API tools faq
paste
Advertisement
Guest User

Nginx Configuration

a guest
May 10th, 2022
19
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.68 KB | None | 0 0
raw download clone embed print report
  1. worker_processes auto;
  2.  
  3. error_log logs/error.log;
  4.  
  5. events {
  6. worker_connections 8192;
  7. }
  8.  
  9. http {
  10. include mime.types;
  11. default_type application/octet-stream;
  12. server_names_hash_bucket_size 64;
  13. server_tokens off;
  14.  
  15. ## The below will create a separate log file for your emby server which includes
  16. ## userId's and other emby specific info, handy for external log viewers.
  17. ## Cloudflare users will want to swap $remote_addr in first line below to $http_CF_Connecting_IP
  18. ## to log the real client IP address
  19. log_format emby '$http_CF_Connecting_IP - $remote_user [$time_local] "$request" '
  20. '$status $body_bytes_sent "$http_referer" '
  21. '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port "$http_x_emby_authorization"';
  22.  
  23.  
  24. log_format default '$remote_addr - $remote_user [$time_local] "$request" '
  25. '$status $body_bytes_sent "$http_referer" '
  26. '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port';
  27.  
  28. sendfile off; ## Sendfile not used in a proxy environment.
  29.  
  30. gzip on; ## Compresses the content to the client, speeds up client browsing.
  31. gzip_disable "msie6";
  32.  
  33. gzip_comp_level 6;
  34. gzip_min_length 1100;
  35. gzip_buffers 16 8k;
  36. gzip_proxied any;
  37. gzip_types
  38. text/plain
  39. text/css
  40. text/js
  41. text/xml
  42. text/javascript
  43. application/javascript
  44. application/x-javascript
  45. application/json
  46. application/xml
  47. application/rss+xml
  48. image/svg+xml;
  49.  
  50. proxy_connect_timeout 1h;
  51. proxy_send_timeout 1h;
  52. proxy_read_timeout 1h;
  53. tcp_nodelay on; ## Sends data as fast as it can not buffering large chunks, saves about 200ms per request.
  54.  
  55. ## The below will force all nginx traffic to SSL, make sure all other server blocks only listen on 443
  56. server {
  57. listen 80 default_server;
  58. server_name _;
  59.  
  60. return 301 https://$host$request_uri;
  61. }
  62.  
  63. ## Start of actual server blocks
  64. server {
  65.  
  66. listen [::]:443 ssl http2; ## Listens on port 443 IPv6 with http2 and ssl enabled
  67. listen 443 ssl http2; ## Listens on port 443 IPv4 with http2 and ssl enabled
  68. proxy_buffering off; ## Sends data as fast as it can not buffering large chunks.
  69.  
  70. server_name media.WEBSITENAME.dev; ## enter your service name and domain name here example emby.domainname.com
  71.  
  72. access_log logs/emby.log emby; ## Creates a log file with this name and the log info above.
  73.  
  74. ## SSL SETTINGS ##
  75. ssl_session_timeout 30m;
  76. ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
  77. ssl_certificate /etc/ssl/cert.pem; ## Location of your public PEM file.
  78. ssl_certificate_key /etc/ssl/key.pem; ## Location of your private PEM file.
  79. ssl_session_cache shared:SSL:10m;
  80.  
  81. location ^~ /swagger { ## Disables access to swagger interface
  82. return 404;
  83. }
  84.  
  85. location / {
  86. proxy_pass http://127.0.0.1:8096; ## Enter the IP and port of the backend emby server here.
  87.  
  88. proxy_hide_header X-Powered-By; ## Hides nginx server version from bad guys.
  89. proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested.
  90. proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested.
  91. #proxy_set_header X-Real-IP $remote_addr; ## Passes the real client IP to the backend server.
  92. proxy_set_header X-Real-IP $http_CF_Connecting_IP; ## if you use cloudflare un-comment this line and comment out above line.
  93. proxy_set_header Host $host; ## Passes the requested domain name to the backend server.
  94. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server.
  95.  
  96. ## ADDITIONAL SECURITY SETTINGS ##
  97. ## Optional settings to improve security ##
  98. ## add these after you have completed your testing and ssl setup ##
  99. ## NOTICE: For the Strict-Transport-Security setting below, I would recommend ramping up to this value ##
  100. ## See https://hstspreload.org/ read through the "Deployment Recommendations" section first! ##
  101. add_header 'Referrer-Policy' 'origin-when-cross-origin';
  102. add_header Strict-Transport-Security "max-age=15552000; preload" always;
  103. add_header X-Frame-Options "SAMEORIGIN" always;
  104. add_header X-Content-Type-Options "nosniff" always;
  105. add_header X-XSS-Protection "1; mode=block" always;
  106.  
  107. ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client.
  108. proxy_http_version 1.1;
  109. proxy_set_header Upgrade $http_upgrade;
  110. proxy_set_header Connection $http_connection;
  111. }
  112. }
  113. }
  114.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!