API tools faq
paste
Advertisement
ovingiv

Untitled

ovingiv
Sep 23rd, 2024
53
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JSON 4.57 KB | None | 0 0
raw download clone embed print report
  1. server {
  2.     if ($host = jellyfin.ovingivhomelab.page) {
  3.         return 301 https://$host$request_uri;
  4.     } # managed by Certbot
  5.  
  6.  
  7.     listen 80;
  8.     server_name jellyfin.ovingivhomelab.page;
  9.     return 301 https://$server_name$request_uri;
  10.  
  11.  
  12. }
  13.  
  14. server {
  15.     listen 443 ssl http2;
  16.     server_name jellyfin.ovingivhomelab.page;
  17.  
  18.     access_log /var/log/nginx/jellyfin.access;
  19.     error_log /var/log/nginx/jellyfin.error;
  20.     set $jellyfin 127.0.0.1;
  21.  
  22.     # allow larger file uploads and longer script runtimes
  23.     client_max_body_size 100m;
  24.     client_body_timeout 120s;
  25.  
  26.     sendfile off;
  27.  
  28.     # SSL Configuration - Replace the example <domain> with your domain
  29.     ssl_certificate /etc/letsencrypt/live/jellyfin.ovingivhomelab.page/fullchain.pem; # managed by Certbot
  30.     ssl_certificate_key /etc/letsencrypt/live/jellyfin.ovingivhomelab.page/privkey.pem; # managed by Certbot
  31.     ssl_session_cache shared:SSL:10m;
  32.     ssl_protocols TLSv1.2 TLSv1.3;
  33.     ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
  34.     ssl_prefer_server_ciphers on;
  35.  
  36.     # See https://hstspreload.org/ before uncommenting the line below.
  37.     # add_header Strict-Transport-Security "max-age=15768000; preload;";
  38.     add_header X-Content-Type-Options nosniff;
  39.     add_header X-XSS-Protection "1; mode=block";
  40.     add_header X-Robots-Tag none;
  41.     add_header Content-Security-Policy "frame-ancestors 'self'";
  42.     add_header X-Frame-Options DENY;
  43.     add_header Referrer-Policy same-origin;
  44.  
  45. location / {
  46.           proxy_pass http://127.0.0.1:8096;
  47.           proxy_set_header Host $host;
  48.           proxy_set_header X-Real-IP $remote_addr;
  49.  
  50.           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  51.           proxy_set_header X-Forwarded-Proto $scheme;
  52.           proxy_set_header X-Forwarded-Protocol $scheme;
  53.           proxy_set_header X-Forwarded-Host $http_host;
  54.  
  55.           # Disable buffering when the nginx proxy gets very resource heavy upon streaming
  56.           proxy_buffering off;
  57.       }
  58.  
  59.       # location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
  60.       location ~ ^/web/$ {
  61.           # Proxy main Jellyfin traffic
  62.           proxy_pass http://$jellyfin:8096/web/index.html/;
  63.           proxy_set_header Host $host;
  64.           proxy_set_header X-Real-IP $remote_addr;
  65.           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  66.           proxy_set_header X-Forwarded-Proto $scheme;
  67.           proxy_set_header X-Forwarded-Protocol $scheme;
  68.           proxy_set_header X-Forwarded-Host $http_host;
  69.       }
  70.  
  71.       location /socket {
  72.           # Proxy Jellyfin Websockets traffic
  73.           proxy_pass http://$127.0.0.1:8096;
  74.           proxy_http_version 1.1;
  75.           proxy_set_header Upgrade $http_upgrade;
  76.           proxy_set_header Connection "upgrade";
  77.           proxy_set_header Host $host;
  78.           proxy_set_header X-Real-IP $remote_addr;
  79.           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  80.           proxy_set_header X-Forwarded-Proto $scheme;
  81.           proxy_set_header X-Forwarded-Protocol $scheme;
  82.           proxy_set_header X-Forwarded-Host $http_host;
  83.       }
  84.  
  85.         # Security / XSS Mitigation Headers
  86.         add_header X-Frame-Options "SAMEORIGIN";
  87.         add_header X-XSS-Protection "1; mode=block";
  88.         add_header X-Content-Type-Options "nosniff";
  89.  
  90.  
  91.  
  92.     add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
  93.  
  94.  
  95.     ssl_trusted_certificate /etc/letsencrypt/live/jellyfin.ovingivhomelab.page/chain.pem; # managed by Certbot
  96.     ssl_stapling on; # managed by Certbot
  97.     ssl_stapling_verify on; # managed by Certbot
  98.  
  99.  
  100. }
  101. #    location ~ \.php$ {
  102. #        fastcgi_split_path_info ^(.+\.php)(/.+)$;
  103. #        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
  104. #        fastcgi_index index.php;
  105. #        include fastcgi_params;
  106. #        fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
  107. #        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  108. #        fastcgi_param HTTP_PROXY "";
  109. #        fastcgi_intercept_errors off;
  110. #        fastcgi_buffer_size 16k;
  111. #        fastcgi_buffers 4 16k;
  112. #        fastcgi_connect_timeout 300;
  113. #        fastcgi_send_timeout 300;
  114. #        fastcgi_read_timeout 300;
  115. #        include /etc/nginx/fastcgi_params;
  116. #    }
  117. #
  118. #    location ~ /\.ht {
  119. #        deny all;
  120. #    }
  121. #}
  122.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!