwarden)?/admin {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app bitwarden;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/bitwarden)?/notifications/hub {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app bitwarden;
+        set $upstream_port 3012;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/bitwarden)?/notifications/hub/negotiate {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app bitwarden;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/bitwarden.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/bitwarden.subfolder.conf.sample
new file mode 100644
index 0000000..4817457
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/bitwarden.subfolder.conf.sample
@@ -0,0 +1,67 @@
+## Version 2022/09/08
+## Environmental Variable DOMAIN=https://<DOMAIN>/bitwarden must be set in bitwarden container including subfolder.
+## This is using ports 80 and 3012
+location /bitwarden {
+    return 301 $scheme://$host/bitwarden/;
+}
+
+location ^~ /bitwarden/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app bitwarden;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ~ (/bitwarden)?/admin {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app bitwarden;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ~ (/bitwarden)?/notifications/hub {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app bitwarden;
+    set $upstream_port 3012;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ~ (/bitwarden)?/notifications/hub/negotiate {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app bitwarden;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
diff --git a/njallavps/swag/nginx/proxy-confs/boinc.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/boinc.subdomain.conf.sample
new file mode 100644
index 0000000..b97d195
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/boinc.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for boinc
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name boinc.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app boinc;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_buffering off;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/boinc.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/boinc.subfolder.conf.sample
new file mode 100644
index 0000000..42d2be9
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/boinc.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# In boinc docker arguments, set an env variable for SUBFOLDER=/boinc/
+
+location /boinc {
+    return 301 $scheme://$host/boinc/;
+}
+
+location ^~ /boinc/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app boinc;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    proxy_buffering off;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/booksonic.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/booksonic.subdomain.conf.sample
new file mode 100644
index 0000000..11508e6
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/booksonic.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for booksonic and that your booksonic container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name booksonic.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app booksonic;
+        set $upstream_port 4040;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/booksonic.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/booksonic.subfolder.conf.sample
new file mode 100644
index 0000000..156d6b8
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/booksonic.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# set the CONTEXT_PATH variable to /booksonic in booksonic container.
+
+location ^~ /booksonic {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app booksonic;
+    set $upstream_port 4040;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/bookstack.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/bookstack.subdomain.conf.sample
new file mode 100644
index 0000000..e61cea5
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/bookstack.subdomain.conf.sample
@@ -0,0 +1,41 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for bookstack and that your bookstack container is named bookstack
+# Ensure you have the APP_URL Environment Variable set correctly in your Docker Run/Compose or in BookStack Env File (/www/.env)
+# https://github.com/linuxserver/docker-bookstack#docker
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name bookstack.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        #enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app bookstack;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/budge.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/budge.subdomain.conf.sample
new file mode 100644
index 0000000..ba8f55b
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/budge.subdomain.conf.sample
@@ -0,0 +1,41 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for budge and that your budge container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name budge.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app budge;
+        set $upstream_port 443;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/calibre-web.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/calibre-web.subdomain.conf.sample
new file mode 100644
index 0000000..bc7349d
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/calibre-web.subdomain.conf.sample
@@ -0,0 +1,57 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for calibre-web
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name calibre-web.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+        # To use Authelia to log in to Calibre-Web, make sure "Reverse Proxy Login" is
+        # enabled, "Reverse Proxy Header Name" is set to Remote-User, and each Authelia
+        # user also has a corresponding user manually created in Calibre-Web.
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app calibre-web;
+        set $upstream_port 8083;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_set_header X-Scheme $scheme;
+    }
+
+	# OPDS feed for eBook reader apps
+	# Even if you use Authelia, the OPDS feed requires a password to be set for
+	# the user directly in Calibre-Web, as eBook reader apps don't support
+	# form-based logins, only HTTP Basic auth.
+    location /opds/ {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app calibre-web;
+        set $upstream_port 8083;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+        proxy_set_header X-Scheme $scheme;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/calibre-web.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/calibre-web.subfolder.conf.sample
new file mode 100644
index 0000000..4e58abe
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/calibre-web.subfolder.conf.sample
@@ -0,0 +1,46 @@
+## Version 2022/09/08
+# calibre-web does not require a base url setting
+
+location /calibre-web {
+    return 301 $scheme://$host/calibre-web/;
+}
+
+location ^~ /calibre-web/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+    # To use Authelia to log in to Calibre-Web, make sure "Reverse Proxy Login" is
+    # enabled, "Reverse Proxy Header Name" is set to Remote-User, and each Authelia
+    # user also has a corresponding user manually created in Calibre-Web.
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app calibre-web;
+    set $upstream_port 8083;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    proxy_set_header X-Scheme $scheme;
+    proxy_set_header X-Script-Name /calibre-web;
+}
+
+# OPDS feed for eBook reader apps
+# Even if you use Authelia, the OPDS feed requires a password to be set for
+# the user directly in Calibre-Web, as eBook reader apps don't support
+# form-based logins, only HTTP Basic auth.
+location ^~ /calibre-web/opds/ {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app calibre-web;
+    set $upstream_port 8083;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    proxy_set_header X-Scheme $scheme;
+    proxy_set_header X-Script-Name /calibre-web;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/calibre.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/calibre.subdomain.conf.sample
new file mode 100644
index 0000000..6631479
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/calibre.subdomain.conf.sample
@@ -0,0 +1,66 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for calibre
+# for the content server, go into calibre preferences / sharing over the net / advanced and
+# set the first option for prefix url to '/content-server', save and restart the container
+# the content server will be accessible at 'https://calibre.domain.com/content-server/'
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name calibre.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app calibre;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_buffering off;
+    }
+
+    location /content-server {
+        return 301 $scheme://$host/content-server/;
+    }
+
+    location ^~ /content-server/ {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app calibre;
+        set $upstream_port 8081;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/calibre.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/calibre.subfolder.conf.sample
new file mode 100644
index 0000000..3158274
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/calibre.subfolder.conf.sample
@@ -0,0 +1,53 @@
+## Version 2022/09/08
+# In calibre docker arguments, set an env variable for SUBFOLDER=/calibre/
+# for the content server, go into calibre preferences / sharing over the net / advanced and
+# set the first option for prefix url to '/content-server', save and restart the container
+# the content server will be accessible at 'https://domain.com/content-server/'
+
+location /calibre {
+    return 301 $scheme://$host/calibre/;
+}
+
+location ^~ /calibre/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app calibre;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location /content-server {
+    return 301 $scheme://$host/content-server/;
+}
+
+location ^~ /content-server/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app calibre;
+    set $upstream_port 8081;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/castopod.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/castopod.subdomain.conf.sample
new file mode 100644
index 0000000..f2a06ee
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/castopod.subdomain.conf.sample
@@ -0,0 +1,38 @@
+## Version 2022/10/06
+# make sure that your dns has a cname set for castopod and that your castopod container is not using a base url
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name castopod.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+    
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app castopod;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}    
diff --git a/njallavps/swag/nginx/proxy-confs/changedetection.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/changedetection.subdomain.conf.sample
new file mode 100644
index 0000000..9058f88
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/changedetection.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for changedetection and that your changedetection container is named changedetection
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name changedetection.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app changedetection;
+        set $upstream_port 5000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/chevereto.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/chevereto.subdomain.conf.sample
new file mode 100644
index 0000000..c162bc2
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/chevereto.subdomain.conf.sample
@@ -0,0 +1,38 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for chevereto and that your chevereto container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name chevereto.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app chevereto;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/chronograf.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/chronograf.subdomain.conf.sample
new file mode 100644
index 0000000..1d3e1c3
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/chronograf.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# Make sure that your dns has a cname set for chronograf and that your chronograf container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name chronograf.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app chronograf;
+        set $upstream_port 8888;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/chronograf.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/chronograf.subfolder.conf.sample
new file mode 100644
index 0000000..63f57b2
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/chronograf.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# add BASE_PATH=/chronograf environment variable to your docker compose/run
+
+location /chronograf {
+    return 301 $scheme://$host/chronograf/;
+}
+
+location ^~ /chronograf/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app chronograf;
+    set $upstream_port 8888;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    #rewrite /chronograf(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/cloudbeaver.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/cloudbeaver.subdomain.conf.sample
new file mode 100644
index 0000000..89e8601
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/cloudbeaver.subdomain.conf.sample
@@ -0,0 +1,42 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for cloudbeaver and that your cloudbeaver container is not using a base url
+# tested using dbeaver/cloudbeaver
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name cloudbeaver.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 75M;
+    proxy_redirect off;
+    proxy_buffering off;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app cloudbeaver;
+        set $upstream_port 8978;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/code-server.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/code-server.subdomain.conf.sample
new file mode 100644
index 0000000..93a75c1
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/code-server.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for code-server
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name code-server.* "~^[0-9]{1,10}\.code-server\..*$";
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app code-server;
+        set $upstream_port 8443;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/codimd.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/codimd.subdomain.conf.sample
new file mode 100644
index 0000000..94c2e96
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/codimd.subdomain.conf.sample
@@ -0,0 +1,41 @@
+## Version 2022/09/08
+# make sure you have added the following environmental variables to your run command/compose file
+# CMD_DOMAIN=codimd.server.com
+# CMD_PROTOCOL_USESSL=true
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name codimd.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app codimd;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/collabora.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/collabora.subdomain.conf.sample
new file mode 100644
index 0000000..3d830d3
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/collabora.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for collabora and that your collabora container is named collabora
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name collabora.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app collabora;
+        set $upstream_port 9980;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/commento.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/commento.subdomain.conf.sample
new file mode 100644
index 0000000..4521142
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/commento.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for commento and that your commento config is not using a subdirectory.
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name commento.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        #enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app commento;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/couchpotato.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/couchpotato.subdomain.conf.sample
new file mode 100644
index 0000000..4ab200f
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/couchpotato.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for couchpotato and that your couchpotato container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name couchpotato.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app couchpotato;
+        set $upstream_port 5050;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/couchpotato.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/couchpotato.subfolder.conf.sample
new file mode 100644
index 0000000..62bb85f
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/couchpotato.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# first go into couchpotato settings, under "General" set the URL Base to /couchpotato and restart the couchpotato container
+
+location ^~ /couchpotato {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app couchpotato;
+    set $upstream_port 5050;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/crontabui.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/crontabui.subfolder.conf.sample
new file mode 100644
index 0000000..ba22371
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/crontabui.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# crontabui does not require a base url setting
+
+location /crontabui {
+    return 301 $scheme://$host/crontabui/;
+}
+
+location ^~ /crontabui/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app crontabui;
+    set $upstream_port 8000;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /crontabui(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/crowdsec-dashboard.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/crowdsec-dashboard.subdomain.conf.sample
new file mode 100644
index 0000000..3cc84f1
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/crowdsec-dashboard.subdomain.conf.sample
@@ -0,0 +1,43 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for crowdsec-dashboard and that your crowdsec-dashboard container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name crowdsec-dashboard.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app crowdsec-dashboard;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        # Uncomment these if you want to lower security, and
+        # allow running in an iFrame (i.e. Organizr)
+        #proxy_hide_header Content-Security-Policy;
+        #proxy_hide_header X-Frame-Options;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/crowdsec.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/crowdsec.subdomain.conf.sample
new file mode 100644
index 0000000..8dbb7a3
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/crowdsec.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/08/26
+# make sure that your dns has a cname set for crowdsec and that your crowdsec container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name crowdsec.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app crowdsec;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+        
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/dashy.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/dashy.subdomain.conf.sample
new file mode 100644
index 0000000..a4ffad8
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/dashy.subdomain.conf.sample
@@ -0,0 +1,38 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for dashy and that your dashy container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name dashy.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app dashy;
+        set $upstream_port 4000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/deluge.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/deluge.subdomain.conf.sample
new file mode 100644
index 0000000..6491d14
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/deluge.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for deluge and that your deluge container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name deluge.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app deluge;
+        set $upstream_port 8112;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/deluge.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/deluge.subfolder.conf.sample
new file mode 100644
index 0000000..9ed5e2e
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/deluge.subfolder.conf.sample
@@ -0,0 +1,28 @@
+## Version 2022/09/08
+# deluge does not require a base url setting
+
+location /deluge {
+    return 301 $scheme://$host/deluge/;
+}
+
+location ^~ /deluge/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app deluge;
+    set $upstream_port 8112;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /deluge(.*) $1 break;
+    proxy_set_header X-Deluge-Base "/deluge/";
+}
diff --git a/njallavps/swag/nginx/proxy-confs/dillinger.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/dillinger.subdomain.conf.sample
new file mode 100644
index 0000000..ce04a81
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/dillinger.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for dillinger
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name dillinger.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app dillinger;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/documentserver.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/documentserver.subdomain.conf.sample
new file mode 100644
index 0000000..ac81a8e
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/documentserver.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/08
+# Make sure that your dns has a cname set for onlyoffice named "documentserver"
+# Make sure that the onlyoffice documentserver container is named "documentserver"
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name documentserver.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        #enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app documentserver;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/dokuwiki.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/dokuwiki.subdomain.conf.sample
new file mode 100644
index 0000000..3a0995b
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/dokuwiki.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/08
+# First complete the setup by appending install.php to URL.
+# Make sure that your dns has a cname set for dokuwiki
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name dokuwiki.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        #enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app dokuwiki;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/dokuwiki.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/dokuwiki.subfolder.conf.sample
new file mode 100644
index 0000000..e8cc6a3
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/dokuwiki.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# first go into dokuwiki settings (Admin on the top left when Logged in), under "Configuration Settings" set the "basedir" to /dokuwiki/ and restart the dokuwiki container
+
+location /dokuwiki {
+    return 301 $scheme://$host/dokuwiki/;
+}
+
+location ^~ /dokuwiki/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app dokuwiki;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /dokuwiki(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/domoticz.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/domoticz.subdomain.conf.sample
new file mode 100644
index 0000000..e37ff1f
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/domoticz.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# Make sure that your dns has a cname set for domoticz and that your domoticz container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name domoticz.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app domoticz;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/domoticz.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/domoticz.subfolder.conf.sample
new file mode 100644
index 0000000..81f1ee6
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/domoticz.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# set the WEBROOT variable to domoticz for the domoticz container.
