jellyfin.domain.ltd.conf

upstream jellyfin {
  server 127.0.0.1:8096;
}

server {
  listen 80;
  server_name  jellyfin.domain.ltd;
  return 301 https://$server_name:443$request_uri;
  error_log /var/log/nginx/error.log debug;
}

server {
  listen 443 ssl http2;
  server_name  jellyfin.domain.ltd;

  ssl_certificate  /etc/nginx/ssl/jellyfin.domain.ltd/fullchain.pem;
  ssl_certificate_key  /etc/nginx/ssl/jellyfin.domain.ltd/key.pem;


  #add_header Referrer-Policy "no-referrer" always;
  add_header X-Content-Type-Options "nosniff" always;
  add_header X-Download-Options "noopen" always;
  #add_header X-Frame-Options "SAMEORIGIN" always;
  #add_header X-Permitted-Cross-Domain-Policies "none" always;
  add_header X-Robots-Tag "none" always;
  #add_header X-XSS-Protection "1; mode=block" always;

  location / {
    proxy_pass  http://jellyfin;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Protocol $scheme;
    proxy_set_header X-Forwarded-Host $http_host;

    # Disable buffering when the nginx proxy gets very resource heavy upon streaming
    proxy_buffering off;
}

location /socket {
    # Proxy Jellyfin Websockets traffic
    proxy_pass http://127.0.0.1:8096/socket;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Protocol $scheme;
    proxy_set_header X-Forwarded-Host $http_host;
    }
}