API tools faq
paste
Advertisement
Guest User

Jellyfin Nginx

a guest
Jul 4th, 2024
142
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 4.16 KB | Source Code | 0 0
raw download clone embed print report
  1. server {
  2.     listen 80;
  3.     listen [::]:80;
  4.     server_name jellyfin.killerrabbit.xyz;
  5.  
  6.     # Uncomment to redirect HTTP to HTTPS
  7.     return 301 https://$host$request_uri;
  8. }
  9.  
  10. server {
  11.     listen 443 ssl;
  12.     listen [::]:443 ssl;
  13.     # http2 on;
  14.     server_name jellyfin.killerrabbit.xyz;
  15.  
  16.     ## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
  17.     client_max_body_size 20M;
  18.  
  19.     # Uncomment next line to Disable TLS 1.0 and 1.1 (Might break older devices)
  20.     # ssl_protocols TLSv1.3 TLSv1.2;
  21.  
  22.     # use a variable to store the upstream proxy
  23.     # in this example we are using a hostname which is resolved via DNS
  24.     # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g `set $jellyfin 127.0.0.1`)
  25.     set $jellyfin jellyfin.killerrabbit.xyz;
  26.     resolver 192.168.254.13 192.168.254.12 valid=30s;
  27.  
  28.     ssl_certificate /etc/letsencrypt/live/jellyfin.killerrabbit.xyz/fullchain.pem;
  29.     ssl_certificate_key /etc/letsencrypt/live/jellyfin.killerrabbit.xyz/privkey.pem;
  30.     include /etc/letsencrypt/options-ssl-nginx.conf;
  31.     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  32.     add_header Strict-Transport-Security "max-age=31536000" always;
  33.     ssl_trusted_certificate /etc/letsencrypt/live/jellyfin.killerrabbit.xyz/chain.pem;
  34.     ssl_stapling on;
  35.     ssl_stapling_verify on;
  36.  
  37.     # Security / XSS Mitigation Headers
  38.     # NOTE: X-Frame-Options may cause issues with the webOS app
  39.     add_header X-Frame-Options "SAMEORIGIN";
  40.     add_header X-Content-Type-Options "nosniff";
  41.  
  42.     # COOP/COEP. Disable if you use external plugins/images/assets
  43.     add_header Cross-Origin-Opener-Policy "same-origin" always;
  44.     add_header Cross-Origin-Embedder-Policy "require-corp" always;
  45.     add_header Cross-Origin-Resource-Policy "same-origin" always;
  46.  
  47.     # Permissions policy. May cause issues on some clients
  48.     add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
  49.  
  50.  
  51.     # Content Security Policy
  52.     # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
  53.     # Enforces https content and restricts JS/CSS to origin
  54.     # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
  55.     # NOTE: The default CSP headers may cause issues with the webOS app
  56.     #add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
  57.  
  58.     location = / {
  59.         return 302 http://$host/web/;
  60.         #return 302 https://$host/web/;
  61.     }
  62.  
  63.     location / {
  64.         # Proxy main Jellyfin traffic
  65.         proxy_pass http://$jellyfin:8096;
  66.         proxy_set_header Host $host;
  67.         proxy_set_header X-Real-IP $remote_addr;
  68.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  69.         proxy_set_header X-Forwarded-Proto $scheme;
  70.         proxy_set_header X-Forwarded-Protocol $scheme;
  71.         proxy_set_header X-Forwarded-Host $http_host;
  72.  
  73.         # Disable buffering when the nginx proxy gets very resource heavy upon streaming
  74.         proxy_buffering off;
  75.     }
  76.  
  77.     location /socket {
  78.         # Proxy Jellyfin Websockets traffic
  79.         proxy_pass http://$jellyfin:8096;
  80.         proxy_http_version 1.1;
  81.         proxy_set_header Upgrade $http_upgrade;
  82.         proxy_set_header Connection "upgrade";
  83.         proxy_set_header Host $host;
  84.         proxy_set_header X-Real-IP $remote_addr;
  85.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  86.         proxy_set_header X-Forwarded-Proto $scheme;
  87.         proxy_set_header X-Forwarded-Protocol $scheme;
  88.         proxy_set_header X-Forwarded-Host $http_host;
  89.     }
  90. }
Tags: jellyfin nginx
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!