API tools faq
paste
Advertisement
Guest User

jellyfin.conf

a guest
Mar 6th, 2023
325
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.66 KB | None | 0 0
raw download clone embed print report
  1. # Uncomment the commented sections after you have acquired a SSL Certificate
  2.  
  3. server {
  4.  
  5. listen 80;
  6.  
  7. listen [::]:80;
  8.  
  9. server_name jelly.my.domain;
  10.  
  11.  
  12.  
  13. # Uncomment to redirect HTTP to HTTPS
  14.  
  15. return 301 https://$host$request_uri;
  16.  
  17. }
  18.  
  19.  
  20.  
  21. server {
  22.  
  23. listen 443 ssl http2;
  24.  
  25. listen [::]:443 ssl http2;
  26.  
  27. server_name DOMAIN_NAME;
  28.  
  29.  
  30.  
  31. ## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
  32.  
  33. client_max_body_size 20M;
  34.  
  35.  
  36.  
  37. # use a variable to store the upstream proxy
  38.  
  39. # in this example we are using a hostname which is resolved via DNS
  40.  
  41. # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g `set $jellyfin 127.0.0.1`)
  42.  
  43. set $jellyfin 192.168.1.10;
  44.  
  45. resolver 127.0.0.1 valid=30;
  46.  
  47.  
  48.  
  49. ssl_certificate /etc/letsencrypt/live/jelly.my.domain/fullchain.pem;
  50.  
  51. ssl_certificate_key /etc/letsencrypt/live/jelly.my.domain/privkey.pem;
  52.  
  53. include /etc/letsencrypt/options-ssl-nginx.conf;
  54.  
  55. ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  56.  
  57. add_header Strict-Transport-Security "max-age=31536000" always;
  58.  
  59. ssl_trusted_certificate /etc/letsencrypt/live/jelly.my.domain/chain.pem;
  60.  
  61. ssl_stapling on;
  62.  
  63. ssl_stapling_verify on;
  64.  
  65.  
  66.  
  67. # Security / XSS Mitigation Headers
  68.  
  69. # NOTE: X-Frame-Options may cause issues with the webOS app
  70.  
  71. add_header X-Frame-Options "SAMEORIGIN";
  72.  
  73. add_header X-XSS-Protection "1; mode=block";
  74.  
  75. add_header X-Content-Type-Options "nosniff";
  76.  
  77.  
  78.  
  79. # Content Security Policy
  80.  
  81. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
  82.  
  83. # Enforces https content and restricts JS/CSS to origin
  84.  
  85. # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
  86.  
  87. # NOTE: The default CSP headers may cause issues with the webOS app
  88.  
  89. #add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
  90.  
  91.  
  92.  
  93. # Set in Server block
  94.  
  95. location ~* ^/Videos/(.*)/(?!live)
  96.  
  97. {
  98.  
  99. # Set size of a slice (this amount will be always requested from the backend by nginx)
  100.  
  101. # Higher value means more latency, lower more overhead
  102.  
  103. # This size is independent of the size clients/browsers can request
  104.  
  105. slice 2m;
  106.  
  107.  
  108.  
  109. proxy_cache jellyfin-videos;
  110.  
  111. proxy_cache_valid 200 206 301 302 30d;
  112.  
  113. proxy_ignore_headers Expires Cache-Control Set-Cookie X-Accel-Expires;
  114.  
  115. proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
  116.  
  117. proxy_connect_timeout 15s;
  118.  
  119. proxy_http_version 1.1;
  120.  
  121. proxy_set_header Connection "";
  122.  
  123. # Transmit slice range to the backend
  124.  
  125. proxy_set_header Range $slice_range;
  126.  
  127.  
  128.  
  129. # This saves bandwidth between the proxy and jellyfin, as a file is only downloaded one time instead of multiple times when multiple clients want to at the same time
  130.  
  131. # The first client will trigger the download, the other clients will have to wait until the slice is cached
  132.  
  133. # Esp. practical during SyncPlay
  134.  
  135. proxy_cache_lock on;
  136.  
  137. proxy_cache_lock_age 60s;
  138.  
  139.  
  140.  
  141. proxy_pass http://$jellyfin:8096;
  142.  
  143. proxy_cache_key "jellyvideo$uri?MediaSourceId=$arg_MediaSourceId&VideoCodec=$arg_VideoCodec&AudioCodec=$arg_AudioCodec&AudioStreamIndex=$arg_AudioStreamIndex&VideoBitrate=$arg_VideoBitrate&AudioBitrate=$arg_AudioBitrate&SubtitleMethod=$arg_SubtitleMethod&TranscodingMaxAudioChannels=$arg_TranscodingMaxAudioChannels&RequireAvc=$arg_RequireAvc&SegmentContainer=$arg_SegmentContainer&MinSegments=$arg_MinSegments&BreakOnNonKeyFrames=$arg_BreakOnNonKeyFrames&h264-profile=$h264Profile&h264-level=$h264Level&slicerange=$slice_range";
  144.  
  145.  
  146.  
  147. # add_header X-Cache-Status $upstream_cache_status; # This is only for debugging cache
  148.  
  149.  
  150.  
  151. }
  152.  
  153.  
  154.  
  155. location = / {
  156.  
  157. return 302 http://$host/web/;
  158.  
  159. return 302 https://$host/web/;
  160.  
  161. }
  162.  
  163.  
  164.  
  165. location / {
  166.  
  167. # Proxy main Jellyfin traffic
  168.  
  169. proxy_pass http://$jellyfin:8096;
  170.  
  171. proxy_set_header Host $host;
  172.  
  173. proxy_set_header X-Real-IP $remote_addr;
  174.  
  175. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  176.  
  177. proxy_set_header X-Forwarded-Proto $scheme;
  178.  
  179. proxy_set_header X-Forwarded-Protocol $scheme;
  180.  
  181. proxy_set_header X-Forwarded-Host $http_host;
  182.  
  183.  
  184.  
  185. # Disable buffering when the nginx proxy gets very resource heavy upon streaming
  186.  
  187. proxy_buffering off;
  188.  
  189. }
  190.  
  191.  
  192.  
  193. # location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
  194.  
  195. location = /web/ {
  196.  
  197. # Proxy main Jellyfin traffic
  198.  
  199. proxy_pass http://$jellyfin:8096/web/index.html;
  200.  
  201. proxy_set_header Host $host;
  202.  
  203. proxy_set_header X-Real-IP $remote_addr;
  204.  
  205. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  206.  
  207. proxy_set_header X-Forwarded-Proto $scheme;
  208.  
  209. proxy_set_header X-Forwarded-Protocol $scheme;
  210.  
  211. proxy_set_header X-Forwarded-Host $http_host;
  212.  
  213. }
  214.  
  215.  
  216.  
  217. location /socket {
  218.  
  219. # Proxy Jellyfin Websockets traffic
  220.  
  221. proxy_pass http://$jellyfin:8096;
  222.  
  223. proxy_http_version 1.1;
  224.  
  225. proxy_set_header Upgrade $http_upgrade;
  226.  
  227. proxy_set_header Connection "upgrade";
  228.  
  229. proxy_set_header Host $host;
  230.  
  231. proxy_set_header X-Real-IP $remote_addr;
  232.  
  233. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  234.  
  235. proxy_set_header X-Forwarded-Proto $scheme;
  236.  
  237. proxy_set_header X-Forwarded-Protocol $scheme;
  238.  
  239. proxy_set_header X-Forwarded-Host $http_host;
  240.  
  241. }
  242.  
  243. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!