From 50ffe15dcdda896604f8d919a98aa6c5d2f05329 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Kucharczyk?= Date: Mon, 26 Apr 2021 18:54:59 +0200 Subject: [PATCH] Add the rest of the Jellyfin NGINX config --- roles/jellyfin/templates/jellyfin.conf.j2 | 34 +++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/roles/jellyfin/templates/jellyfin.conf.j2 b/roles/jellyfin/templates/jellyfin.conf.j2 index 4d7d1b3..531c627 100644 --- a/roles/jellyfin/templates/jellyfin.conf.j2 +++ b/roles/jellyfin/templates/jellyfin.conf.j2 @@ -4,8 +4,42 @@ server { set $jellyfin {{ server_ip }}; #resolver 127.0.0.1 valid=30; + # Security/XSS Mitigation Headers + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + location / { proxy_pass http://$jellyfin:8096; proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + proxy_buffering off; + } + + location = /web/ { + proxy_pass http://$jellyfin:8096/web/index.html; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + } + + location /socket { + proxy_pass http://$jellyfin:8096; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; } } \ No newline at end of file