+
+location ^~ /domoticz/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app domoticz;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/dozzle.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/dozzle.subdomain.conf.sample
new file mode 100644
index 0000000..575e825
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/dozzle.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for dozzle and that your dozzle container is named dozzle
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name dozzle.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app dozzle;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/dozzle.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/dozzle.subfolder.conf.sample
new file mode 100644
index 0000000..2449c25
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/dozzle.subfolder.conf.sample
@@ -0,0 +1,29 @@
+## Version 2022/09/08
+# First either add "--base /dozzle" or "-e DOZZLE_BASE=/dozzle" to your docker run command, and restart the Dozzle container
+
+location /dozzle {
+    return 301 $scheme://$host/dozzle/;
+}
+
+location ^~ /dozzle/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app dozzle;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    chunked_transfer_encoding off;
+    proxy_buffering off;
+    proxy_cache off;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/drone.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/drone.subdomain.conf.sample
new file mode 100644
index 0000000..e057267
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/drone.subdomain.conf.sample
@@ -0,0 +1,36 @@
+## Version 2022/09/08
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name drone.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app drone;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/duplicati.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/duplicati.subdomain.conf.sample
new file mode 100644
index 0000000..8af8a78
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/duplicati.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for duplicati and that your duplicati container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name duplicati.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app duplicati;
+        set $upstream_port 8200;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/duplicati.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/duplicati.subfolder.conf.sample
new file mode 100644
index 0000000..77b592e
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/duplicati.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# duplicati does not require a base url setting. DUPLICATI AUTH WILL NOT WORK WITH THIS CONFIG, use the auth options below
+
+location /duplicati {
+    return 301 $scheme://$host/duplicati/;
+}
+
+location ^~ /duplicati/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app duplicati;
+    set $upstream_port 8200;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /duplicati(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/element.anonymousland.org.conf b/njallavps/swag/nginx/proxy-confs/element.anonymousland.org.conf
new file mode 100644
index 0000000..f5ed158
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/element.anonymousland.org.conf
@@ -0,0 +1,30 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for element
+# if element is running in bridge mode and the container is named "element", the below config should work as is
+# if not, replace the line "set $upstream_app element;" with "set $upstream_app <containername>;"
+# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of element
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name element.anonymousland.org;
+
+    include /config/nginx/ssl.conf;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app element;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_set_header Range $http_range;
+        proxy_set_header If-Range $http_if_range;
+    }
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/emby.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/emby.subdomain.conf.sample
new file mode 100644
index 0000000..936d102
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/emby.subdomain.conf.sample
@@ -0,0 +1,30 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for emby and that your emby container is not using a base url
+# if emby is running in bridge mode and the container is named "emby", the below config should work as is
+# if not, replace the line "set $upstream_app emby;" with "set $upstream_app <containername>;"
+# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of emby
+# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url,
+# and set the "Secure connection mode" to "Handled by reverse proxy"
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name emby.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app emby;
+        set $upstream_port 8096;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_set_header Range $http_range;
+        proxy_set_header If-Range $http_if_range;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/emby.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/emby.subfolder.conf.sample
new file mode 100644
index 0000000..0fcc693
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/emby.subfolder.conf.sample
@@ -0,0 +1,33 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for emby
+# if emby is running in bridge mode and the container is named "emby", the below config should work as is
+# if not, replace the line "set $upstream_app emby;" with "set $upstream_app <containername>;"
+# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of emby
+# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url and subdomain,
+# and set the "Secure connection mode" to "Handled by reverse proxy"
+
+location /emby {
+    return 301 $scheme://$host/emby/;
+}
+
+location ^~ /emby/ {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app emby;
+    set $upstream_port 8096;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range;
+}
+
+location ^~ /embywebsocket {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app emby;
+    set $upstream_port 8096;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/embystat.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/embystat.subdomain.conf.sample
new file mode 100644
index 0000000..7b78a99
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/embystat.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for embystat
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name embystat.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app embystat;
+        set $upstream_port 6555;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/emulatorjs.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/emulatorjs.subdomain.conf.sample
new file mode 100644
index 0000000..32b3824
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/emulatorjs.subdomain.conf.sample
@@ -0,0 +1,64 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for emulatorjs
+# In emulatorjs docker arguments, set an env variable for SUBFOLDER=/backend/
+# The backend interface will be accessible at https://emulatorjs.yourdomain.com/backend/
+# Don't forget to enable auth at least for the /backend/ location
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name emulatorjs.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app emulatorjs;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+    location /backend {
+        return 301 $scheme://$host/backend/;
+    }
+
+    location ^~ /backend/ {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app emulatorjs;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/filebot.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/filebot.subdomain.conf.sample
new file mode 100644
index 0000000..f8c0d08
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/filebot.subdomain.conf.sample
@@ -0,0 +1,47 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for filebot and that your filebot container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name filebot.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app filebot;
+        set $upstream_port 5800;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+    location ~ (/filebot)?/websockify {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app filebot;
+        set $upstream_port 5800;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port/websockify/;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/filebot.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/filebot.subfolder.conf.sample
new file mode 100644
index 0000000..aaa204d
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/filebot.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# filebot does not require a base url setting
+
+location /filebot {
+    return 301 $scheme://$host/filebot/;
+}
+
+location ^~ /filebot/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app filebot;
+    set $upstream_port 5800;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /filebot(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/filebrowser.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/filebrowser.subdomain.conf.sample
new file mode 100644
index 0000000..81c6dbe
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/filebrowser.subdomain.conf.sample
@@ -0,0 +1,65 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for filebrowser and that your filebrowser container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name filebrowser.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app filebrowser;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+    location ~ (/filebrowser)?/api/public {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app filebrowser;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+    location ~ (/filebrowser)?/share {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app filebrowser;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+    location ~ (/filebrowser)?/static {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app filebrowser;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/filebrowser.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/filebrowser.subfolder.conf.sample
new file mode 100644
index 0000000..8301821
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/filebrowser.subfolder.conf.sample
@@ -0,0 +1,56 @@
+## Version 2022/12/25
+# set this environment variable on your filebrowser container FB_BASEURL=/filebrowser
+
+location /filebrowser {
+    return 301 $scheme://$host/filebrowser/;
+}
+
+location ^~ /filebrowser/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app filebrowser;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /filebrowser/api/public {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app filebrowser;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /filebrowser/share {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app filebrowser;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /filebrowser/static {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app filebrowser;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/firefly.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/firefly.subdomain.conf.sample
new file mode 100644
index 0000000..f06b2f5
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/firefly.subdomain.conf.sample
@@ -0,0 +1,38 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for firefly and that your firefly container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name firefly.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app firefly;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/firefox.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/firefox.subdomain.conf.sample
new file mode 100644
index 0000000..3a9401e
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/firefox.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for firefox and that your firefox container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name firefox.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app firefox;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/flexget.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/flexget.subdomain.conf.sample
new file mode 100644
index 0000000..9c7b787
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/flexget.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for flexget
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name flexget.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app flexget;
+        set $upstream_port 5050;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/flexget.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/flexget.subfolder.conf.sample
new file mode 100644
index 0000000..87ff4a0
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/flexget.subfolder.conf.sample
@@ -0,0 +1,34 @@
+## Version 2022/09/08
+# make sure to set 'base_url: /flexget' under your flexget's config.yml web_server block
+#
+location /flexget {
+    return 301 $scheme://$host/flexget/;
+}
+
+    location ^~ /flexget/ {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app flexget;
+        set $upstream_port 5050;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+    location ^~ /flexget/api/ {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app flexget;
+        set $upstream_port 5050;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
diff --git a/njallavps/swag/nginx/proxy-confs/flood.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/flood.subdomain.conf.sample
new file mode 100644
index 0000000..fd5f52e
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/flood.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for flood and that your flood container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name flood.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app flood;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/flood.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/flood.subfolder.conf.sample
new file mode 100644
index 0000000..ec1415e
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/flood.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# flood does not require a base url setting
+
+location /flood {
+    return 301 $scheme://$host/flood/;
+}
+
+location ^~ /flood/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app flood;
+    set $upstream_port 3000;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /flood(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/foldingathome.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/foldingathome.subdomain.conf.sample
new file mode 100644
index 0000000..aff5b09
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/foldingathome.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for foldingathome
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name foldingathome.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        proxy_buffering off;
+        include /config/nginx/resolver.conf;
+        set $upstream_app foldingathome;
+        set $upstream_port 7396;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/foundryvtt.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/foundryvtt.subdomain.conf.sample
new file mode 100644
index 0000000..af61d2a
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/foundryvtt.subdomain.conf.sample
@@ -0,0 +1,48 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for foundryvtt
+# Ensure that your Foundry VTT's {userData}/Config/options.json file is configured as follows:
+# "hostname": "your.hostname.com",
+# "routePrefix": null,
+# "sslCert": null,
+# "sslKey": null,
+# "port": 30000,
+# "proxyPort": 443,
+# "proxySSL": true
+# Refer to https://foundryvtt.com/article/nginx/ for the latest Foundry configuration information
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name foundryvtt.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 300M;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app foundryvtt;
+        set $upstream_port 30000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/freshrss.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/freshrss.subdomain.conf.sample
new file mode 100644
index 0000000..34a61eb
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/freshrss.subdomain.conf.sample
@@ -0,0 +1,44 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for freshrss
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name freshrss.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app freshrss;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_buffering off;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_cookie_path / "/; HTTPOnly; Secure";
+        proxy_set_header Authorization $http_authorization;
+        proxy_pass_header Authorization;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/freshrss.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/freshrss.subfolder.conf.sample
new file mode 100644
index 0000000..91adef9
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/freshrss.subfolder.conf.sample
@@ -0,0 +1,32 @@
+## Version 2022/09/08
+# freshrss does not have a base url setting
+
+location /freshrss {
+    return 301 $scheme://$host/freshrss/;
+}
+
+location ^~ /freshrss/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app freshrss;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /freshrss(.*) $1 break;
+    proxy_buffering off;
+    proxy_set_header X-Forwarded-Port $server_port;
+    proxy_cookie_path / "/; HTTPOnly; Secure";
+    proxy_set_header Authorization $http_authorization;
+    proxy_pass_header Authorization;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/gaps.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/gaps.subdomain.conf.sample
new file mode 100644
index 0000000..7ef603b
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/gaps.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for gaps and that your gaps container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name gaps.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app gaps;
+        set $upstream_port 8484;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_hide_header X-Frame-Options;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/gaps.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/gaps.subfolder.conf.sample
new file mode 100644
index 0000000..ec81bf9
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/gaps.subfolder.conf.sample
@@ -0,0 +1,28 @@
+## Version 2022/09/08
+# In your Docker compose (or docker run) add: BASE_URL: /gaps
+
+location /gaps {
+    return 301 $scheme://$host/gaps/;
+}
+
+location ^~ /gaps/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app gaps;
+    set $upstream_port 8484;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    # Uncomment to allow loading in an iframe (i.e. Organizr)
+    # proxy_hide_header X-Frame-Options;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/get_iplayer.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/get_iplayer.subdomain.conf.sample
new file mode 100644
index 0000000..d3e698f
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/get_iplayer.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for get_iplayer and that your get_iplayer container is named get_iplayer
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name get_iplayer.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app get_iplayer;
+        set $upstream_port 1935;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/ghost.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/ghost.subdomain.conf.sample
new file mode 100644
index 0000000..4c9c1b7
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/ghost.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for ghost and that your ghost config is not using a subdirectory.
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name ghost.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        #enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ghost;
+        set $upstream_port 2368;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/ghost.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/ghost.subfolder.conf.sample
new file mode 100644
index 0000000..482a590
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/ghost.subfolder.conf.sample
@@ -0,0 +1,23 @@
+## Version 2022/09/08
+# Make sure you are using a subfolder in your ghost config file. https://ghost.org/docs/concepts/config/#url
+# Note: /ghost/ is by default used for the admin page. See https://ghost.org/docs/concepts/config/#admin-url
+
+location /blog {
+    # enable the next two lines for http auth
+    #uth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app ghost;
+    set $upstream_port 2368;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/gitea.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/gitea.subdomain.conf.sample
new file mode 100644
index 0000000..d9d33d4
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/gitea.subdomain.conf.sample
@@ -0,0 +1,43 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for gitea and the following parameters in /data/gitea/conf/app.ini are edited
+# [server]
+# SSH_DOMAIN       = gitea.server.com
+# ROOT_URL         = https://gitea.server.com/
+# DOMAIN           = gitea.server.com
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name gitea.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app gitea;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/gitea.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/gitea.subfolder.conf.sample
new file mode 100644
index 0000000..7f056d4
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/gitea.subfolder.conf.sample
@@ -0,0 +1,21 @@
+## Version 2021/05/18
+# The following parameters in /data/gitea/conf/app.ini should be edited to match your setup
+# [server]
+# SSH_DOMAIN       = example.com:2222
+# ROOT_URL         = https://example.com/gitea/
+# DOMAIN           = example.com
+
+location /gitea {
+    return 301 $scheme://$host/gitea/;
+}
+
+location ^~ /gitea/ {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app gitea;
+    set $upstream_port 3000;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /gitea(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/glances.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/glances.subdomain.conf.sample
new file mode 100644
index 0000000..a6c63a8
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/glances.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for glances and that your glances container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name glances.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app glances;
+        set $upstream_port 61208;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/glances.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/glances.subfolder.conf.sample
new file mode 100644
index 0000000..80a2f9d
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/glances.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# glances does not require a base url setting
+
+location /glances {
+    return 301 $scheme://$host/glances/;
+}
+
+location ^~ /glances/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app glances;
+    set $upstream_port 61208;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /glances(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/gotify.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/gotify.subdomain.conf.sample
new file mode 100644
index 0000000..e391511
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/gotify.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for gotify
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name gotify.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app gotify;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/gotify.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/gotify.subfolder.conf.sample
new file mode 100644
index 0000000..5d8118e
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/gotify.subfolder.conf.sample
@@ -0,0 +1,26 @@
+## Version 2022/09/08
+# gotify doesn't require a base url
+
+location /gotify {
+    return 301 $scheme://$host/gotify/;
+}
+
+location /gotify/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app gotify;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    rewrite ^/gotify(/.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/grafana.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/grafana.subdomain.conf.sample
new file mode 100644
index 0000000..0db34f2
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/grafana.subdomain.conf.sample
@@ -0,0 +1,42 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for grafana and that your grafana container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name grafana.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app grafana;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        # Clear Authorization Header if you are using http auth and normal Grafana auth
+        #proxy_set_header    Authorization       "";
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/grafana.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/grafana.subfolder.conf.sample
new file mode 100644
index 0000000..f283e11
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/grafana.subfolder.conf.sample
@@ -0,0 +1,30 @@
+## Version 2022/09/08
+# grafana requires environment variables set thus:
+#    environment:
+#      - "GF_SERVER_ROOT_URL=https://my.domain.com/grafana"
+#      - "GF_SERVER_DOMAIN=https://my.domain.com/"
+
+location ^~ /grafana/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_grafana grafana;
+    set $upstream_port 3000;
+    set $upstream_proto http;
+    proxy_pass http://$upstream_grafana:$upstream_port ;
+
+    # Clear Authorization Header if you are using http auth and normal Grafana auth
+    #proxy_set_header    Authorization       "";
+
+    rewrite ^/grafana/(.*)$ /$1 break;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/graylog.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/graylog.subdomain.conf.sample
new file mode 100644
index 0000000..309fe48
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/graylog.subdomain.conf.sample
@@ -0,0 +1,42 @@
+## Version 2022/10/05
+# Ensure the upstream_port matches your GRAYLOG_HTTP_BIND_ADDRESS port
+# This conf assumes GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
+# make sure that your dns has a cname set for graylog and that your graylog container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name graylog.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app graylog;
+        set $upstream_port 9000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/grocy.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/grocy.subdomain.conf.sample
new file mode 100644
index 0000000..3464be0
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/grocy.subdomain.conf.sample
@@ -0,0 +1,48 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for grocy
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name grocy.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app grocy;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location /api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app grocy;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/guacamole.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/guacamole.subdomain.conf.sample
new file mode 100644
index 0000000..bb71761
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/guacamole.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for guacamole and that your guacamole container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name guacamole.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app guacamole;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_buffering off;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/guacamole.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/guacamole.subfolder.conf.sample
new file mode 100644
index 0000000..2b139e7
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/guacamole.subfolder.conf.sample
@@ -0,0 +1,28 @@
+## Version 2022/09/08
+# guacamole does not require a base url setting
+
+location /guacamole {
+    return 301 $scheme://$host/guacamole/;
+}
+
+location ^~ /guacamole/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app guacamole;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    proxy_buffering off;
+    rewrite /guacamole(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/hass-configurator.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/hass-configurator.subdomain.conf.sample
new file mode 100644
index 0000000..e0afbad
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/hass-configurator.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for hass configurator
+# this proxy configuration file is for the hass-configurator-docker container that is used
+# in the hassos addon store (https://github.com/CausticLab/hass-configurator-docker)
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name hass-configurator.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app hass-configurator;
+        set $upstream_port 3218;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/headphones.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/headphones.subdomain.conf.sample
new file mode 100644
index 0000000..8ed6405
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/headphones.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for headphones
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name headphones.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app headphones;
+        set $upstream_port 8181;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/headphones.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/headphones.subfolder.conf.sample
new file mode 100644
index 0000000..ab6ecc5
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/headphones.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# first stop the headphones container and edit the config.ini for headphones and set http_root to /headphones and then start the headphones container
+
+location ^~ /headphones {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app headphones;
+    set $upstream_port 8181;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/healthchecks.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/healthchecks.subdomain.conf.sample
new file mode 100644
index 0000000..31e389f
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/healthchecks.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for <container_name> and that your <container_name> container is not using a base url
+# make sure your Healthchecks ALLOWED_HOSTS and SITE_ROOT align with the server_name used in this conf.
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name healthchecks.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app healthchecks;
+        set $upstream_port 8000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/hedgedoc.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/hedgedoc.subdomain.conf.sample
new file mode 100644
index 0000000..a3da7de
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/hedgedoc.subdomain.conf.sample
@@ -0,0 +1,42 @@
+## Version 2022/09/08
+# make sure you set the following environment variables in your docker arguments
+# CMD_DOMAIN=hedgedoc.server.com
+# CMD_URL_ADDPORT=false
+# CMD_PROTOCOL_USESSL=true
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name hedgedoc.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app hedgedoc;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/heimdall.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/heimdall.subdomain.conf.sample
new file mode 100644
index 0000000..1e94ffb
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/heimdall.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for heimdall
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name heimdall.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app heimdall;
+        set $upstream_port 443;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/heimdall.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/heimdall.subfolder.conf.sample
new file mode 100644
index 0000000..c4e1120
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/heimdall.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# In order to use this location block you need to edit the default file one folder up and comment out the / location
+
+location / {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app heimdall;
+    set $upstream_port 443;
+    set $upstream_proto https;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/homeassistant.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/homeassistant.subdomain.conf.sample
new file mode 100644
index 0000000..08abac2
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/homeassistant.subdomain.conf.sample
@@ -0,0 +1,57 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for homeassistant and that your homeassistant container is not using a base url
+
+# As of homeassistant 2021.7.0, it is now required to define the network range your proxy resides in, this is done in Homeassitants configuration.yaml
+# https://www.home-assistant.io/integrations/http/#trusted_proxies
+# Example below uses the default dockernetwork ranges, you may need to update this if you dont use defaults.
