Initial CommitHEAD master

author: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
committer: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
commit: 95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree: cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /data/jellyfin
1 files changed, 68 insertions, 0 deletions
diff --git a/data/jellyfin/jellyfin.conf b/data/jellyfin/jellyfin.conf
new file mode 100644
index 0000000..01f5ea0
--- /dev/null
+++ b/data/jellyfin/jellyfin.conf
@@ -0,0 +1,68 @@
+server {
+        listen 443 ssl;
+        server_name jellyfin.chudnick.com;
+        
+    client_max_body_size 20M;
+    # use a variable to store the upstream proxy
+    set $jellyfin 127.0.0.1;
+    ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    # Security / XSS Mitigation Headers
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+    location = / {
+        return 302 https://$host/web/;
+    }
+    location / {
+        # Proxy main Jellyfin traffic
+        proxy_pass http://$jellyfin:8096;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_buffering off;
+    }
+    location = /web/ {
+        # Proxy main Jellyfin traffic
+        proxy_pass http://$jellyfin:8096/web/index.html;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+    location /socket {
+        # Proxy Jellyfin Websockets traffic
+        proxy_pass http://$jellyfin:8096;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+}
+server {
+    listen 80;
+    listen [::]:80;
+    server_name jellyfin.chudnick.com;
+        return 301 https://$host$request_uri;
+}
author	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
committer	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
commit	95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree	cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /data/jellyfin

diff --git a/data/jellyfin/jellyfin.conf b/data/jellyfin/jellyfin.conf new file mode 100644 index 0000000..01f5ea0 --- /dev/null +++ b/data/jellyfin/jellyfin.conf
@@ -0,0 +1,68 @@
	1	server {
	2	listen 443 ssl;
	3	server_name jellyfin.chudnick.com;
	4
	5	client_max_body_size 20M;
	6
	7	# use a variable to store the upstream proxy
	8	set $jellyfin 127.0.0.1;
	9
	10	ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem;
	11	ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem;
	12	add_header Strict-Transport-Security "max-age=31536000" always;
	13	ssl_stapling on;
	14	ssl_stapling_verify on;
	15
	16	# Security / XSS Mitigation Headers
	17	add_header X-Frame-Options "SAMEORIGIN";
	18	add_header X-XSS-Protection "1; mode=block";
	19	add_header X-Content-Type-Options "nosniff";
	20
	21	location = / {
	22	return 302 https://$host/web/;
	23	}
	24
	25	location / {
	26	# Proxy main Jellyfin traffic
	27	proxy_pass http://$jellyfin:8096;
	28	proxy_set_header Host $host;
	29	proxy_set_header X-Real-IP $remote_addr;
	30	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	31	proxy_set_header X-Forwarded-Proto $scheme;
	32	proxy_set_header X-Forwarded-Protocol $scheme;
	33	proxy_set_header X-Forwarded-Host $http_host;
	34	proxy_buffering off;
	35	}
	36
	37	location = /web/ {
	38	# Proxy main Jellyfin traffic
	39	proxy_pass http://$jellyfin:8096/web/index.html;
	40	proxy_set_header Host $host;
	41	proxy_set_header X-Real-IP $remote_addr;
	42	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	43	proxy_set_header X-Forwarded-Proto $scheme;
	44	proxy_set_header X-Forwarded-Protocol $scheme;
	45	proxy_set_header X-Forwarded-Host $http_host;
	46	}
	47
	48	location /socket {
	49	# Proxy Jellyfin Websockets traffic
	50	proxy_pass http://$jellyfin:8096;
	51	proxy_http_version 1.1;
	52	proxy_set_header Upgrade $http_upgrade;
	53	proxy_set_header Connection "upgrade";
	54	proxy_set_header Host $host;
	55	proxy_set_header X-Real-IP $remote_addr;
	56	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	57	proxy_set_header X-Forwarded-Proto $scheme;
	58	proxy_set_header X-Forwarded-Protocol $scheme;
	59	proxy_set_header X-Forwarded-Host $http_host;
	60	}
	61	}
	62
	63	server {
	64	listen 80;
	65	listen [::]:80;
	66	server_name jellyfin.chudnick.com;
	67	return 301 https://$host$request_uri;
	68	}