Add https on jellyfin

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2024-09-20 02:10:39 +02:00 · 2022-11-28 13:43:48 +01:00 · 2022-11-28 13:43:48 +01:00 · d9b5638732
commit d9b5638732
parent 5299ab2013
6 changed files with 74 additions and 31 deletions
--- a/README.md
+++ b/README.md
@ -20,7 +20,7 @@ If you have any **questions** or **suggestions**, feel free to open an issue or
 - [x] PGAdmin (PostgreSQL)
 - [x] Qbittorrent
 - [ ] Use Flask instead of wordpress as default blog
- [ ] Jellyfin
+- [x] Jellyfin
 - [ ] Gitea
 - [ ] Mastodon
 - [ ] Minecraft server (Hyperworld v2)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -14,8 +14,9 @@ services:
      - "443:443"
    volumes:
      - wordpress:/var/www/html
+      - jellyfin:/var/www/jellyfin
      - ./nginx-conf:/etc/nginx/conf.d
-      - certbot-etc:/etc/letsencrypt:ro
+      - certbot-cert:/etc/letsencrypt:ro
    networks:
      - app-network
  wp_db:
@ -114,6 +115,7 @@ services:
      - jellyfin-config:/config
      - jellyfin-tvseries:/data/tvshows
      - jellyfin-movies:/data/movies
+      - jellyfin:/var/www/html
    #ports:
    #  - 8096:8096
    #  - 8920:8920 #optional
@ -130,11 +132,12 @@ services:
    profiles:
      - certbot
    volumes:
-      - certbot-etc:/etc/letsencrypt
+      - certbot-cert:/etc/letsencrypt
      - wordpress:/var/www/html
-    #command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --domain www.bensuperpc.org --domain bensuperpc.org
-    #command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --force-renewal --domain www.bensuperpc.org --domain bensuperpc.org
-    command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --domain www.bensuperpc.org --domain bensuperpc.org
+      - jellyfin:/var/www/jellyfin
+    #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot --webroot-path=/var/www/html --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
+    #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --force-renewal --webroot --webroot-path=/var/www/html --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
+    command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot --webroot-path=/var/www/html --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
  phpmyadmin:
    image: phpmyadmin:5.2.0
    container_name: phpmyadmin
@ -162,8 +165,8 @@ services:
    networks:
      - app-network
 volumes:
-  certbot-etc:
-    name: certbot-etc
+  certbot-cert:
+    name: certbot-cert
  wordpress:
    name: wordpress
  dbdata:
@ -181,6 +184,8 @@ volumes:
    name: jellyfin-tvseries
  jellyfin-movies:
    name: jellyfin-movies
+  jellyfin:
+    name: jellyfin
  postgres-data:
    name: postgres-data

--- a/nginx-conf-cert/jellyfin.conf
+++ b/nginx-conf-cert/jellyfin.conf
@ -0,0 +1,29 @@
+server {
+        listen 80;
+        listen [::]:80;
+
+        server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org;
+
+        root /var/www/jellyfin;
+
+        location ~ /.well-known/acme-challenge {
+                allow all;
+                root /var/www/jellyfin;
+        }
+
+        location / {
+                # Proxy main Jellyfin traffic
+                proxy_pass http://jellyfin:8096;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_set_header X-Forwarded-Protocol $scheme;
+                proxy_set_header X-Forwarded-Host $http_host;
+
+                # Disable buffering when the nginx proxy gets very resource heavy upon streaming
+                proxy_buffering off;
+        }
+
+        resolver 8.8.8.8;
+}
--- a/nginx-conf-cert/wordpress.conf
+++ b/nginx-conf-cert/wordpress.conf
@ -2,7 +2,7 @@ server {
        listen 80;
        listen [::]:80;

-        server_name your_domain www.your_domain;
+        server_name bensuperpc.org www.bensuperpc.org;

        index index.php index.html index.htm;

@ -41,4 +41,6 @@ server {
                expires max;
                log_not_found off;
        }
+
+        resolver 8.8.8.8;
 }
--- a/nginx-conf/jellyfin.conf
+++ b/nginx-conf/jellyfin.conf
@ -9,33 +9,40 @@ upstream jellyfin_server {
        # server jellyfin:8096 weight=1 max_fails=3 fail_timeout=30s;
 }

-#server {
-#        listen 80;
-#        listen [::]:80;
-#        server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org;
-
-        # Uncomment to redirect HTTP to HTTPS
-        # return 301 https://$host$request_uri;
-#}
-
+# Redirect all http requests to the main server wordpress_server
 server {
-        # listen 443 ssl http2;
-        # listen [::]:443 ssl http2;
        listen 80;
        listen [::]:80;
+
        server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org;

-        client_max_body_size 20M;
-        set $jellyfin jellyfin;
-        resolver 127.0.0.1 valid=30;
+        location ~ /.well-known/acme-challenge {
+                allow all;
+                root /var/www/jellyfin;
+        }

-        #ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem;
-        #ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem;
+        location / {
+                return 301 https://$host$request_uri;
+        }
+}
+
+server {
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+        server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org;
+
+        #client_max_body_size 20M;
+        set $jellyfin jellyfin;
+        resolver 8.8.8.8 valid=30;
+
+        # All things related to SSL
+        ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem;
+        ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem;
        #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
        #add_header Strict-Transport-Security "max-age=31536000" always;
-        #ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN_NAME/chain.pem;
-        
-        # include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;
+
+        include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;

        # Security / XSS Mitigation Headers
        # NOTE: X-Frame-Options may cause issues with the webOS app
--- a/nginx-conf/wordpress.conf
+++ b/nginx-conf/wordpress.conf
@ -81,9 +81,9 @@ server {
        include /etc/nginx/conf.d/sub/gzip.conf;
        
        # All things related to SSL
-        ssl_certificate /etc/letsencrypt/live/www.bensuperpc.org/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/live/www.bensuperpc.org/privkey.pem;
-        ssl_trusted_certificate /etc/letsencrypt/live/www.bensuperpc.org/chain.pem;
+        ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem;
+        ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem;

        include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;