+#
+# http:
+#   use_x_forwarded_for: true
+#   trusted_proxies:
+#     - 172.16.0.0/12
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name homeassistant.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app homeassistant;
+        set $upstream_port 8123;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ ^/(api|local|media)/ {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app homeassistant;
+        set $upstream_port 8123;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/homebridge.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/homebridge.subdomain.conf.sample
new file mode 100644
index 0000000..13b5531
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/homebridge.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for homebridge and that your homebridge container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name homebridge.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app homebridge; # change to host IP if using host networking mode
+        set $upstream_port 8581;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/homer.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/homer.subdomain.conf.sample
new file mode 100644
index 0000000..cb078d1
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/homer.subdomain.conf.sample
@@ -0,0 +1,38 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for homer and that your homer container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name homer.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app homer;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/huginn.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/huginn.subdomain.conf.sample
new file mode 100644
index 0000000..698658b
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/huginn.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for huginn
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name huginn.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app huginn;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/influxdb.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/influxdb.subdomain.conf.sample
new file mode 100644
index 0000000..9154830
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/influxdb.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for influxdb and that your influxdb container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name influxdb.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app influxdb;
+        set $upstream_port 8086;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
+
diff --git a/njallavps/swag/nginx/proxy-confs/jackett.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/jackett.subdomain.conf.sample
new file mode 100644
index 0000000..b021b4f
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/jackett.subdomain.conf.sample
@@ -0,0 +1,59 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for jackett and that your jackett container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name jackett.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app jackett;
+        set $upstream_port 9117;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/jackett)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app jackett;
+        set $upstream_port 9117;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/jackett)?/dl {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app jackett;
+        set $upstream_port 9117;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/jackett.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/jackett.subfolder.conf.sample
new file mode 100644
index 0000000..ada717e
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/jackett.subfolder.conf.sample
@@ -0,0 +1,42 @@
+## Version 2022/09/08
+# first go into jackett settings, set the URL Base to /jackett and restart the jackett container
+
+location ^~ /jackett {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app jackett;
+    set $upstream_port 9117;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /jackett/api {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app jackett;
+    set $upstream_port 9117;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /jackett/dl {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app jackett;
+    set $upstream_port 9117;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/jdownloader.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/jdownloader.subdomain.conf.sample
new file mode 100644
index 0000000..21eaad6
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/jdownloader.subdomain.conf.sample
@@ -0,0 +1,47 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for jdownloader and that your jdownloader container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name jdownloader.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app jdownloader;
+        set $upstream_port 5800;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+    location ~ (/jdownloader)?/websockify {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app jdownloader;
+        set $upstream_port 5800;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port/websockify/;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/jellyfin.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/jellyfin.subdomain.conf.sample
new file mode 100644
index 0000000..489f34c
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/jellyfin.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for jellyfin
+# if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is
+# if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app <containername>;"
+# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of jellyfin
+# in jellyfin settings, under "Advanced/Networking" change the public https port to 443, leave the local ports as is,
+# and set the "Secure connection mode" to "Handled by reverse proxy"
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name jellyfin.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app jellyfin;
+        set $upstream_port 8096;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_set_header Range $http_range;
+        proxy_set_header If-Range $http_if_range;
+    }
+
+    location ~ (/jellyfin)?/socket {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app jellyfin;
+        set $upstream_port 8096;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/jellyfin.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/jellyfin.subfolder.conf.sample
new file mode 100644
index 0000000..fbbc5c2
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/jellyfin.subfolder.conf.sample
@@ -0,0 +1,23 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for jellyfin
+# if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is
+# if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app <containername>;"
+# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of jellyfin
+# in jellyfin settings, under "Advanced/Networking" change the public https port to 443, leave the local ports as is, set the base url to "/jellyfin",
+# and set the "Secure connection mode" to "Handled by reverse proxy"
+
+location /jellyfin {
+    return 301 $scheme://$host/jellyfin/;
+}
+
+location ^~ /jellyfin/ {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app jellyfin;
+    set $upstream_port 8096;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/jellyseerr.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/jellyseerr.subdomain.conf.sample
new file mode 100644
index 0000000..c708e10
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/jellyseerr.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for jellyseerr and that your jellyseerr container is named jellyseerr
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name jellyseerr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app jellyseerr;
+        set $upstream_port 5055;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/jenkins.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/jenkins.subfolder.conf.sample
new file mode 100644
index 0000000..357346a
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/jenkins.subfolder.conf.sample
@@ -0,0 +1,34 @@
+## Version 2022/09/08
+# First either add '--prefix=/jenkins' or '-e JENKINS_OPTS="--prefix=/jenkins"' to your docker run command, and restart the Jenkins container.
+# Also be sure to add '/jenkins/' to your URL under: Jenkins > Configuration > Manage Jenkins > Jenkins URL
+
+location /jenkins {
+    return 301 $scheme://$host/jenkins/;
+}
+
+location ^~ /jenkins/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app jenkins;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    # This is the maximum upload size
+    client_max_body_size 10m;
+    sendfile off;
+    proxy_max_temp_file_size 0;
+    proxy_temp_file_write_size 64k;
+    proxy_request_buffering off;
+    proxy_buffering off;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/kanzi.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/kanzi.subdomain.conf.sample
new file mode 100644
index 0000000..a883b97
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/kanzi.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for kanzi
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name kanzi.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app kanzi;
+        set $upstream_port 8000;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/kanzi.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/kanzi.subfolder.conf.sample
new file mode 100644
index 0000000..6cd1a67
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/kanzi.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# kanzi does not have a base url setting
+
+location /kanzi {
+    return 301 $scheme://$host/kanzi/;
+}
+
+location ^~ /kanzi/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app kanzi;
+    set $upstream_port 8000;
+    set $upstream_proto https;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /kanzi(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/kavita.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/kavita.subdomain.conf.sample
new file mode 100644
index 0000000..e69d5c0
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/kavita.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for kavita and that your kavita container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name kavita.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app kavita;
+        set $upstream_port 5000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/komga.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/komga.subdomain.conf.sample
new file mode 100644
index 0000000..f1b11cf
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/komga.subdomain.conf.sample
@@ -0,0 +1,49 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for komga and that your komga container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name komga.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app komga;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/komga)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app komga;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/komga.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/komga.subfolder.conf.sample
new file mode 100644
index 0000000..5e58c16
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/komga.subfolder.conf.sample
@@ -0,0 +1,35 @@
+## Version 2022/09/08
+# First make sure your Container has set an Baseurl set via docker-compose File "envirnoment: SERVER_SERVLET_CONTEXT_PATH=/komga" and recreate the container.
+
+location /komga {
+    return 301 $scheme://$host/komga/;
+}
+
+location ^~ /komga/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app komga;
+    set $upstream_port 8080 ;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+ location ^~ /komga/api {
+     include /config/nginx/proxy.conf;
+     include /config/nginx/resolver.conf;
+     set $upstream_app komga;
+     set $upstream_port 8080;
+     set $upstream_proto http;
+     proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+ }
diff --git a/njallavps/swag/nginx/proxy-confs/lazylibrarian.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/lazylibrarian.subdomain.conf.sample
new file mode 100644
index 0000000..426afc7
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/lazylibrarian.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for lazylibrarian
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name lazylibrarian.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app lazylibrarian;
+        set $upstream_port 5299;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/lazylibrarian.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/lazylibrarian.subfolder.conf.sample
new file mode 100644
index 0000000..0d23341
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/lazylibrarian.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# first go into lazylibrarian settings, under "Interface" set the URL Base to /lazylibrarian and restart the lazylibrarian container
+
+location ^~ /lazylibrarian {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app lazylibrarian;
+    set $upstream_port 5299;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/librespeed.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/librespeed.subdomain.conf.sample
new file mode 100644
index 0000000..27c4301
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/librespeed.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for librespeed
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name librespeed.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app librespeed;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/lidarr.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/lidarr.subdomain.conf.sample
new file mode 100644
index 0000000..0e5e96b
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/lidarr.subdomain.conf.sample
@@ -0,0 +1,49 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for lidarr and that your lidarr container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name lidarr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app lidarr;
+        set $upstream_port 8686;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/lidarr)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app lidarr;
+        set $upstream_port 8686;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/lidarr.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/lidarr.subfolder.conf.sample
new file mode 100644
index 0000000..9868d21
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/lidarr.subfolder.conf.sample
@@ -0,0 +1,32 @@
+## Version 2022/09/08
+# first go into lidarr settings, under "General" set the URL Base to /lidarr and restart the lidarr container
+
+location ^~ /lidarr {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app lidarr;
+    set $upstream_port 8686;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /lidarr/api {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app lidarr;
+    set $upstream_port 8686;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/lldap.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/lldap.subdomain.conf.sample
new file mode 100644
index 0000000..4c257a2
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/lldap.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for lldap and that your lldap container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name lldap.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app lldap;
+        set $upstream_port 17170;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/lychee.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/lychee.subdomain.conf.sample
new file mode 100644
index 0000000..e4955ab
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/lychee.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for lychee
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name lychee.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app lychee;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/lychee.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/lychee.subfolder.conf.sample
new file mode 100644
index 0000000..2d77c62
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/lychee.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# lychee does not require a base url setting
+
+location /lychee {
+    return 301 $scheme://$host/lychee/;
+}
+
+location /lychee/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app lychee;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /lychee(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/mailu.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/mailu.subdomain.conf.sample
new file mode 100644
index 0000000..49aa84a
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/mailu.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for mailu and that your mailu front container is named front
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name mailu.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app front;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/mailu.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/mailu.subfolder.conf.sample
new file mode 100644
index 0000000..2f96d1d
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/mailu.subfolder.conf.sample
@@ -0,0 +1,53 @@
+## Version 2022/09/08
+# mailu does not require a base url setting, but the container needs to be named front
+
+# This config have been tested with "TLS_FLAVOR=mail"
+# To avoid errors you must change in docker-compose ports: 80 and 443, more info: https://mailu.io/1.7/reverse.html
+
+location /admin{
+    return 301 $scheme://$host/admin/;
+}
+
+location ^~ /admin/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app front;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location /webmail{
+    return 301 $scheme://$host/webmail/;
+}
+
+location ^~ /webmail/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app front;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/mastodon.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/mastodon.subdomain.conf.sample
new file mode 100644
index 0000000..5a3d8f6
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/mastodon.subdomain.conf.sample
@@ -0,0 +1,43 @@
+## Version 2022/11/10
+# make sure that your dns has a cname set for mastodon
+# make sure you set `WEB_DOMAIN=mastodon.example.com` env var for the mastodon container
+# if you set `LOCAL_DOMAIN=example.com` (without the mastodon subdomain), then don't forget to add
+# the location block for redirecting `/.well-known/webfinger` into your main server block for the WEB_DOMAIN
+# See the upstream docs for more info: https://docs.joinmastodon.org/admin/config/#basic
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name mastodon.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app mastodon;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/matomo.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/matomo.subdomain.conf.sample
new file mode 100644
index 0000000..57280ab
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/matomo.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for matomo and that your matomo container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name matomo.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app matomo;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/matrix.anonymousland.org.conf b/njallavps/swag/nginx/proxy-confs/matrix.anonymousland.org.conf
new file mode 100644
index 0000000..40a2ca1
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/matrix.anonymousland.org.conf
@@ -0,0 +1,43 @@
+## Version 2021/10/03
+
+#
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    # For the federation port
+    listen 8448 ssl http2 default_server;
+    listen [::]:8448 ssl http2 default_server;
+
+    server_name matrix.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app synapse;
+        set $upstream_port 8008;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/matrix.anonymousland.org.confy b/njallavps/swag/nginx/proxy-confs/matrix.anonymousland.org.confy
new file mode 100644
index 0000000..42de380
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/matrix.anonymousland.org.confy
@@ -0,0 +1,42 @@
+## Version 2021/10/03
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    # For the federation port
+    listen 8448 ssl http2 default_server;
+    listen [::]:8448 ssl http2 default_server;
+
+    server_name matrix.anonymousland.org;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app synapse;
+        set $upstream_port 8008;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/mattermost.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/mattermost.subdomain.conf.sample
new file mode 100644
index 0000000..a31c020
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/mattermost.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/07/29
+# Make sure that your DNS has a CNAME record for "mattermost" and your Mattermost container is using the same subdomain
+# To learn how to deploy Mattermost via Docker, visit https://docs.mattermost.com/install/install-docker.html
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name mattermost.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app mattermost;
+        set $upstream_port 8065;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/mealie.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/mealie.subdomain.conf.sample
new file mode 100644
index 0000000..5c2a06d
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/mealie.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# Ensure your DNS has a CNAME set for mealie and that mealie container is not using a base URL.
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name mealie.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app mealie;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/medusa.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/medusa.subdomain.conf.sample
new file mode 100644
index 0000000..474628b
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/medusa.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for medusa
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name medusa.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app medusa;
+        set $upstream_port 8081;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/medusa.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/medusa.subfolder.conf.sample
new file mode 100644
index 0000000..dcfdc08
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/medusa.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# first go into medusa settings, under "Interface" set the URL Base to /medusa and restart the medusa container
+
+location ^~ /medusa {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app medusa;
+    set $upstream_port 8081;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/metube.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/metube.subdomain.conf.sample
new file mode 100644
index 0000000..2e57329
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/metube.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for metube
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name metube.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app metube;
+        set $upstream_port 8081;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/metube.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/metube.subfolder.conf.sample
new file mode 100644
index 0000000..83c6da8
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/metube.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# set the URL_PREFIX environment variable for the metube container to "/metube"
+
+location /metube {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app metube;
+    set $upstream_port 8081;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/miniflux.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/miniflux.subdomain.conf.sample
new file mode 100644
index 0000000..7ba66a3
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/miniflux.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for miniflux
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name miniflux.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app miniflux;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/miniflux.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/miniflux.subfolder.conf.sample
new file mode 100644
index 0000000..c8af8e2
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/miniflux.subfolder.conf.sample
@@ -0,0 +1,26 @@
+## Version 2022/09/08
+# set the environment variable "BASE_URL" to "https://yourdomain.url/miniflux/", or follow this guide to create a config file for Miniflux: https://miniflux.app/docs/configuration.html
+
+location /miniflux {
+    return 301 $scheme://$host/miniflux/;
+}
+
+location /miniflux/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app miniflux;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/monica.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/monica.subdomain.conf.sample
new file mode 100644
index 0000000..df686b0
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/monica.subdomain.conf.sample
@@ -0,0 +1,38 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for monica.
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name monica.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app monica;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/monica.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/monica.subfolder.conf.sample
new file mode 100644
index 0000000..3289a8d
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/monica.subfolder.conf.sample
@@ -0,0 +1,26 @@
+## Version 2022/09/08
+# Set the monica Docker container's APP_URL to a fully-qualified domain that ends with /monica/ and restart the container.
