diff --git a/README.md b/README.md index 4d54d8d..6794869 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ If you have any **questions** or **suggestions**, feel free to open an issue or - [x] PGAdmin (PostgreSQL) - [x] Qbittorrent - [ ] Use Flask instead of wordpress as default blog -- [ ] Jellyfin +- [x] Jellyfin - [ ] Gitea - [ ] Mastodon - [ ] Minecraft server (Hyperworld v2) diff --git a/docker-compose.yml b/docker-compose.yml index dd0e5a5..1ccb35d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,8 +14,9 @@ services: - "443:443" volumes: - wordpress:/var/www/html + - jellyfin:/var/www/jellyfin - ./nginx-conf:/etc/nginx/conf.d - - certbot-etc:/etc/letsencrypt:ro + - certbot-cert:/etc/letsencrypt:ro networks: - app-network wp_db: @@ -114,6 +115,7 @@ services: - jellyfin-config:/config - jellyfin-tvseries:/data/tvshows - jellyfin-movies:/data/movies + - jellyfin:/var/www/html #ports: # - 8096:8096 # - 8920:8920 #optional @@ -130,11 +132,12 @@ services: profiles: - certbot volumes: - - certbot-etc:/etc/letsencrypt + - certbot-cert:/etc/letsencrypt - wordpress:/var/www/html - #command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --domain www.bensuperpc.org --domain bensuperpc.org - #command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --force-renewal --domain www.bensuperpc.org --domain bensuperpc.org - command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --domain www.bensuperpc.org --domain bensuperpc.org + - jellyfin:/var/www/jellyfin + #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot --webroot-path=/var/www/html --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org + #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --force-renewal --webroot --webroot-path=/var/www/html --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org + command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot --webroot-path=/var/www/html --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org phpmyadmin: image: phpmyadmin:5.2.0 container_name: phpmyadmin @@ -162,8 +165,8 @@ services: networks: - app-network volumes: - certbot-etc: - name: certbot-etc + certbot-cert: + name: certbot-cert wordpress: name: wordpress dbdata: @@ -181,6 +184,8 @@ volumes: name: jellyfin-tvseries jellyfin-movies: name: jellyfin-movies + jellyfin: + name: jellyfin postgres-data: name: postgres-data diff --git a/nginx-conf-cert/jellyfin.conf b/nginx-conf-cert/jellyfin.conf new file mode 100644 index 0000000..847fb44 --- /dev/null +++ b/nginx-conf-cert/jellyfin.conf @@ -0,0 +1,29 @@ +server { + listen 80; + listen [::]:80; + + server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org; + + root /var/www/jellyfin; + + location ~ /.well-known/acme-challenge { + allow all; + root /var/www/jellyfin; + } + + location / { + # Proxy main Jellyfin traffic + proxy_pass http://jellyfin:8096; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + # Disable buffering when the nginx proxy gets very resource heavy upon streaming + proxy_buffering off; + } + + resolver 8.8.8.8; +} \ No newline at end of file diff --git a/nginx-conf-cert/default.conf b/nginx-conf-cert/wordpress.conf similarity index 93% rename from nginx-conf-cert/default.conf rename to nginx-conf-cert/wordpress.conf index 8378331..bf2a475 100644 --- a/nginx-conf-cert/default.conf +++ b/nginx-conf-cert/wordpress.conf @@ -2,7 +2,7 @@ server { listen 80; listen [::]:80; - server_name your_domain www.your_domain; + server_name bensuperpc.org www.bensuperpc.org; index index.php index.html index.htm; @@ -41,4 +41,6 @@ server { expires max; log_not_found off; } + + resolver 8.8.8.8; } \ No newline at end of file diff --git a/nginx-conf/jellyfin.conf b/nginx-conf/jellyfin.conf index 7af8d22..574abd7 100644 --- a/nginx-conf/jellyfin.conf +++ b/nginx-conf/jellyfin.conf @@ -9,33 +9,40 @@ upstream jellyfin_server { # server jellyfin:8096 weight=1 max_fails=3 fail_timeout=30s; } -#server { -# listen 80; -# listen [::]:80; -# server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org; - - # Uncomment to redirect HTTP to HTTPS - # return 301 https://$host$request_uri; -#} - +# Redirect all http requests to the main server wordpress_server server { - # listen 443 ssl http2; - # listen [::]:443 ssl http2; listen 80; listen [::]:80; + server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org; - client_max_body_size 20M; - set $jellyfin jellyfin; - resolver 127.0.0.1 valid=30; + location ~ /.well-known/acme-challenge { + allow all; + root /var/www/jellyfin; + } - #ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem; - #ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem; + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org; + + #client_max_body_size 20M; + set $jellyfin jellyfin; + resolver 8.8.8.8 valid=30; + + # All things related to SSL + ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem; #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; #add_header Strict-Transport-Security "max-age=31536000" always; - #ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN_NAME/chain.pem; - - # include /etc/nginx/conf.d/sub/options-ssl-nginx.conf; + + include /etc/nginx/conf.d/sub/options-ssl-nginx.conf; # Security / XSS Mitigation Headers # NOTE: X-Frame-Options may cause issues with the webOS app diff --git a/nginx-conf/wordpress.conf b/nginx-conf/wordpress.conf index 3413a6b..53077f0 100644 --- a/nginx-conf/wordpress.conf +++ b/nginx-conf/wordpress.conf @@ -81,9 +81,9 @@ server { include /etc/nginx/conf.d/sub/gzip.conf; # All things related to SSL - ssl_certificate /etc/letsencrypt/live/www.bensuperpc.org/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/www.bensuperpc.org/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/www.bensuperpc.org/chain.pem; + ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem; include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;