Scribd
Upload
94 views

Jellyfin HTTP Conf

This document contains an Nginx configuration file for proxying traffic to a Jellyfin server. It is configured to listen on ports 80 and 443 and redirect HTTP to HTTPS. The server name is set to donaflix.com and www.donaflix.com. Traffic is proxied to the Jellyfin server on port 8096 and security headers are set. Sections are commented out until an SSL certificate is acquired.

Uploaded by

Donatien LEBON
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
94 views

Jellyfin HTTP Conf

This document contains an Nginx configuration file for proxying traffic to a Jellyfin server. It is configured to listen on ports 80 and 443 and redirect HTTP to HTTPS. The server name is set to donaflix.com and www.donaflix.com. Traffic is proxied to the Jellyfin server on port 8096 and security headers are set. Sections are commented out until an SSL certificate is acquired.

Uploaded by

Donatien LEBON
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

# Uncomment the commented sections after you have acquired a SSL Certificate

server {
listen 80;
listen [::]:80;
# server_name donaflix.com www.donaflix.com;

# Redirect HTTP to HTTPS


# return 301 https://$host$request_uri;
#}

#server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
server_name donaflix.com www.donaflix.com;

# use a variable to store the upstream proxy


# in this example we are using a hostname which is resolved via DNS
# (if you aren't using DNS remove the resolver line and change the variable to
point to an IP address e.g `set $jellyfin 127.0.0.1`)
set $jellyfin 127.0.0.1;
# resolver 127.0.0.1 valid=30;

# ssl_certificate /etc/letsencrypt/live/donaflix.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/donaflix.com/privkey.pem;
# include /etc/letsencrypt/options-ssl-nginx.conf;
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# add_header Strict-Transport-Security "max-age=31536000" always;
# ssl_trusted_certificate /etc/letsencrypt/live/donaflix.com/chain.pem;
# ssl_stapling on;
# ssl_stapling_verify on;

# Security / XSS Mitigation Headers


add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";

# Content Security Policy


# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# Enforces https content and restricts JS/CSS to origin
# External Javascript (such as cast_sender.js for Chromecast) must be
whitelisted.

# add_header Content-Security-Policy "default-src https: data: blob:


http://image.tmdb.org; style-src 'self' 'unsafe-inline'
https://prayag17.github.io/JellySkin/default.css
https://prayag17.github.io/JellySkin/addons/Logo.css
https://theme-park.dev/CSS/themes/jellyfin/hotline.css
https://theme-park.dev/CSS/themes/jellyfin/jellyfin-base.css
https://cdn.jsdelivr.net/gh/prayag17/JellySkin/default.css
https://cdn.jsdelivr.net/gh/prayag17/JellySkin/addons/Logo.css
https://cdn.jsdelivr.net/gh/prayag17/JellySkin/addons/imp-per.css
https://cdn.jsdelivr.net/gh/prayag17/JellySkin/addons/compact-poster.css
https://cdn.jsdelivr.net/gh/prayag17/JellySkin/addons/Gradients/sunsetGradient.css
https://cdn.jsdelivr.net/gh/prayag17/JellySkin/addons/Gradients/seaGradient.css
https://cdn.jsdelivr.net/gh/prayag17/JellySkin/addons/Gradients/mauveGradient.css
https://cdn.jsdelivr.net/gh/prayag17/JellySkin/addons/Gradients/nightSkyGradient.cs
s https://cdn.jsdelivr.net/gh/prayag17/JellySkin/addons/progress-bar.css ; script-
src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-
src 'none'; frame-ancestors 'self'";

location = / {
return 302 https://$host/web/;
}

location / {
# Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;

# Disable buffering when the nginx proxy gets very resource heavy upon
streaming
proxy_buffering off;

# location block for /web - This is purely for aesthetics so /web/#!/ works
instead of having to go to /web/index.html/#!/
location = /web/ {
# Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;

location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://$jellyfin:8096;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}

You might also like