+# Example: https://yourhost.cc/monica/
+
+location /monica {
+    return 301 $scheme://$host/monica/;
+}
+
+location ^~ /monica/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app monica;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/monitorr.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/monitorr.subdomain.conf.sample
new file mode 100644
index 0000000..be01c28
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/monitorr.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for monitorr
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name monitorr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app monitorr;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/monitorr.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/monitorr.subfolder.conf.sample
new file mode 100644
index 0000000..26820c0
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/monitorr.subfolder.conf.sample
@@ -0,0 +1,26 @@
+## Version 2022/09/08
+# monitorr does not require a base url setting
+
+location /monitorr {
+    return 301 $scheme://$host/monitorr/;
+}
+
+location ^~ /monitorr/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app monitorr;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/mstream.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/mstream.subdomain.conf.sample
new file mode 100644
index 0000000..832cc46
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/mstream.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for mstream and your container name is mstream and running using http (default)
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name mstream.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app mstream;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/mylar.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/mylar.subdomain.conf.sample
new file mode 100644
index 0000000..28bc61c
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/mylar.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for mylar
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name mylar.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app mylar;
+        set $upstream_port 8090;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/mylar.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/mylar.subfolder.conf.sample
new file mode 100644
index 0000000..8e92e8a
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/mylar.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# first stop the mylar container and edit the config.ini for mylar and set http_root to /mylar and then start the mylar container
+
+location ^~ /mylar {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app mylar;
+    set $upstream_port 8090;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/mytinytodo.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/mytinytodo.subfolder.conf.sample
new file mode 100644
index 0000000..1c7a1fa
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/mytinytodo.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# works with https://github.com/breakall/mytinytodo-docker
+# set the mtt_url to 'https://your.domain.com/todo/' in db/config.php
+
+location /todo {
+    return 301 $scheme://$host/todo/;
+}
+
+location ^~ /todo/ {
+
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app mytinytodo;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port/;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/n8n.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/n8n.subdomain.conf.sample
new file mode 100644
index 0000000..d1327f4
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/n8n.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for n8n and that your n8n container is not using a base url
+# add `server.use-forward-headers=true` to `/config/application.properties` to ensure logs contain real source IP
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name n8n.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app n8n;
+        set $upstream_port 5678;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/navidrome.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/navidrome.subdomain.conf.sample
new file mode 100644
index 0000000..4acd387
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/navidrome.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for navidrome and that your navidrome container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name navidrome.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app navidrome;
+        set $upstream_port 4533;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/netboot.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/netboot.subdomain.conf.sample
new file mode 100644
index 0000000..6593725
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/netboot.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for netboot
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name netboot.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app netboot;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/netdata.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/netdata.subdomain.conf.sample
new file mode 100644
index 0000000..e1f5186
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/netdata.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for netdata
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name netdata.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app netdata;
+        set $upstream_port 19999;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/netdata.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/netdata.subfolder.conf.sample
new file mode 100644
index 0000000..7adcdba
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/netdata.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# netdata does not require a base url setting
+
+location /netdata {
+    return 301 $scheme://$host/netdata/;
+}
+
+location ^~ /netdata/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app netdata;
+    set $upstream_port 19999;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /netdata(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/nextcloud.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/nextcloud.subdomain.conf.sample
new file mode 100644
index 0000000..27c2ea5
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/nextcloud.subdomain.conf.sample
@@ -0,0 +1,37 @@
+## Version 2022/10/28
+# make sure that your dns has a cname set for nextcloud
+# assuming this container is called "swag", edit your nextcloud container's config
+# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
+#  'trusted_proxies' => ['swag'],
+#  'overwrite.cli.url' => 'https://nextcloud.example.com/',
+#  'overwritehost' => 'nextcloud.example.com',
+#  'overwriteprotocol' => 'https',
+#
+# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
+#  array (
+#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
+#    1 => 'nextcloud.example.com',
+#  ),
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name nextcloud.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app nextcloud;
+        set $upstream_port 443;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_hide_header X-Frame-Options;
+        proxy_max_temp_file_size 2048m;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/nextcloud.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/nextcloud.subfolder.conf.sample
new file mode 100644
index 0000000..0112163
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/nextcloud.subfolder.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/10/28
+# Assuming this container is called "swag", edit your nextcloud container's config
+# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
+#  'trusted_proxies' => ['swag'],
+#  'overwritewebroot' => '/nextcloud',
+#  'overwrite.cli.url' => 'https://example.com/nextcloud',
+#
+# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
+#  array (
+#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
+#    1 => 'example.com',
+#  ),
+
+location ^~ /.well-known {
+        # The rules in this block are an adaptation of the rules
+        # in the Nextcloud `.htaccess` that concern `/.well-known`.
+
+        location = /.well-known/carddav { return 301 /nextcloud/remote.php/dav/; }
+        location = /.well-known/caldav  { return 301 /nextcloud/remote.php/dav/; }
+
+        # Let Nextcloud's API for `/.well-known` URIs handle all other
+        # requests by passing them to the front-end controller.
+        return 301 /nextcloud/index.php$request_uri;
+    }
+
+location ^~ /nextcloud/ {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app nextcloud;
+    set $upstream_port 443;
+    set $upstream_proto https;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /nextcloud(.*) $1 break;
+    proxy_hide_header X-Frame-Options;
+    proxy_max_temp_file_size 2048m;
+    proxy_set_header Range $http_range;
+    proxy_set_header If-Range $http_if_range;
+    proxy_ssl_session_reuse off;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/ntfy.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/ntfy.subdomain.conf.sample
new file mode 100644
index 0000000..a433d6d
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/ntfy.subdomain.conf.sample
@@ -0,0 +1,41 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for ntfy and that your ntfy container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name ntfy.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ntfy;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/nzbget.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/nzbget.subdomain.conf.sample
new file mode 100644
index 0000000..0676d51
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/nzbget.subdomain.conf.sample
@@ -0,0 +1,69 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for nzbget
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name nzbget.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app nzbget;
+        set $upstream_port 6789;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/nzbget)?(/[^\/:]*:[^\/:]*)?/jsonrpc {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app nzbget;
+        set $upstream_port 6789;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/nzbget)?(/[^\/:]*:[^\/]*)?/jsonprpc {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app nzbget;
+        set $upstream_port 6789;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/nzbget)?(/[^\/:]*:[^\/]*)?/xmlrpc {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app nzbget;
+        set $upstream_port 6789;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/nzbget.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/nzbget.subfolder.conf.sample
new file mode 100644
index 0000000..5134ef1
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/nzbget.subfolder.conf.sample
@@ -0,0 +1,52 @@
+## Version 2022/09/08
+# nzbget does not require a base url setting
+
+location /nzbget {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app nzbget;
+    set $upstream_port 6789;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ~ /nzbget(/[^\/:]*:[^\/]*)?/jsonrpc {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app nzbget;
+    set $upstream_port 6789;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ~ /nzbget(/[^\/:]*:[^\/]*)?/jsonprpc {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app nzbget;
+    set $upstream_port 6789;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ~ /nzbget(/[^\/:]*:[^\/]*)?/xmlrpc {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app nzbget;
+    set $upstream_port 6789;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/nzbhydra.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/nzbhydra.subdomain.conf.sample
new file mode 100644
index 0000000..6d232ed
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/nzbhydra.subdomain.conf.sample
@@ -0,0 +1,89 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for nzbhydra and that your nzbhydra container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name nzbhydra.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app nzbhydra2;
+        set $upstream_port 5076;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/nzbhydra)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app nzbhydra2;
+        set $upstream_port 5076;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/nzbhydra)?/getnzb {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app nzbhydra2;
+        set $upstream_port 5076;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/nzbhydra)?/gettorrent {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app nzbhydra2;
+        set $upstream_port 5076;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/nzbhydra)?/rss {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app nzbhydra2;
+        set $upstream_port 5076;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/nzbhydra)?/torznab/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app nzbhydra2;
+        set $upstream_port 5076;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/nzbhydra.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/nzbhydra.subfolder.conf.sample
new file mode 100644
index 0000000..bdcdc05
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/nzbhydra.subfolder.conf.sample
@@ -0,0 +1,72 @@
+## Version 2022/09/08
+# first go into nzbhydra settings, set the URL Base to /nzbhydra, then disable CSRF protection on the same page and restart the nzbhydra container
+
+location ^~ /nzbhydra {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app nzbhydra2;
+    set $upstream_port 5076;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /nzbhydra/api {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app nzbhydra2;
+    set $upstream_port 5076;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /nzbhydra/getnzb {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app nzbhydra2;
+    set $upstream_port 5076;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /nzbhydra/gettorrent {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app nzbhydra2;
+    set $upstream_port 5076;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /nzbhydra/rss {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app nzbhydra2;
+    set $upstream_port 5076;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /nzbhydra/torznab/api {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app nzbhydra2;
+    set $upstream_port 5076;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/octoprint.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/octoprint.subdomain.conf.sample
new file mode 100644
index 0000000..77fd0f3
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/octoprint.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for octoprint and that your octoprint container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name octoprint.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app octoprint;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+        proxy_set_header X-Scheme https;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/ombi.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/ombi.subdomain.conf.sample
new file mode 100644
index 0000000..e0d598c
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/ombi.subdomain.conf.sample
@@ -0,0 +1,65 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for ombi and that your ombi container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name ombi.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ombi;
+        set $upstream_port 3579;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    # This allows access to the actual api
+    location ~ (/ombi)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ombi;
+        set $upstream_port 3579;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+   }
+
+    # This allows access to the documentation for the api
+    location ~ (/ombi)?/swagger {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ombi;
+        set $upstream_port 3579;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+   }
+
+   if ($http_referer ~* /ombi) {
+       rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect;
+   }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/ombi.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/ombi.subfolder.conf.sample
new file mode 100644
index 0000000..d0e5482
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/ombi.subfolder.conf.sample
@@ -0,0 +1,56 @@
+## Version 2022/09/08
+# first go into ombi settings, under the menu "Ombi" set the base url to /ombi and restart the ombi container
+
+location /ombi {
+    return 301 $scheme://$host/ombi/;
+}
+
+location ^~ /ombi/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app ombi;
+    set $upstream_port 3579;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+# This allows access to the actual api
+location ^~ /ombi/api {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app ombi;
+    set $upstream_port 3579;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+if ($http_referer ~* /ombi) {
+    rewrite ^/api/(.*) /ombi/api/$1? redirect;
+}
+
+# This allows access to the documentation for the api
+location ^~ /ombi/swagger {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app ombi;
+    set $upstream_port 3579;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+if ($http_referer ~* /ombi) {
+    rewrite ^/swagger/(.*) /ombi/swagger/$1? redirect;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/openhab.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/openhab.subdomain.conf.sample
new file mode 100644
index 0000000..cc0a1c9
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/openhab.subdomain.conf.sample
@@ -0,0 +1,38 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for openhab and that your openhab container is named openhab
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name openhab.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app openhab;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/openvpn-as.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/openvpn-as.subdomain.conf.sample
new file mode 100644
index 0000000..c42b2e4
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/openvpn-as.subdomain.conf.sample
@@ -0,0 +1,59 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for openvpn-as and that your openvpn-as container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name openvpn-as.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app openvpn-as;
+        set $upstream_port 943;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location /admin {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app openvpn-as;
+        set $upstream_port 943;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/openvscode-server.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/openvscode-server.subdomain.conf.sample
new file mode 100644
index 0000000..47d9e3e
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/openvscode-server.subdomain.conf.sample
@@ -0,0 +1,114 @@
+## Version 2022/12/03
+# make sure that your dns has a cname set for openvscode-server
+# This conf allows accessing internal ports at `PORT` (http) or `PORTs` (https) as subdomain
+# Access http port 8080 at `https://8080.openvscode-server.domain.url`
+# Access https port 8080 at `https://8080s.openvscode-server.domain.url`
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name openvscode-server.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app openvscode-server;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name "~^(?<upstream_port>[0-9]{1,10})\.openvscode-server\..*$";
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app openvscode-server;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name "~^(?<upstream_port>[0-9]{1,10})s\.openvscode-server\..*$";
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app openvscode-server;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/organizr-auth.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/organizr-auth.subfolder.conf.sample
new file mode 100644
index 0000000..9d46e6a
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/organizr-auth.subfolder.conf.sample
@@ -0,0 +1,40 @@
+## Version 2021/10/05
+# To use config this with subfolder proxies:
+#   Rename this file to organizr-auth.subfolder.conf
+#   Add one of the auth_request lines from the comments below
+#   ex:
+#     auth_request /auth-0;
+#
+# To use config this with subdomain proxies:
+#   Rename this file to organizr-auth.subfolder.conf (the subfolder file name is still used)
+#   Add the following line in your other subdomain proxy configs
+#     include /config/nginx/proxy-confs/organizr-auth.subfolder.conf;
+#   Add one of the auth_request lines from the comments below
+#   ex:
+#     include /config/nginx/proxy-confs/organizr-auth.subfolder.conf;
+#     auth_request /auth-0;
+
+location ~ /auth-([0-9]+) {
+    internal;
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_auth_app organizr;
+    set $upstream_auth_port 80;
+    set $upstream_auth_proto http;
+    proxy_pass $upstream_auth_proto://$upstream_auth_app:$upstream_auth_port/api/v2/auth?group=$1;
+
+    proxy_set_header Content-Length "";
+
+    # Do not uncomment the lines below, these are examples for use in other proxy configs
+    #auth_request /auth-0;   #=Admin
+    #auth_request /auth-1;   #=Co-Admin
+    #auth_request /auth-2;   #=Super User
+    #auth_request /auth-3;   #=Power User
+    #auth_request /auth-4;   #=User
+    #auth_request /auth-998; #=Logged In
+    #auth_request /auth-999; #=Guest
+}
+
+# Optional redirect server authentication errors to organizr authentication page
+# NOTE: $host must be modified to your public URL when using subdomain proxies
+#error_page 401 $scheme://$host/?error=$status&return=$scheme://$http_host$request_uri;
diff --git a/njallavps/swag/nginx/proxy-confs/organizr.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/organizr.subdomain.conf.sample
new file mode 100644
index 0000000..8f60ed1
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/organizr.subdomain.conf.sample
@@ -0,0 +1,43 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for organizr
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name organizr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app organizr;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    # Optional redirect server errors to organizr error pages
+    #error_page 400 402 403 404 405 408 500 502 503 504  $scheme://$host/?error=$status;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/organizr.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/organizr.subfolder.conf.sample
new file mode 100644
index 0000000..fece123
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/organizr.subfolder.conf.sample
@@ -0,0 +1,25 @@
+## Version 2022/09/08
+# In order to use this location block you need to edit the default file one folder up and comment out the / and ~ \.php$ locations
+
+location / {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app organizr;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+# Optional redirect server errors to organizr error pages
+#error_page 400 402 403 404 405 408 500 502 503 504  $scheme://$host/?error=$status;
diff --git a/njallavps/swag/nginx/proxy-confs/osticket.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/osticket.subdomain.conf.sample
new file mode 100644
index 0000000..e5ba0cc
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/osticket.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for osticket and that your osticket container is named osticket.
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name osticket.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app osticket;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/overseerr.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/overseerr.subdomain.conf.sample
new file mode 100644
index 0000000..f47d168
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/overseerr.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for overseerr and that your overseerr container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name overseerr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app overseerr;
+        set $upstream_port 5055;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/papermerge.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/papermerge.subdomain.conf.sample
new file mode 100644
index 0000000..9d36808
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/papermerge.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for papermerge
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name papermerge.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app papermerge;
+        set $upstream_port 8000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/petio.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/petio.subdomain.conf.sample
new file mode 100644
index 0000000..a05f0ea
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/petio.subdomain.conf.sample
@@ -0,0 +1,38 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for petio and that your petio container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name petio.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app petio;
+        set $upstream_port 7777;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/petio.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/petio.subfolder.conf.sample
new file mode 100644
index 0000000..3f470bc
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/petio.subfolder.conf.sample
@@ -0,0 +1,26 @@
+## Version 2022/09/08
+# first go into petio settings, under "Base path" set the URL Base to /petio and restart the petio container
+
+location /petio {
+    return 301 $scheme://$host/petio/;
+}
+
+location ^~ /petio/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app petio;
+    set $upstream_port 7777;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/pgadmin.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/pgadmin.subdomain.conf.sample
new file mode 100644
index 0000000..50345d2
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/pgadmin.subdomain.conf.sample
@@ -0,0 +1,41 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for pgadmin and that your pgadmin container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name pgadmin.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        #enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app pgadmin;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        # Uncomment to allow loading in an iframe (i.e. Organizr)
+        #proxy_hide_header X-Frame-Options;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/photoprism.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/photoprism.subdomain.conf.sample
new file mode 100644
index 0000000..17127f9
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/photoprism.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# Ensure your DNS has a CNAME set for Photoprism and that Photoprism container is not using a base URL.
