Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- worker_processes auto;
- error_log logs/error.log;
- events {
- worker_connections 8192;
- }
- http {
- include mime.types;
- default_type application/octet-stream;
- server_names_hash_bucket_size 64;
- server_tokens off;
- ## The below will create a separate log file for your emby server which includes
- ## userId's and other emby specific info, handy for external log viewers.
- ## Cloudflare users will want to swap $remote_addr in first line below to $http_CF_Connecting_IP
- ## to log the real client IP address
- log_format emby '$http_CF_Connecting_IP - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port "$http_x_emby_authorization"';
- log_format default '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port';
- sendfile off; ## Sendfile not used in a proxy environment.
- gzip on; ## Compresses the content to the client, speeds up client browsing.
- gzip_disable "msie6";
- gzip_comp_level 6;
- gzip_min_length 1100;
- gzip_buffers 16 8k;
- gzip_proxied any;
- gzip_types
- text/plain
- text/css
- text/js
- text/xml
- text/javascript
- application/javascript
- application/x-javascript
- application/json
- application/xml
- application/rss+xml
- image/svg+xml;
- proxy_connect_timeout 1h;
- proxy_send_timeout 1h;
- proxy_read_timeout 1h;
- tcp_nodelay on; ## Sends data as fast as it can not buffering large chunks, saves about 200ms per request.
- ## The below will force all nginx traffic to SSL, make sure all other server blocks only listen on 443
- server {
- listen 80 default_server;
- server_name _;
- return 301 https://$host$request_uri;
- }
- ## Start of actual server blocks
- server {
- listen [::]:443 ssl http2; ## Listens on port 443 IPv6 with http2 and ssl enabled
- listen 443 ssl http2; ## Listens on port 443 IPv4 with http2 and ssl enabled
- proxy_buffering off; ## Sends data as fast as it can not buffering large chunks.
- server_name media.WEBSITENAME.dev; ## enter your service name and domain name here example emby.domainname.com
- access_log logs/emby.log emby; ## Creates a log file with this name and the log info above.
- ## SSL SETTINGS ##
- ssl_session_timeout 30m;
- ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
- ssl_certificate /etc/ssl/cert.pem; ## Location of your public PEM file.
- ssl_certificate_key /etc/ssl/key.pem; ## Location of your private PEM file.
- ssl_session_cache shared:SSL:10m;
- location ^~ /swagger { ## Disables access to swagger interface
- return 404;
- }
- location / {
- proxy_pass http://127.0.0.1:8096; ## Enter the IP and port of the backend emby server here.
- proxy_hide_header X-Powered-By; ## Hides nginx server version from bad guys.
- proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested.
- proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested.
- #proxy_set_header X-Real-IP $remote_addr; ## Passes the real client IP to the backend server.
- proxy_set_header X-Real-IP $http_CF_Connecting_IP; ## if you use cloudflare un-comment this line and comment out above line.
- proxy_set_header Host $host; ## Passes the requested domain name to the backend server.
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server.
- ## ADDITIONAL SECURITY SETTINGS ##
- ## Optional settings to improve security ##
- ## add these after you have completed your testing and ssl setup ##
- ## NOTICE: For the Strict-Transport-Security setting below, I would recommend ramping up to this value ##
- ## See https://hstspreload.org/ read through the "Deployment Recommendations" section first! ##
- add_header 'Referrer-Policy' 'origin-when-cross-origin';
- add_header Strict-Transport-Security "max-age=15552000; preload" always;
- add_header X-Frame-Options "SAMEORIGIN" always;
- add_header X-Content-Type-Options "nosniff" always;
- add_header X-XSS-Protection "1; mode=block" always;
- ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client.
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement