dotfiles/terranix/containers/ingress-blowhole/jellyfin.conf

include /local/security.conf;

client_max_body_size 100M;

location / {
  # Proxy main Jellyfin traffic

  # The / at the end is significant.
  # https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/

  proxy_pass http://jellyfin/;

  proxy_pass_request_headers on;

  proxy_set_header Host $host;

  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-Host $http_host;

  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $http_connection;

  # Disable buffering when the nginx proxy gets very resource heavy upon streaming
  proxy_buffering off;
}
Add config files for new ingress-blowhole Signed-off-by: Magic_RB <magic_rb@redalder.org> 2023-09-03 18:08:34 +02:00			`include /local/security.conf;`

			`client_max_body_size 100M;`

			`location / {`
			`# Proxy main Jellyfin traffic`

			`# The / at the end is significant.`
			`# https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/`

			`proxy_pass http://jellyfin/;`

			`proxy_pass_request_headers on;`

			`proxy_set_header Host $host;`

			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Forwarded-Host $http_host;`

			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection $http_connection;`

			`# Disable buffering when the nginx proxy gets very resource heavy upon streaming`
			`proxy_buffering off;`
			`}`