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name photoprism.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app photoprism;
+        set $upstream_port 2342;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/phpmyadmin.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/phpmyadmin.subdomain.conf.sample
new file mode 100644
index 0000000..bd9533a
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/phpmyadmin.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for phpmyadmin and that your phpmyadmin container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name phpmyadmin.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app phpmyadmin;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/phpmyadmin.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/phpmyadmin.subfolder.conf.sample
new file mode 100644
index 0000000..3c48d20
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/phpmyadmin.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# phpmyadmin does not require a base url setting
+
+location /phpmyadmin {
+    return 301 $scheme://$host/phpmyadmin/;
+}
+
+location ^~ /phpmyadmin/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app phpmyadmin;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /phpmyadmin(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/picard.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/picard.subfolder.conf.sample
new file mode 100644
index 0000000..ec6ba79
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/picard.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# picard does not require a base url setting
+
+location /picard {
+    return 301 $scheme://$host/picard/;
+}
+
+location ^~ /picard/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app picard;
+    set $upstream_port 5800;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /picard(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/pihole.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/pihole.subdomain.conf.sample
new file mode 100644
index 0000000..a586dd4
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/pihole.subdomain.conf.sample
@@ -0,0 +1,61 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for pihole and that your pihole container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name pihole.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app pihole;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_hide_header X-Frame-Options;
+    }
+
+    location /admin {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app pihole;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_hide_header X-Frame-Options;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/pihole.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/pihole.subfolder.conf.sample
new file mode 100644
index 0000000..dbd156d
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/pihole.subfolder.conf.sample
@@ -0,0 +1,54 @@
+## Version 2022/09/08
+# pihole does not require a base url setting
+
+location /pihole {
+    return 301 $scheme://$host/pihole/;
+}
+
+location ^~ /pihole/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app pihole;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /pihole(.*) $1 break;
+    proxy_hide_header X-Frame-Options;
+}
+
+location /pihole/admin {
+    return 301 $scheme://$host/pihole/admin/;
+}
+
+location ^~ /pihole/admin/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app pihole;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /pihole(.*) $1 break;
+    proxy_hide_header X-Frame-Options;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/pinry.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/pinry.subdomain.conf.sample
new file mode 100644
index 0000000..453511f
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/pinry.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for pinry and that your pinry container is named pinry
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name pinry.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app pinry;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/piwigo.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/piwigo.subdomain.conf.sample
new file mode 100644
index 0000000..a5a088a
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/piwigo.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for piwigo
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name piwigo.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app piwigo;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/pixelfed.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/pixelfed.subdomain.conf.sample
new file mode 100644
index 0000000..46150c6
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/pixelfed.subdomain.conf.sample
@@ -0,0 +1,38 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for pixelfed and the container is named pixelfed
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name pixelfed.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app pixelfed;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/plex.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/plex.subdomain.conf.sample
new file mode 100644
index 0000000..abc304f
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/plex.subdomain.conf.sample
@@ -0,0 +1,56 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for plex
+# if plex is running in bridge mode and the container is named "plex", the below config should work as is
+# if not, replace the line "set $upstream_app plex;" with "set $upstream_app <containername>;"
+# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of plex
+# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443")
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name plex.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    proxy_redirect off;
+    proxy_buffering off;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app plex;
+        set $upstream_port 32400;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
+        proxy_set_header X-Plex-Device $http_x_plex_device;
+        proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
+        proxy_set_header X-Plex-Platform $http_x_plex_platform;
+        proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
+        proxy_set_header X-Plex-Product $http_x_plex_product;
+        proxy_set_header X-Plex-Token $http_x_plex_token;
+        proxy_set_header X-Plex-Version $http_x_plex_version;
+        proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
+        proxy_set_header X-Plex-Provides $http_x_plex_provides;
+        proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
+        proxy_set_header X-Plex-Model $http_x_plex_model;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/plex.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/plex.subfolder.conf.sample
new file mode 100644
index 0000000..b8bb526
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/plex.subfolder.conf.sample
@@ -0,0 +1,50 @@
+## Version 2022/09/08
+#******** This config no longer works as intended. The web app loads, but no direct connection to server is made. *********
+#******** PRs welcome for anyone who figures out how to fix it. Use the subdomain config in the meantime. *******
+
+# if plex is running in bridge mode and the container is named "plex", the below config should work as is
+# if not, replace the line "set $upstream_app plex;" with "set $upstream_app <containername>;"
+# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of plex
+# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://yourdomain.url:443/plex")
+
+location /plex {
+    return 301 $scheme://$host/plex/;
+}
+
+location ^~ /plex/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app plex;
+    set $upstream_port 32400;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /plex(.*) $1 break;
+
+    proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
+    proxy_set_header X-Plex-Device $http_x_plex_device;
+    proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
+    proxy_set_header X-Plex-Platform $http_x_plex_platform;
+    proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
+    proxy_set_header X-Plex-Product $http_x_plex_product;
+    proxy_set_header X-Plex-Token $http_x_plex_token;
+    proxy_set_header X-Plex-Version $http_x_plex_version;
+    proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
+    proxy_set_header X-Plex-Provides $http_x_plex_provides;
+    proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
+    proxy_set_header X-Plex-Model $http_x_plex_model;
+}
+
+if ($http_referer ~* /plex) {
+    rewrite ^/web/(.*) /plex/web/$1? redirect;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/plexwebtools.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/plexwebtools.subdomain.conf.sample
new file mode 100644
index 0000000..c38d199
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/plexwebtools.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for plexwebtools and that your plexwebtools container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name plexwebtools.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app plex;
+        set $upstream_port 33400;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/plexwebtools.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/plexwebtools.subfolder.conf.sample
new file mode 100644
index 0000000..65cf8e3
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/plexwebtools.subfolder.conf.sample
@@ -0,0 +1,26 @@
+## Version 2022/09/08
+# first go into plexwebtools settings, set the URL Base to /plexwebtools and restart the plex container
+
+location /plexwebtools {
+    return 301 $scheme://$host/plexwebtools/;
+}
+
+location ^~ /plexwebtools/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app plex;
+    set $upstream_port 33400;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/podgrab.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/podgrab.subdomain.conf.sample
new file mode 100644
index 0000000..8916ff3
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/podgrab.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for podgrab and that your podgrab container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name podgrab.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app podgrab;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/portainer.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/portainer.subdomain.conf.sample
new file mode 100644
index 0000000..941fc0f
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/portainer.subdomain.conf.sample
@@ -0,0 +1,61 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for portainer
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name portainer.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app portainer;
+        set $upstream_port 9000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
+    }
+
+    location /api/websocket/ {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app portainer;
+        set $upstream_port 9000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/portainer.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/portainer.subfolder.conf.sample
new file mode 100644
index 0000000..4f9e5d3
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/portainer.subfolder.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/08
+# portainer does not require a base url setting
+
+location /portainer {
+    return 301 $scheme://$host/portainer/;
+}
+
+location ^~ /portainer/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app portainer;
+    set $upstream_port 9000;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /portainer(.*) $1 break;
+    proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
+}
+
+location ^~ /portainer/api/websocket/ {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app portainer;
+    set $upstream_port 9000;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /portainer(.*) $1 break;
+    proxy_hide_header X-Frame-Options; # Possibly not needed after Portainer 1.20.0
+}
diff --git a/njallavps/swag/nginx/proxy-confs/privatebin.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/privatebin.subdomain.conf.sample
new file mode 100644
index 0000000..9d4d81d
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/privatebin.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for privatebin
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name privatebin.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app privatebin;
+        set $upstream_port 8080;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/prometheus.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/prometheus.subdomain.conf.sample
new file mode 100644
index 0000000..e85fe82
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/prometheus.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for prometheus and that your prometheus container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name prometheus.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app prometheus;
+        set $upstream_port 9090;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/prowlarr.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/prowlarr.subdomain.conf.sample
new file mode 100644
index 0000000..e3c2c0e
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/prowlarr.subdomain.conf.sample
@@ -0,0 +1,47 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for prowlarr and that your prowlarr container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name prowlarr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app prowlarr;
+        set $upstream_port 9696;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+    location ~ (/prowlarr)?(/[0-9]+)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app prowlarr;
+        set $upstream_port 9696;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/prowlarr.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/prowlarr.subfolder.conf.sample
new file mode 100644
index 0000000..790d734
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/prowlarr.subfolder.conf.sample
@@ -0,0 +1,32 @@
+## Version 2022/09/08
+# first go into prowlarr settings, under "General" set the URL Base to /prowlarr and restart the prowlarr container
+
+location /prowlarr {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app prowlarr;
+    set $upstream_port 9696;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ~ /prowlarr(/[0-9]+)?/api {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app prowlarr;
+    set $upstream_port 9696;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/pwndrop.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/pwndrop.subdomain.conf.sample
new file mode 100644
index 0000000..ecc10c6
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/pwndrop.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/11/06
+# make sure that your dns has a cname set for pwndrop
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name pwndrop.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app pwndrop;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/pydio-cells.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/pydio-cells.subdomain.conf.sample
new file mode 100644
index 0000000..f5b6cb4
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/pydio-cells.subdomain.conf.sample
@@ -0,0 +1,60 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for pydio-cells
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name pydio-cells.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app pydio-cells;
+        set $upstream_port 8080;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location /ws {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app pydio-cells;
+        set $upstream_port 8080;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_buffering off;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/pydio.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/pydio.subdomain.conf.sample
new file mode 100644
index 0000000..0e5a4b8
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/pydio.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for pydio and that your pydio container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name pydio.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app pydio;
+        set $upstream_port 443;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/pyload.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/pyload.subdomain.conf.sample
new file mode 100644
index 0000000..bcd5272
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/pyload.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for pyload and that your pyload container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name pyload.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app pyload;
+        set $upstream_port 8000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/pyload.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/pyload.subfolder.conf.sample
new file mode 100644
index 0000000..39de085
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/pyload.subfolder.conf.sample
@@ -0,0 +1,23 @@
+## Version 2022/09/08
+# First go into pyload settings, under "Web Interface" set the "Path Prefix" to /pyload and restart the pyload container
+# Only works with pyload-ng
+
+location ^~ /pyload {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app pyload;
+    set $upstream_port 8000;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/qbittorrent.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/qbittorrent.subdomain.conf.sample
new file mode 100644
index 0000000..29fe2e7
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/qbittorrent.subdomain.conf.sample
@@ -0,0 +1,132 @@
+## Version 2022/10/25
+# make sure that your dns has a cname set for qbittorrent and that your qbittorrent container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name qbittorrent.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app qbittorrent;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_set_header Referer '';
+        proxy_set_header Host $upstream_app:$upstream_port;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location ~ (/qbittorrent)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app qbittorrent;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        rewrite /qbittorrent(.*) $1 break;
+
+        proxy_set_header Referer '';
+        proxy_set_header Host $upstream_app:$upstream_port;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location ~ (/qbittorrent)?/command {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app qbittorrent;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        rewrite /qbittorrent(.*) $1 break;
+
+        proxy_set_header Referer '';
+        proxy_set_header Host $upstream_app:$upstream_port;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location ~ (/qbittorrent)?/query {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app qbittorrent;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        rewrite /qbittorrent(.*) $1 break;
+
+        proxy_set_header Referer '';
+        proxy_set_header Host $upstream_app:$upstream_port;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location ~ (/qbittorrent)?/login {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app qbittorrent;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        rewrite /qbittorrent(.*) $1 break;
+
+        proxy_set_header Referer '';
+        proxy_set_header Host $upstream_app:$upstream_port;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location ~ (/qbittorrent)?/sync {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app qbittorrent;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        rewrite /qbittorrent(.*) $1 break;
+
+        proxy_set_header Referer '';
+        proxy_set_header Host $upstream_app:$upstream_port;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+    
+    location ~ (/qbittorrent)?/scripts {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app qbittorrent;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        rewrite /qbittorrent(.*) $1 break;
+
+        proxy_set_header Referer '';
+        proxy_set_header Host $upstream_app:$upstream_port;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/qbittorrent.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/qbittorrent.subfolder.conf.sample
new file mode 100644
index 0000000..dee1cc3
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/qbittorrent.subfolder.conf.sample
@@ -0,0 +1,121 @@
+## Version 2022/10/25
+# qbittorrent does not require a base url setting
+
+location /qbittorrent {
+    return 301 $scheme://$host/qbittorrent/;
+}
+
+location ^~ /qbittorrent/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app qbittorrent;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /qbittorrent(.*) $1 break;
+
+    proxy_set_header Referer '';
+    proxy_set_header Host $upstream_app:$upstream_port;
+    proxy_set_header X-Forwarded-Host $host;
+}
+
+location ^~ /qbittorrent/api {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app qbittorrent;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /qbittorrent(.*) $1 break;
+
+    proxy_set_header Referer '';
+    proxy_set_header Host $upstream_app:$upstream_port;
+    proxy_set_header X-Forwarded-Host $host;
+}
+
+location ^~ /qbittorrent/command {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app qbittorrent;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /qbittorrent(.*) $1 break;
+
+    proxy_set_header Referer '';
+    proxy_set_header Host $upstream_app:$upstream_port;
+    proxy_set_header X-Forwarded-Host $host;
+}
+
+location ^~ /qbittorrent/query {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app qbittorrent;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /qbittorrent(.*) $1 break;
+
+    proxy_set_header Referer '';
+    proxy_set_header Host $upstream_app:$upstream_port;
+    proxy_set_header X-Forwarded-Host $host;
+}
+
+location ^~ /qbittorrent/login {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app qbittorrent;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /qbittorrent(.*) $1 break;
+
+    proxy_set_header Referer '';
+    proxy_set_header Host $upstream_app:$upstream_port;
+    proxy_set_header X-Forwarded-Host $host;
+}
+
+location ^~ /qbittorrent/sync {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app qbittorrent;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /qbittorrent(.*) $1 break;
+
+    proxy_set_header Referer '';
+    proxy_set_header Host $upstream_app:$upstream_port;
+    proxy_set_header X-Forwarded-Host $host;
+}
+
+location ^~ /qbittorrent/scripts {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app qbittorrent;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /qbittorrent(.*) $1 break;
+
+    proxy_set_header Referer '';
+    proxy_set_header Host $upstream_app:$upstream_port;
+    proxy_set_header X-Forwarded-Host $host;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/quassel-web.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/quassel-web.subdomain.conf.sample
new file mode 100644
index 0000000..23b23a4
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/quassel-web.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for quassel and make sure Quassel-Web is running on http
+# with -e 'HTTPS'='false' or if you're using -e 'ADVANCED'='true' by editing config.json appropriately
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name quassel.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app quassel-web;
+        set $upstream_port 64080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/quassel-web.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/quassel-web.subfolder.conf.sample
new file mode 100644
index 0000000..c17e4a1
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/quassel-web.subfolder.conf.sample
@@ -0,0 +1,23 @@
+## Version 2022/09/08
+# Set base-url with docker run command env variable -e 'URL_BASE'='/quassel' and make sure Quassel-Web is running on http
+# with -e 'HTTPS'='false' or if you're using -e 'ADVANCED'='true' by editing config.json appropriately
+
+location ^~ /quassel {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app quassel-web;
+    set $upstream_port 64080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/radarr.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/radarr.subdomain.conf.sample
new file mode 100644
index 0000000..b7ef96c
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/radarr.subdomain.conf.sample
@@ -0,0 +1,49 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for radarr and that your radarr container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name radarr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app radarr;
+        set $upstream_port 7878;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/radarr)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app radarr;
+        set $upstream_port 7878;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/radarr.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/radarr.subfolder.conf.sample
new file mode 100644
index 0000000..4acfb60
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/radarr.subfolder.conf.sample
@@ -0,0 +1,32 @@
+## Version 2022/09/08
+# first go into radarr settings, under "General" set the URL Base to /radarr and restart the radarr container
+
+location ^~ /radarr {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app radarr;
+    set $upstream_port 7878;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /radarr/api {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app radarr;
+    set $upstream_port 7878;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/raneto.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/raneto.subdomain.conf.sample
new file mode 100644
index 0000000..cbbdaa0
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/raneto.subdomain.conf.sample
@@ -0,0 +1,38 @@
+## Version 2022/09/08
+# Make sure that your dns has a cname set for raneto
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name raneto.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        #enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app raneto;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/rclone.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/rclone.subfolder.conf.sample
new file mode 100644
index 0000000..5e7db7b
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/rclone.subfolder.conf.sample
@@ -0,0 +1,38 @@
+## Version 2022/09/08
+# rclone does not require a base url
+
+location /rclone {
+    return 301 $scheme://$host/rclone/;
+}
+
+location ^~ /rclone/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app rclone;
+    set $upstream_port 5800;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /rclone(.*) $1 break;
+}
+
+ location ^~ /rclone/websockify {
+     include /config/nginx/proxy.conf;
+     include /config/nginx/resolver.conf;
+     set $upstream_app rclone;
+     set $upstream_port 5800;
+     set $upstream_proto http;
+     proxy_pass $upstream_proto://$upstream_app:$upstream_port/websockify/;
+
+    rewrite /rclone(.*) $1 break;
+ }
diff --git a/njallavps/swag/nginx/proxy-confs/readarr.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/readarr.subdomain.conf.sample
new file mode 100644
index 0000000..8ed1a62
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/readarr.subdomain.conf.sample
@@ -0,0 +1,49 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for readarr and that your readarr container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name readarr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app readarr;
+        set $upstream_port 8787;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/readarr)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app readarr;
+        set $upstream_port 8787;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/readarr.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/readarr.subfolder.conf.sample
new file mode 100644
index 0000000..6463d24
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/readarr.subfolder.conf.sample
@@ -0,0 +1,32 @@
+## Version 2022/09/08
+# first go into readarr settings, under "General" set the URL Base to /readarr and restart the readarr container
+
+location ^~ /readarr {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app readarr;
+    set $upstream_port 8787;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /readarr/api {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app readarr;
+    set $upstream_port 8787;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/recipes.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/recipes.subdomain.conf.sample
new file mode 100644
index 0000000..5de66f8
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/recipes.subdomain.conf.sample
@@ -0,0 +1,48 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for recipes
+# make sure to mount /media/ in your swag container to point to your Recipes Media directory
+
+# if using Authelia use this one:
+# Doc: https://vabene1111.github.io/recipes/install/docker/#using-proxy-authentication
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name recipes.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    # serve media files
+    location /media/ {
+        alias /media/;
+    }
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app recipes;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/requestrr.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/requestrr.subdomain.conf.sample
new file mode 100644
index 0000000..080deb7
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/requestrr.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for requestrr
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name requestrr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app requestrr;
+        set $upstream_port 4545;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/resilio-sync.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/resilio-sync.subdomain.conf.sample
new file mode 100644
index 0000000..835f639
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/resilio-sync.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for resilio-sync and that your resilio-sync container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name resilio-sync.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app resilio-sync;
+        set $upstream_port 8888;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/rutorrent.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/rutorrent.subdomain.conf.sample
new file mode 100644
index 0000000..e9cc83c
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/rutorrent.subdomain.conf.sample
@@ -0,0 +1,63 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for rutorrent
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name rutorrent.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app rutorrent;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location /RPC2 {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        # block rpc access by default because it is unprotected
+        # you can comment out the next line to enable remote rpc calls
+        deny all;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app rutorrent;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/rutorrent.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/rutorrent.subfolder.conf.sample
new file mode 100644
index 0000000..bc64a1f
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/rutorrent.subfolder.conf.sample
@@ -0,0 +1,52 @@
+## Version 2022/09/08
+# rutorrent does not require a base url setting
+
+location /rutorrent {
+    return 301 $scheme://$host/rutorrent/;
+}
+
+location ^~ /rutorrent/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app rutorrent;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /rutorrent(.*) $1 break;
+}
+
+location ^~ /rutorrent/RPC2 {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    # block rpc access by default because it is unprotected
+    # you can comment out the next line to enable remote rpc calls
+    deny all;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app rutorrent;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /rutorrent(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/sabnzbd.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/sabnzbd.subdomain.conf.sample
new file mode 100644
index 0000000..5038cda
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/sabnzbd.subdomain.conf.sample
@@ -0,0 +1,51 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for sabnzbd
+# edit the sabnzbd.ini host_whitelist to avoid hostname verification issues. This format:
+# host_whitelist = sabnzbd.domain.com, www.sabnzbd.domain.com
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name sabnzbd.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app sabnzbd;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/sabnzbd)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app sabnzbd;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/sabnzbd.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/sabnzbd.subfolder.conf.sample
new file mode 100644
index 0000000..59e1802
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/sabnzbd.subfolder.conf.sample
@@ -0,0 +1,32 @@
+## Version 2022/09/08
+# sabnzbd already uses the base url /sabnzbd by default so you don't need to do anything extra
+
+location ^~ /sabnzbd {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app sabnzbd;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /sabnzbd/api {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app sabnzbd;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/scope.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/scope.subfolder.conf.sample
new file mode 100644
index 0000000..a0e8a6d
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/scope.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# Scope does not require a base url setting
+
+location /scope {
+    return 301 $scheme://$host/scope/;
+}
+
+location ^~ /scope/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app scope;
+    set $upstream_port 4040;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /scope(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/scrutiny.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/scrutiny.subdomain.conf.sample
new file mode 100644
index 0000000..8dd334e
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/scrutiny.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for scrutiny and that your scrutiny container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name scrutiny.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app scrutiny;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/shinobi.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/shinobi.subdomain.conf.sample
new file mode 100644
index 0000000..92170e5
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/shinobi.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for shinobi and that your shinobi config.json is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name shinobi.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app shinobi;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/shinobi.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/shinobi.subfolder.conf.sample
new file mode 100644
index 0000000..13a79e6
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/shinobi.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# ensure your config.json file has an entry for the base url set to /shinobi, i.e.
