API tools faq
paste
Advertisement
ovingiv

jellyfin.conf

ovingiv
Jun 7th, 2024
32
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JSON 4.14 KB | None | 0 0
raw download clone embed print report
  1. # Uncomment the commented sections after you have acquired a SSL Certificate
  2. server {
  3.     listen 80;
  4.     listen [::]:80;
  5.      server_name jellyfin.ovingivhomelab.page;
  6.  
  7.     # Uncomment to redirect HTTP to HTTPS
  8.       return 301 https://$host$request_uri;
  9. #}
  10.  
  11. #server {
  12.     listen 443 ssl;
  13.     listen [::]:443 ssl;
  14.     http2 on;
  15.     server_name jellyfin.ovingivhomelab.page;
  16.  
  17.     ## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
  18.     client_max_body_size 20M;
  19.  
  20.     # Uncomment next line to Disable TLS 1.0 and 1.1 (Might break older devices)
  21.     # ssl_protocols TLSv1.3 TLSv1.2;
  22.  
  23.     # use a variable to store the upstream proxy
  24.     # in this example we are using a hostname which is resolved via DNS
  25.     # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g `set $jellyfin 127.0.0.1`)
  26.    set $jellyfin jellyfin;
  27.    resolver 127.0.0.1 valid=30s;
  28.  
  29.    ssl_certificate /media/10TB/cert/cert.perm;
  30.    ssl_certificate_key /media/10TB/cert/private.key;
  31.    #include /etc/letsencrypt/options-ssl-nginx.conf;
  32.    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  33.    #add_header Strict-Transport-Security "max-age=31536000" always;
  34.    #ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN_NAME/chain.pem;
  35.    #ssl_stapling on;
  36.    #ssl_stapling_verify on;
  37.  
  38.    # Security / XSS Mitigation Headers
  39.    # NOTE: X-Frame-Options may cause issues with the webOS app
  40.    add_header X-Frame-Options "SAMEORIGIN";
  41.    add_header X-Content-Type-Options "nosniff";
  42.  
  43.    # COOP/COEP. Disable if you use external plugins/images/assets
  44.    add_header Cross-Origin-Opener-Policy "same-origin" always;
  45.    add_header Cross-Origin-Embedder-Policy "require-corp" always;
  46.    add_header Cross-Origin-Resource-Policy "same-origin" always;
  47.  
  48.    # Permissions policy. May cause issues on some clients
  49.    add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
  50.  
  51.  
  52.    # Content Security Policy
  53.    # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
  54.    # Enforces https content and restricts JS/CSS to origin
  55.    # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
  56.    # NOTE: The default CSP headers may cause issues with the webOS app
  57.    #add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
  58.  
  59.    location = / {
  60.        return 302 http://$host/web/;
  61.        #return 302 https://$host/web/;
  62.    }
  63.  
  64.    location / {
  65.        # Proxy main Jellyfin traffic
  66.        proxy_pass http://$jellyfin:8096;
  67.        proxy_set_header Host $host;
  68.        proxy_set_header X-Real-IP $remote_addr;
  69.        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  70.        proxy_set_header X-Forwarded-Proto $scheme;
  71.        proxy_set_header X-Forwarded-Protocol $scheme;
  72.        proxy_set_header X-Forwarded-Host $http_host;
  73.  
  74.        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
  75.        proxy_buffering off;
  76.    }
  77.  
  78.    location /socket {
  79.        # Proxy Jellyfin Websockets traffic
  80.        proxy_pass http://$jellyfin:8096;
  81.        proxy_http_version 1.1;
  82.        proxy_set_header Upgrade $http_upgrade;
  83.        proxy_set_header Connection "upgrade";
  84.        proxy_set_header Host $host;
  85.        proxy_set_header X-Real-IP $remote_addr;
  86.        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  87.        proxy_set_header X-Forwarded-Proto $scheme;
  88.        proxy_set_header X-Forwarded-Protocol $scheme;
  89.        proxy_set_header X-Forwarded-Host $http_host;
  90.    }
  91. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!