+# "baseurl":"/shinobi"
+
+location /shinobi {
+    return 301 $scheme://$host/shinobi/;
+}
+
+location ^~ /shinobi/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app shinobi;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/sickchill.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/sickchill.subdomain.conf.sample
new file mode 100644
index 0000000..cc09e2f
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/sickchill.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for sickchill
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name sickchill.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app sickchill;
+        set $upstream_port 8081;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/sickchill.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/sickchill.subfolder.conf.sample
new file mode 100644
index 0000000..1e2a9a6
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/sickchill.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# first stop the sickchill container and edit the config.ini for sickchill and set web_root to /sickchill and then start the sickchill container
+
+location ^~ /sickchill {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app sickchill;
+    set $upstream_port 8081;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/sickrage.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/sickrage.subdomain.conf.sample
new file mode 100644
index 0000000..ea1b48d
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/sickrage.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for sickrage
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name sickrage.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app sickrage;
+        set $upstream_port 8081;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/sickrage.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/sickrage.subfolder.conf.sample
new file mode 100644
index 0000000..2fd9aca
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/sickrage.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# first stop the sickrage container and edit the config.ini for sickrage and set web_root to /sickrage and then start the sickrage container
+
+location ^~ /sickrage {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app sickrage;
+    set $upstream_port 8081;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/skyhook.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/skyhook.subdomain.conf.sample
new file mode 100644
index 0000000..9419369
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/skyhook.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for skyhook and that your skyhook container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name skyhook.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app skyhook;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/slskd.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/slskd.subdomain.conf.sample
new file mode 100644
index 0000000..832f655
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/slskd.subdomain.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/10/24
+# first edit the slskd.yml and set 'url_base: /slskd' and restart the slskd container
+
+location ^~ /slskd {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app slskd;
+    set $upstream_port 5000;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/smokeping.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/smokeping.subdomain.conf.sample
new file mode 100644
index 0000000..8cc1db5
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/smokeping.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for smokeping
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name smokeping.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app smokeping;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/smokeping.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/smokeping.subfolder.conf.sample
new file mode 100644
index 0000000..206673e
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/smokeping.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# smokeping already uses the base url /smokeping by default so you don't need to do anything extra
+
+location ^~ /smokeping {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app smokeping;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/sonarr.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/sonarr.subdomain.conf.sample
new file mode 100644
index 0000000..e583eb1
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/sonarr.subdomain.conf.sample
@@ -0,0 +1,49 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name sonarr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app sonarr;
+        set $upstream_port 8989;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/sonarr)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app sonarr;
+        set $upstream_port 8989;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+   }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/sonarr.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/sonarr.subfolder.conf.sample
new file mode 100644
index 0000000..8cb065c
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/sonarr.subfolder.conf.sample
@@ -0,0 +1,32 @@
+## Version 2022/09/08
+# first go into sonarr settings, under "General" set the URL Base to /sonarr and restart the sonarr container
+
+location ^~ /sonarr {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app sonarr;
+    set $upstream_port 8989;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /sonarr/api {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app sonarr;
+    set $upstream_port 8989;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/statping.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/statping.subdomain.conf.sample
new file mode 100644
index 0000000..68f89a8
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/statping.subdomain.conf.sample
@@ -0,0 +1,41 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for statping and that your statping container is not using a base url
+# If you are using the SSL docker-compose.yml on the statping repo, then the container name will be set to statup.
+# On other compose examples, it might be named statping. In that case, change $upstream_app statup to $upstream_app statping
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name statping.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app statup;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/synapse.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/synapse.subdomain.conf.sample
new file mode 100644
index 0000000..1b437e2
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/synapse.subdomain.conf.sample
@@ -0,0 +1,41 @@
+## Version 2022/10/04
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    # For the federation port
+    listen 8448 ssl;
+    listen [::]:8448 ssl;
+
+    server_name matrix.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app synapse;
+        set $upstream_port 8008;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/synclounge.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/synclounge.subdomain.conf.sample
new file mode 100644
index 0000000..e1175aa
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/synclounge.subdomain.conf.sample
@@ -0,0 +1,50 @@
+## Version 2022/09/08
+# Use this with SyncLounge v3 and up.
+# Make sure that you do not have HSTS enabled, otherwise http access won't work
+# Make sure that your dns has a cname set for synclounge
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    listen 80;
+    listen [::]:80;
+
+    server_name synclounge.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app synclounge;
+        set $upstream_port 8088;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_buffering off;
+        proxy_socket_keepalive on;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
+        proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
+        proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/synclounge.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/synclounge.subfolder.conf.sample
new file mode 100644
index 0000000..10d47b5
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/synclounge.subfolder.conf.sample
@@ -0,0 +1,54 @@
+## Version 2022/09/08
+# Use this with SyncLounge v3 or up
+#
+# To allow non-secure connections (http), which is required by some Plex clients, modify the first block in site-confs/default to look something like this:
+#server {
+#        listen 80 default_server;
+#        listen [::]:80 default_server;
+#        server_name _;
+#
+#        # Don't force redirect SyncLounge to https
+#        include /config/nginx/proxy-confs/synclounge.subfolder.conf;
+#
+#        location / {
+#            return 301 https://$host$request_uri;
+#        }
+#}
+
+# Uncomment to force SyncLounge to always load over http. Only use this if you've allowed http per the above instructions.
+#if ($scheme = https) {
+#    return 301 http://$host$request_uri;
+#}
+
+location /synclounge {
+    return 301 $scheme://$host/synclounge/;
+}
+
+location /synclounge/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app synclounge;
+    set $upstream_port 8088;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /synclounge(.*) $1 break;
+
+    proxy_buffering off;
+    proxy_socket_keepalive on;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
+    proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
+    proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/syncthing.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/syncthing.subdomain.conf.sample
new file mode 100644
index 0000000..98e2351
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/syncthing.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for syncthing and that your syncthing container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name syncthing.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app syncthing;
+        set $upstream_port 8384;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/syncthing.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/syncthing.subfolder.conf.sample
new file mode 100644
index 0000000..d58702d
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/syncthing.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# syncthing does not require a base url setting
+
+location /syncthing {
+    return 301 $scheme://$host/syncthing/;
+}
+
+location ^~ /syncthing/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app syncthing;
+    set $upstream_port 8384;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /syncthing(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/taisun.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/taisun.subdomain.conf.sample
new file mode 100644
index 0000000..c435b41
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/taisun.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for taisun
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name taisun.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app taisun;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_buffering off;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/tasmobackup.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/tasmobackup.subdomain.conf.sample
new file mode 100644
index 0000000..b8bd110
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/tasmobackup.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for tasmobackup
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name tasmobackup.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app tasmobackup;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/tautulli.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/tautulli.subdomain.conf.sample
new file mode 100644
index 0000000..7df7032
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/tautulli.subdomain.conf.sample
@@ -0,0 +1,69 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for tautulli and that your tautulli container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name tautulli.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app tautulli;
+        set $upstream_port 8181;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/tautulli)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app tautulli;
+        set $upstream_port 8181;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/tautulli)?/newsletter {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app tautulli;
+        set $upstream_port 8181;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/tautulli)?/image {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app tautulli;
+        set $upstream_port 8181;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/tautulli.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/tautulli.subfolder.conf.sample
new file mode 100644
index 0000000..e213871
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/tautulli.subfolder.conf.sample
@@ -0,0 +1,52 @@
+## Version 2022/09/08
+# first go into tautulli settings, under "Web Interface", click on show advanced, set the HTTP root to /tautulli and restart the tautulli container
+
+location ^~ /tautulli {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app tautulli;
+    set $upstream_port 8181;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /tautulli/api {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app tautulli;
+    set $upstream_port 8181;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /tautulli/newsletter {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app tautulli;
+    set $upstream_port 8181;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ^~ /tautulli/image {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app tautulli;
+    set $upstream_port 8181;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/tdarr.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/tdarr.subdomain.conf.sample
new file mode 100644
index 0000000..3c83664
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/tdarr.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for tdarr and that your tdarr container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name tdarr.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app tdarr;
+        set $upstream_port 8265;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/thelounge.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/thelounge.subdomain.conf.sample
new file mode 100644
index 0000000..c80d5a6
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/thelounge.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for thelounge
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name thelounge.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app thelounge;
+        set $upstream_port 9000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/thelounge.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/thelounge.subfolder.conf.sample
new file mode 100644
index 0000000..5082d92
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/thelounge.subfolder.conf.sample
@@ -0,0 +1,27 @@
+## Version 2022/09/08
+# thelounge does not require a base url setting
+
+location /thelounge {
+    return 301 $scheme://$host/thelounge/;
+}
+
+location ^~ /thelounge/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app thelounge;
+    set $upstream_port 9000;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    rewrite /thelounge(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/themepark.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/themepark.subdomain.conf.sample
new file mode 100644
index 0000000..3a2ba57
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/themepark.subdomain.conf.sample
@@ -0,0 +1,45 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for theme-park.
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name themepark.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        # If you don't want to cache the CSS files you can uncomment the lines below.
+        # add_header Last-Modified $date_gmt;
+        # add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+        # if_modified_since off;
+        # expires -1;
+        # etag off;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app theme-park;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/themepark.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/themepark.subfolder.conf.sample
new file mode 100644
index 0000000..78cebec
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/themepark.subfolder.conf.sample
@@ -0,0 +1,35 @@
+## Version 2022/09/08
+# If you want to change the urlbase update the TP_URLBASE env on the theme-park container.
+
+location /themepark {
+    return 301 $scheme://$host/themepark/;
+}
+
+location ^~ /themepark/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    # If you don't want to cache the CSS files you can uncomment the lines below.
+    # add_header Last-Modified $date_gmt;
+    # add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+    # if_modified_since off;
+    # expires -1;
+    # etag off;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    sub_filter_types *;
+    sub_filter 'url("/css/' 'url("/themepark/css/';
+    sub_filter_once off;
+    set $upstream_app theme-park;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/transmission.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/transmission.subdomain.conf.sample
new file mode 100644
index 0000000..d35fabb
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/transmission.subdomain.conf.sample
@@ -0,0 +1,60 @@
+## Version 2022/09/08
+# Make sure that DNS has a cname set for transmission
+#
+# Some Transmission Chrome extensions cannot handle HTTP/2 proxies as they
+# rely on the HTTP Status Text to determine if they should add the
+# X-Transmission-Session-Id header or not. HTTP/2 does not return this text
+# so jQuery responses are empty. This causes RPCs to fail.
+#
+# If your extension is affected, you can remove http2 from the default server
+# in /config/nginx/site-confs/default or listen on a different port that has
+# no http2 servers defined. Better yet, submit a bug report with the
+# extension developer to fix their extensions to support HTTP/2.
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name transmission.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app transmission;
+        set $upstream_port 9091;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_pass_header  X-Transmission-Session-Id;
+    }
+
+    location ~ (/transmission)?/rpc {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app transmission;
+        set $upstream_port 9091;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/transmission.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/transmission.subfolder.conf.sample
new file mode 100644
index 0000000..8e80ecc
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/transmission.subfolder.conf.sample
@@ -0,0 +1,43 @@
+## Version 2022/09/08
+# Transmission does not require a base url setting
+#
+# Some Transmission Chrome extensions cannot handle HTTP/2 proxies as they
+# rely on the HTTP Status Text to determine if they should add the
+# X-Transmission-Session-Id header or not. HTTP/2 does not return this text
+# so jQuery responses are empty. This causes RPCs to fail.
+#
+# If your extension is affected, you can remove http2 from the default server
+# in /config/nginx/site-confs/default or listen on a different port that has
+# no http2 servers defined. Better yet, submit a bug report with the
+# extension developer to fix their extensions to support HTTP/2.
+
+location ^~ /transmission {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app transmission;
+    set $upstream_port 9091;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    proxy_pass_header  X-Transmission-Session-Id;
+}
+
+location ^~ /transmission/rpc {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app transmission;
+    set $upstream_port 9091;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/tvheadend.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/tvheadend.subfolder.conf.sample
new file mode 100644
index 0000000..347d09a
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/tvheadend.subfolder.conf.sample
@@ -0,0 +1,38 @@
+## Version 2022/10/01
+# Before activating this config you need to do two things:
+# - enable a setting in the tvheadend web interface 
+# - change your RUN_OPTS for tvheadend. 
+#
+# You need to enable the setting "PROXY protocol & X-Forwarded For"
+# in the tvheadend web interface. This setting can be found in 
+# "Configuration" -> "General" -> "Base" in the "HTTP Server Settings" Group. 
+# You need to set the View level to Expert to see it. Once activated, you may need to 
+# restart your tvheadend container. When testing this config, please be reminded 
+# that the tvheadend docker can take a very long time to start (>10mins). 
+# 
+# For the subfolder to work you also need to edit your tvheadend docker compose / cli config 
+# and set http_root in RUN_OPTS to tvheadend, e.g. in docker compose:
+# - RUN_OPTS= --http_root /tvheadend
+
+location /tvheadend {
+    return 301 $scheme://$host/tvheadend/;
+}
+
+location /tvheadend/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+
+    set $upstream_app tvheadend;
+    set $upstream_port 9981;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/ubooquity.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/ubooquity.subdomain.conf.sample
new file mode 100644
index 0000000..f54c660
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/ubooquity.subdomain.conf.sample
@@ -0,0 +1,69 @@
+## Version 2022/09/08
+# Make sure that your dns has a cname set for ubooquity and that your ubooquity container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name ubooquity.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ubooquity;
+        set $upstream_port 2202;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location /admin {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ubooquity;
+        set $upstream_port 2203;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location /admin-res {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ubooquity;
+        set $upstream_port 2203;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location /admin-api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ubooquity;
+        set $upstream_port 2203;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/ubooquity.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/ubooquity.subfolder.conf.sample
new file mode 100644
index 0000000..335bb80
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/ubooquity.subfolder.conf.sample
@@ -0,0 +1,32 @@
+## Version 2022/09/08
+# set the reverse proxy prefix in the admin gui to ubooquity.
+
+    location ^~ /ubooquity {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ubooquity;
+        set $upstream_port 2202;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ^~ /ubooquity/admin {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ubooquity;
+        set $upstream_port 2203;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
diff --git a/njallavps/swag/nginx/proxy-confs/unifi-controller.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/unifi-controller.subdomain.conf.sample
new file mode 100644
index 0000000..87a6103
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/unifi-controller.subdomain.conf.sample
@@ -0,0 +1,42 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for unifi and that your unifi-controller container is not using a base url
+# NOTE: If you use the proxy_cookie_path setting in proxy.conf you need to remove HTTPOnly;
+# ex: proxy_cookie_path / "/; Secure";
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name unifi.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app unifi-controller;
+        set $upstream_port 8443;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_buffering off;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/uptime-kuma.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/uptime-kuma.subdomain.conf.sample
new file mode 100644
index 0000000..fc4b91e
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/uptime-kuma.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for uptime-kuma and that your uptime-kuma container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name uptime-kuma.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app uptime-kuma;
+        set $upstream_port 3001;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/vaultwarden.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/vaultwarden.subdomain.conf.sample
new file mode 100644
index 0000000..12198b4
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/vaultwarden.subdomain.conf.sample
@@ -0,0 +1,81 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for vaultwarden and that your vaultwarden container is not using a base url
+# make sure your vaultwarden container is named "vaultwarden"
+# set the environment variable WEBSOCKET_ENABLED=true on your vaultwarden container
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name vaultwarden.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 128M;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app vaultwarden;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/vaultwarden)?/admin {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app vaultwarden;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/vaultwarden)?/notifications/hub {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app vaultwarden;
+        set $upstream_port 3012;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location ~ (/vaultwarden)?/notifications/hub/negotiate {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app vaultwarden;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/vaultwarden.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/vaultwarden.subfolder.conf.sample
new file mode 100644
index 0000000..8066902
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/vaultwarden.subfolder.conf.sample
@@ -0,0 +1,67 @@
+## Version 2022/09/08
+## Environmental Variable DOMAIN=https://<DOMAIN>/vaultwarden must be set in vaultwarden container including subfolder.
+## This is using ports 80 and 3012
+location /vaultwarden {
+    return 301 $scheme://$host/vaultwarden/;
+}
+
+location ^~ /vaultwarden/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app vaultwarden;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ~ (/vaultwarden)?/admin {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app vaultwarden;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ~ (/vaultwarden)?/notifications/hub {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app vaultwarden;
+    set $upstream_port 3012;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
+location ~ (/vaultwarden)?/notifications/hub/negotiate {
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app vaultwarden;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
+
diff --git a/njallavps/swag/nginx/proxy-confs/viewtube.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/viewtube.subdomain.conf.sample
new file mode 100644
index 0000000..c3b5206
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/viewtube.subdomain.conf.sample
@@ -0,0 +1,41 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for viewtube and that your viewtube container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name viewtube.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app viewtube;
+        set $upstream_port 8066;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/wallabag.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/wallabag.subdomain.conf.sample
new file mode 100644
index 0000000..de402d8
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/wallabag.subdomain.conf.sample
@@ -0,0 +1,41 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for wallabag and that your wallabag container is not using a base url.
+# also, make sure your env var in your docker run or compose match the full domain, incl. https://
+# i.e. - SYMFONY__ENV__DOMAIN_NAME=https://wallabag.yourdomain.com
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name wallabag.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app wallabag;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/warpgate.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/warpgate.subdomain.conf.sample
new file mode 100644
index 0000000..7ca5dbb
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/warpgate.subdomain.conf.sample
@@ -0,0 +1,41 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for warpgate and that your warpgate container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name warpgate.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app warpgate;
+        set $upstream_port 8888;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/webtop.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/webtop.subdomain.conf.sample
new file mode 100644
index 0000000..133e77f
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/webtop.subdomain.conf.sample
@@ -0,0 +1,41 @@
+## Version 2022/09/08
+# make sure that you have a cname set for the webtop
+# set up authentication here, for better security
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name webtop.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app webtop;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_buffering off;
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/wordpress.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/wordpress.subfolder.conf.sample
new file mode 100644
index 0000000..6818bd0
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/wordpress.subfolder.conf.sample
@@ -0,0 +1,23 @@
+## Version 2022/09/08
+# In order to use this location block you need to edit the default file one folder up and comment out the / location as well as the "~ \.php$" location
+# tested with the official wordpress docker image
+
+location / {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app wordpress;
+    set $upstream_port 80;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/yacht.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/yacht.subdomain.conf.sample
new file mode 100644
index 0000000..f77cc51
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/yacht.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for yacht
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name yacht.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app yacht;
+        set $upstream_port 8000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/youtube-dl-server.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/youtube-dl-server.subdomain.conf.sample
new file mode 100644
index 0000000..9c610e3
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/youtube-dl-server.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for youtube-dl-server and that your youtube-dl-server container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name youtube-dl-server.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app youtube-dl-server;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/youtube-dl.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/youtube-dl.subfolder.conf.sample
new file mode 100644
index 0000000..fe5278d
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/youtube-dl.subfolder.conf.sample
@@ -0,0 +1,30 @@
+## Version 2022/09/08
+# Works with this youtube-dl Fork: https://github.com/nbr23/youtube-dl-server
+
+location /youtube-dl {
+    return 301 $scheme://$host/youtube-dl/;
+}
+
+location ^~ /youtube-dl/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app  youtube-dl-server;
+    set $upstream_port 8080;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    proxy_set_header Referer '';
+    # next line doesn't work with the latest version of: https://github.com/nbr23/youtube-dl-server
+    # proxy_set_header Host $upstream_app:8080;
+    rewrite /youtube-dl(.*) $1 break;
+}
diff --git a/njallavps/swag/nginx/proxy-confs/zigbee2mqtt.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/zigbee2mqtt.subdomain.conf.sample
new file mode 100644
index 0000000..51f5ec3
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/zigbee2mqtt.subdomain.conf.sample
@@ -0,0 +1,40 @@
+## Version 2022/09/30
+# make sure that your dns has a cname set for zigbee2mqtt and that your zigbee2mqtt container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name zigbee2mqtt.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app zigbee2mqtt;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/znc.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/znc.subdomain.conf.sample
new file mode 100644
index 0000000..cf1a138
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/znc.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for znc
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name znc.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app znc;
+        set $upstream_port 6501;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy-confs/znc.subfolder.conf.sample b/njallavps/swag/nginx/proxy-confs/znc.subfolder.conf.sample
new file mode 100644
index 0000000..a42d6f1
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/znc.subfolder.conf.sample
@@ -0,0 +1,22 @@
+## Version 2022/09/08
+# edit /config/configs/znc.conf and add URIPrefix = /znc/ in the line above </Listener> and restart the znc container
+
+location /znc {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app znc;
+    set $upstream_port 6501;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+}
diff --git a/njallavps/swag/nginx/proxy-confs/zwavejs2mqtt.subdomain.conf.sample b/njallavps/swag/nginx/proxy-confs/zwavejs2mqtt.subdomain.conf.sample
new file mode 100644
index 0000000..77f0ef2
--- /dev/null
+++ b/njallavps/swag/nginx/proxy-confs/zwavejs2mqtt.subdomain.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/09/08
+# make sure that your dns has a cname set for zwavejs2mqtt
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name zwavejs2mqtt.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app zwavejs2mqtt;
+        set $upstream_port 8091;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
diff --git a/njallavps/swag/nginx/proxy.conf b/njallavps/swag/nginx/proxy.conf
new file mode 100644
index 0000000..04a94b7
--- /dev/null
+++ b/njallavps/swag/nginx/proxy.conf
@@ -0,0 +1,31 @@
+## Version 2021/10/26 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf
+
+# Timeout if the real server is dead
+proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+
+# Proxy Connection Settings
+proxy_buffers 32 4k;
+proxy_connect_timeout 240;
+proxy_headers_hash_bucket_size 128;
+proxy_headers_hash_max_size 1024;
+proxy_http_version 1.1;
+proxy_read_timeout 240;
+proxy_redirect  http://  $scheme://;
+proxy_send_timeout 240;
+
+# Proxy Cache and Cookie Settings
+proxy_cache_bypass $cookie_session;
+#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
+proxy_no_cache $cookie_session;
+
+# Proxy Header Settings
+proxy_set_header Connection $connection_upgrade;
+proxy_set_header Early-Data $ssl_early_data;
+proxy_set_header Host $host;
+proxy_set_header Proxy "";
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header X-Forwarded-For "";
+proxy_set_header X-Forwarded-Host "";
+proxy_set_header X-Forwarded-Proto https;
+proxy_set_header X-Forwarded-Ssl on;
+proxy_set_header X-Real-IP "";
diff --git a/njallavps/swag/nginx/proxy.conf.sample b/njallavps/swag/nginx/proxy.conf.sample
new file mode 100644
index 0000000..c5a7210
--- /dev/null
+++ b/njallavps/swag/nginx/proxy.conf.sample
@@ -0,0 +1,35 @@
+## Version 2022/09/01 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
+
+# Timeout if the real server is dead
+proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+
+# Proxy Connection Settings
+proxy_buffers 32 4k;
+proxy_connect_timeout 240;
+proxy_headers_hash_bucket_size 128;
+proxy_headers_hash_max_size 1024;
+proxy_http_version 1.1;
+proxy_read_timeout 240;
+proxy_redirect http:// $scheme://;
+proxy_send_timeout 240;
+
+# Proxy Cache and Cookie Settings
+proxy_cache_bypass $cookie_session;
+#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
+proxy_no_cache $cookie_session;
+
+# Proxy Header Settings
+proxy_set_header Connection $connection_upgrade;
+proxy_set_header Early-Data $ssl_early_data;
+proxy_set_header Host $host;
+proxy_set_header Proxy "";
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Host $host:$server_port;
+proxy_set_header X-Forwarded-Method $request_method;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Forwarded-Server $host;
+proxy_set_header X-Forwarded-Ssl on;
+proxy_set_header X-Forwarded-Uri $request_uri;
+proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+proxy_set_header X-Real-IP $remote_addr;
diff --git a/njallavps/swag/nginx/registry-ssl.conf b/njallavps/swag/nginx/registry-ssl.conf
new file mode 100644
index 0000000..4878280
--- /dev/null
+++ b/njallavps/swag/nginx/registry-ssl.conf
@@ -0,0 +1,62 @@
+## Lines starting with two hashes (##) are comments with information.
+## Lines starting with one hash (#) are configuration parameters that can be uncommented.
+##
+###################################
+##         configuration         ##
+###################################
+
+## Redirects all HTTP traffic to the HTTPS host
+server {
+  listen *:80;
+  server_name  registry.git.anonymousland.org;
+  server_tokens off; ## Don't show the nginx version number, a security best practice
+  return 301 https://$http_host$request_uri;
+  access_log  /var/log/nginx/gitlab_registry_access.log gitlab_access;
+  error_log   /var/log/nginx/gitlab_registry_error.log;
+}
+
+server {
+  # If a different port is specified in https://gitlab.com/gitlab-org/gitlab-foss/blob/8-8-stable/config/gitlab.yml.example#L182,
+  # it should be declared here as well
+  listen *:443 ssl http2;
+  server_name  registry.git.anonymousland.org;
+  server_tokens off; ## Don't show the nginx version number, a security best practice
+
+  client_max_body_size 0;
+  chunked_transfer_encoding on;
+
+  ## Strong SSL Security
+  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
+  ssl_certificate /etc/gitlab/ssl/registry.gitlab.example.com.crt
+  ssl_certificate_key /etc/gitlab/ssl/registry.gitlab.example.com.key
+
+  ssl_session_timeout 1d;
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_tickets off;
+
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+  ssl_prefer_server_ciphers off;
+
+  ## [Optional] Generate a stronger DHE parameter:
+  ##   sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
+  ##
+  # ssl_dhparam /etc/ssl/certs/dhparam.pem;
+
+  ## [Optional] Enable HTTP Strict Transport Security
+  # add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+
+  access_log  off;
+  error_log   off;
+
+  location / {
+    proxy_set_header  Host              $http_host;   # required for docker client's sake
+    proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
+    proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header  X-Forwarded-Proto $scheme;
+    proxy_read_timeout                  900;
+
+    proxy_pass          http://gitlab-ce:5000;
+  }
+
+}
diff --git a/njallavps/swag/nginx/resolver.conf b/njallavps/swag/nginx/resolver.conf
new file mode 100644
index 0000000..1ae22e7
--- /dev/null
+++ b/njallavps/swag/nginx/resolver.conf
@@ -0,0 +1,3 @@
+# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.
+
+resolver  127.0.0.11 valid=30s;
diff --git a/njallavps/swag/nginx/site-confs/cinny.conf b/njallavps/swag/nginx/site-confs/cinny.conf
new file mode 100644
index 0000000..fa93d43
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/cinny.conf
@@ -0,0 +1,19 @@
+server {  
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name cinny.anonymousland.org;
+
+    add_header Onion-Location http://eoeh5ggqrjh7xlvcnydznsi4l53bvtue5rejs5relab3sdcsgrdvbiqd.onion/$request_uri;
+
+    include /config/nginx/ssl.conf;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app cinny;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/site-confs/default.conf b/njallavps/swag/nginx/site-confs/default.conf
new file mode 100644
index 0000000..2b3caf4
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/default.conf
@@ -0,0 +1,62 @@
+## Version 2022/10/03 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
+
+# redirect all traffic to https
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+# main server block
+server {
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
+
+    server_name _;
+
+    root /config/www;
+    index index.html index.htm index.php;
+
+    # enable subfolder method reverse proxy confs
+    include /config/nginx/proxy-confs/*.subfolder.conf;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable for basic auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        try_files $uri $uri/ /index.html /index.php$is_args$args =404;
+    }
+
+    location ~ ^(.+\.php)(.*)$ {
+        fastcgi_split_path_info ^(.+\.php)(.*)$;
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+        include /etc/nginx/fastcgi_params;
+    }
+
+    # deny access to .htaccess/.htpasswd files
+    location ~ /\.ht {
+        deny all;
+    }
+}
+
+# enable subdomain method reverse proxy confs
+include /config/nginx/proxy-confs/*.subdomain.conf;
+# enable proxy cache for auth
+proxy_cache_path cache/ keys_zone=auth_cache:10m;
diff --git a/njallavps/swag/nginx/site-confs/default.conf.sample b/njallavps/swag/nginx/site-confs/default.conf.sample
new file mode 100644
index 0000000..2b3caf4
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/default.conf.sample
@@ -0,0 +1,62 @@
+## Version 2022/10/03 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
+
+# redirect all traffic to https
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+# main server block
+server {
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
+
+    server_name _;
+
+    root /config/www;
+    index index.html index.htm index.php;
+
+    # enable subfolder method reverse proxy confs
+    include /config/nginx/proxy-confs/*.subfolder.conf;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable for basic auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        try_files $uri $uri/ /index.html /index.php$is_args$args =404;
+    }
+
+    location ~ ^(.+\.php)(.*)$ {
+        fastcgi_split_path_info ^(.+\.php)(.*)$;
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+        include /etc/nginx/fastcgi_params;
+    }
+
+    # deny access to .htaccess/.htpasswd files
+    location ~ /\.ht {
+        deny all;
+    }
+}
+
+# enable subdomain method reverse proxy confs
+include /config/nginx/proxy-confs/*.subdomain.conf;
+# enable proxy cache for auth
+proxy_cache_path cache/ keys_zone=auth_cache:10m;
diff --git a/njallavps/swag/nginx/site-confs/drone.conf b/njallavps/swag/nginx/site-confs/drone.conf
new file mode 100644
index 0000000..67a62df
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/drone.conf
@@ -0,0 +1,17 @@
+server {  
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name drone.anonymousland.org;
+
+    include /config/nginx/gitssl.conf;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app drone;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/site-confs/element.anonymousland.org.conf b/njallavps/swag/nginx/site-confs/element.anonymousland.org.conf
new file mode 100644
index 0000000..8820423
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/element.anonymousland.org.conf
@@ -0,0 +1,37 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for element
+# if element is running in bridge mode and the container is named "element", the below config should work as is
+# if not, replace the line "set $upstream_app element;" with "set $upstream_app <containername>;"
+# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of element
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name element.anonymousland.org;
+
+#    # Well-Known
+#    location /.well-known/matrix/server {
+#    return 200 '{"m.server": "matrix.anonymousland.org:443"}';
+#  }
+
+    add_header Onion-Location http://ghs2cajvtd3zereksquw6gxgjyiuczwduri6bunvz5budvxpgr6mvwyd.onion$request_uri;
+
+    include /config/nginx/elementssl.conf;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app element;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_set_header Range $http_range;
+        proxy_set_header If-Range $http_if_range;
+    }
+
+}
diff --git a/njallavps/swag/nginx/site-confs/git.conf b/njallavps/swag/nginx/site-confs/git.conf
new file mode 100644
index 0000000..c080496
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/git.conf
@@ -0,0 +1,20 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name git.anonymousland.org;
+
+    add_header Onion-Location http://3qiznofn5svq4gm2x2eocezolrmz3feka6brvybdbvld4bsarlu3ieid.onion$request_uri;
+
+    include /config/nginx/gitssl.conf;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app gitea;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+}
diff --git a/njallavps/swag/nginx/site-confs/hydrogen.conf b/njallavps/swag/nginx/site-confs/hydrogen.conf
new file mode 100644
index 0000000..6618607
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/hydrogen.conf
@@ -0,0 +1,21 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name hydrogen.anonymousland.org;
+
+    include /config/nginx/ssl.conf;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app hydrogen;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+}
diff --git a/njallavps/swag/nginx/site-confs/lemmy.conf b/njallavps/swag/nginx/site-confs/lemmy.conf
new file mode 100644
index 0000000..c654f42
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/lemmy.conf
@@ -0,0 +1,40 @@
+server {  
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name lemmy.anonymousland.org;
+
+    include /config/nginx/ssl.conf;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app lemmy-ui;
+        set $upstream_port 1234;
+        set $upstream_proto http;
+
+      if ($request_method = POST) {
+        set $upstream_app lemmy;
+        set $upstream_port 8536;
+      }
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+    location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
+      set $upstream_app lemmy;
+      set $upstream_port 8536;
+      set $upstream_proto http;
+      proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+
+  }
+
+    # Redirect pictshare images to pictrs
+    location ~ /pictshare/(.*)$ {
+      return 301 /pictrs/image/$1;
+    }
+
+
+}
diff --git a/njallavps/swag/nginx/site-confs/mastodon.conf b/njallavps/swag/nginx/site-confs/mastodon.conf
new file mode 100644
index 0000000..42f13cc
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/mastodon.conf
@@ -0,0 +1,18 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name mastodon.anonymousland.org;
+
+    include /config/nginx/ssl.conf;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app mastodon;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+}
diff --git a/njallavps/swag/nginx/site-confs/ots.conf b/njallavps/swag/nginx/site-confs/ots.conf
new file mode 100644
index 0000000..4366856
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/ots.conf
@@ -0,0 +1,20 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name ots.anonymousland.org;
+
+    add_header Onion-Location http://up6cmathcvv3gkscop56lau3rbv4ksrafukyeibiaz2oxxlll2ftofad.onion$request_uri;
+
+    include /config/nginx/gitssl.conf;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ots;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+}
diff --git a/njallavps/swag/nginx/site-confs/paste.conf b/njallavps/swag/nginx/site-confs/paste.conf
new file mode 100644
index 0000000..b96f879
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/paste.conf
@@ -0,0 +1,26 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name paste.anonymousland.org;
+
+
+#    add_header Onion-Location http://ghs2cajvtd3zereksquw6gxgjyiuczwduri6bunvz5budvxpgr6mvwyd.onion$request_uri;
+    include /config/nginx/gitssl.conf;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app paste;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_set_header Range $http_range;
+        proxy_set_header If-Range $http_if_range;
+    }
+
+}
diff --git a/njallavps/swag/nginx/site-confs/schild.conf b/njallavps/swag/nginx/site-confs/schild.conf
new file mode 100644
index 0000000..e60686b
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/schild.conf
@@ -0,0 +1,26 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name schild.anonymousland.org;
+
+
+    add_header Onion-Location http://omm2i3fsp4n6ztqyc3tzs2fqzqdz2mdoqjzyw35qabct4lmzw7gwoiad.onion$request_uri;
+    include /config/nginx/ssl.conf;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app schild;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_set_header Range $http_range;
+        proxy_set_header If-Range $http_if_range;
+    }
+
+}
diff --git a/njallavps/swag/nginx/site-confs/site.conf b/njallavps/swag/nginx/site-confs/site.conf
new file mode 100644
index 0000000..48f3885
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/site.conf
@@ -0,0 +1,33 @@
+server {  
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    gzip on;
+
+    server_name anonymousland.org;
+
+    add_header Onion-Location http://vqajogx2cyooddrtai62pzj4v346kwnfiru2fa2fftemae47rgpeglqd.onion$request_uri;
+
+    include /config/nginx/ssl.conf;
+
+     location /.well-known/matrix/ {                                                                                                                    
+         root /config/well-known/matrix;
+         rewrite /.well-known/matrix/(.*) /$1 break;
+         default_type application/json;
+         add_header Access-Control-Allow-Origin *;                                                                  
+     }    
+
+    location / {                                                                                                      
+        include /config/nginx/proxy.conf;                                                                             
+        include /config/nginx/resolver.conf;                                                                          
+        set $upstream_app site;                                                                                      
+        set $upstream_port 4000;                                                                                      
+        set $upstream_proto http;                                                                                     
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;                                                    
+    }    
+
+#    location / {
+#        root /config/www;
+#        index index.html;
+#    }
+
+}
diff --git a/njallavps/swag/nginx/site-confs/status.conf b/njallavps/swag/nginx/site-confs/status.conf
new file mode 100644
index 0000000..2f1c898
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/status.conf
@@ -0,0 +1,17 @@
+server {  
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name status.anonymousland.org;
+
+    include /config/nginx/gitssl.conf;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app uptimekuma;
+        set $upstream_port 3001;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/njallavps/swag/nginx/site-confs/tor-element.conf b/njallavps/swag/nginx/site-confs/tor-element.conf
new file mode 100644
index 0000000..c4f9d44
--- /dev/null
+++ b/njallavps/swag/nginx/site-confs/tor-element.conf
@@ -0,0 +1,21 @@
+server {
+    listen 69 ;
+    server_name 3ytf372ddnksxmglxkytfa5yehglcy7ecemy5pbdipkioyonbdubdxid.onion;
+
+#    add_header X-Frame-Options "SAMEORIGIN" always;
+    
+#    client_max_body_size 0;
+
+    location / {
+#        include /config/nginx/proxy.conf;
+#        include /config/nginx/resolver.conf;
+        set $upstream_app element;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+#        proxy_set_header Range $http_range;
+#        proxy_set_header If-Range $http_if_range;
+    }
+
+}
diff --git a/njallavps/swag/nginx/ssl.conf b/njallavps/swag/nginx/ssl.conf
new file mode 100644
index 0000000..2a5424f
--- /dev/null
+++ b/njallavps/swag/nginx/ssl.conf
@@ -0,0 +1,59 @@
+## Version 2021/09/19 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ssl.conf
+
+### Mozilla Recommendations
+# generated 2020-06-17, Mozilla Guideline v5.4, nginx 1.18.0-r0, OpenSSL 1.1.1g-r0, intermediate configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0-r0&config=intermediate&openssl=1.1.1g-r0&guideline=5.4
+
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+ssl_session_tickets off;
+
+# intermediate configuration
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ssl_prefer_server_ciphers off;
+
+# OCSP stapling
+ssl_stapling on;
+ssl_stapling_verify on;
+
+
+### Linuxserver.io Defaults
+
+# Certificates
+ssl_certificate /config/keys/letsencrypt/fullchain.pem;
+ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
+# verify chain of trust of OCSP response using Root CA and Intermediate certs
+ssl_trusted_certificate /config/keys/letsencrypt/fullchain.pem;
+
+# Diffie-Hellman Parameters
+ssl_dhparam /config/nginx/dhparams.pem;
+
+# Enable TLS 1.3 early data
+ssl_early_data on;
+
+# HSTS, remove # from the line below to enable HSTS
+add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
+
+# Optional additional headers
+#add_header Cache-Control "no-transform" always;
+
+#add_header Content-Security-Policy "default-src 'none'; connect-src * https:; font-src 'self'; img-src https: blob: data:; manifest-src 'self'; media-src *; script-src 'self' 'unsafe-eval' https://www.recaptcha.net https://www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.recaptcha.net blob:; frame-ancestors 'self'; block-all-mixed-content; base-uri 'none'";
+
+add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'";
+
+#add_header Content-Security-Policy "default-src 'none'; connect-src * https:; font-src 'self'; img-src https: blob: data:; manifest-src 'self'; media-src *; script-src 'self' style-src 'self' frame-ancestors 'self'; block-all-mixed-content; base-uri 'none'";
+
+#add_header Content-Security-Policy "default-src 'none'; connect-src * https:; font-src 'self'; img-src https: blob: data:; manifest-src 'self'; media-src *; script-src 'self' style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; block-all-mixed-content; base-uri 'none'";
+
+
+
+add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
+add_header Referrer-Policy "same-origin" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header X-UA-Compatible "IE=Edge" always;
+#add_header X-XSS-Protection "0" always;
+add_header Cross-Origin-Resource-Policy cross-origin;
+#add_header Cross-Origin-Embedder-Policy require-corp;
+add_header Cross-Origin-Opener-Policy same-origin;
+add_header X-Frame-Options SAMEORIGIN;
diff --git a/njallavps/swag/nginx/ssl.conf.sample b/njallavps/swag/nginx/ssl.conf.sample
new file mode 100644
index 0000000..a26571e
--- /dev/null
+++ b/njallavps/swag/nginx/ssl.conf.sample
@@ -0,0 +1,39 @@
+## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/ssl.conf.sample
+
+### Mozilla Recommendations
+# generated 2022-08-05, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
+
+ssl_certificate /config/keys/cert.crt;
+ssl_certificate_key /config/keys/cert.key;
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+ssl_session_tickets off;
+
+# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
+ssl_dhparam /config/nginx/dhparams.pem;
+
+# intermediate configuration
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ssl_prefer_server_ciphers off;
+
+# HSTS (ngx_http_headers_module is required) (63072000 seconds)
+#add_header Strict-Transport-Security "max-age=63072000" always;
+
+# OCSP stapling
+ssl_stapling on;
+ssl_stapling_verify on;
+
+# verify chain of trust of OCSP response using Root CA and Intermediate certs
+ssl_trusted_certificate /config/keys/cert.crt;
+
+# Optional additional headers
+#add_header Cache-Control "no-transform" always;
+#add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'";
+#add_header Permissions-Policy "interest-cohort=()";
+#add_header Referrer-Policy "same-origin" always;
+#add_header X-Content-Type-Options "nosniff" always;
+#add_header X-Frame-Options "SAMEORIGIN" always;
+#add_header X-UA-Compatible "IE=Edge" always;
+#add_header X-XSS-Protection "1; mode=block" always;
diff --git a/njallavps/swag/nginx/status.anonymousland.org b/njallavps/swag/nginx/status.anonymousland.org
new file mode 100644
index 0000000..5270a59
--- /dev/null
+++ b/njallavps/swag/nginx/status.anonymousland.org
@@ -0,0 +1,29 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for element
+# if element is running in bridge mode and the container is named "element", the below config should work as is
+# if not, replace the line "set $upstream_app element;" with "set $upstream_app <containername>;"
+# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of element
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name status.anonymousland.org;
+
+    include /config/nginx/ssl.conf;
+    
+    location / {
+       include /config/nginx/proxy.conf;
+#       include /config/nginx/resolver.conf;
+       proxy_set_header   X-Real-IP $remote_addr;
+       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+       proxy_pass         http://localhost:8001;
+#       proxy_http_version 1.1;
+       proxy_set_header   Upgrade $http_upgrade;
+       proxy_set_header   Connection "upgrade";
+       resolver 127.0.0.11 valid=30s;
+
+  }
+
+}
+
diff --git a/njallavps/swag/nginx/worker_processes.conf b/njallavps/swag/nginx/worker_processes.conf
new file mode 100644
index 0000000..f7dc030
--- /dev/null
+++ b/njallavps/swag/nginx/worker_processes.conf
@@ -0,0 +1,3 @@
+# This file is auto-generated only on first start, based on the cpu cores detected. Feel free to change it to any other number or to auto to let nginx handle it automatically.
+
+worker_processes 1;
diff --git a/njallavps/swag/php/php-local.ini b/njallavps/swag/php/php-local.ini
new file mode 100644
index 0000000..e24f35b
--- /dev/null
+++ b/njallavps/swag/php/php-local.ini
@@ -0,0 +1,3 @@
+; Edit this file to override php.ini directives and restart the container
+
+date.timezone = 
diff --git a/njallavps/swag/php/www2.conf b/njallavps/swag/php/www2.conf
new file mode 100644
index 0000000..13fc59d
--- /dev/null
+++ b/njallavps/swag/php/www2.conf
@@ -0,0 +1,5 @@
+; Edit this file to override www.conf and php-fpm.conf directives and restart the container
+
+; Pool name
+[www]
+
diff --git a/njallavps/swag/well-known/matrix/client b/njallavps/swag/well-known/matrix/client
new file mode 100644
index 0000000..e4832a6
--- /dev/null
+++ b/njallavps/swag/well-known/matrix/client
@@ -0,0 +1,5 @@
+{
+  "m.homeserver": {
+    "base_url": "https://matrix.anonymousland.org:443"
+  }
+}
\ No newline at end of file
diff --git a/njallavps/swag/well-known/matrix/server b/njallavps/swag/well-known/matrix/server
new file mode 100644
index 0000000..9451165
--- /dev/null
+++ b/njallavps/swag/well-known/matrix/server
@@ -0,0 +1 @@
+{"m.server": "matrix.anonymousland.org:443"}
\ No newline at end of file
diff --git a/njallavps/swag/well-known/matrix/support b/njallavps/swag/well-known/matrix/support
new file mode 100644
index 0000000..5b9cff9
--- /dev/null
+++ b/njallavps/swag/well-known/matrix/support
@@ -0,0 +1,13 @@
+{
+    admins: [{
+        matrix_id: "@deathrow:anonymousland.org",
+        email_address: "privatedeathrow@proton.me",
+        role: "admin"
+    },
+    {
+        matrix_id: "@nebulaonion:anonymousland.org",
+        email_address: "nebulaonion@tutanota.com",
+        role: "admin"
+    }],
+    support_page: "https://anonymousland.org/services"
+}
\ No newline at end of file