Bensuperpc/infrastructure
1
0
Fork 0
mirror of https://github.com/bensuperpc/infrastructure.git synced 2025-01-02 22:04:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add https on jellyfin

Browse Source 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
This commit is contained in:
Bensuperpc 2022-11-28 13:43:48 +01:00
parent 5299ab2013
commit d9b5638732
No known key found for this signature in database
GPG Key ID: D00C6B1021747EED
6 changed files with 74 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -20,7 +20,7 @@ If you have any **questions** or **suggestions**, feel free to open an issue or
- [x] PGAdmin (PostgreSQL) - [x] PGAdmin (PostgreSQL)
- [x] Qbittorrent - [x] Qbittorrent
- [ ] Use Flask instead of wordpress as default blog - [ ] Use Flask instead of wordpress as default blog
- [ ] Jellyfin - [x] Jellyfin
- [ ] Gitea - [ ] Gitea
- [ ] Mastodon - [ ] Mastodon
- [ ] Minecraft server (Hyperworld v2) - [ ] Minecraft server (Hyperworld v2)

19
docker-compose.yml
View File

@ -14,8 +14,9 @@ services:
- "443:443" - "443:443"
volumes: volumes:
- wordpress:/var/www/html - wordpress:/var/www/html
- jellyfin:/var/www/jellyfin
- ./nginx-conf:/etc/nginx/conf.d - ./nginx-conf:/etc/nginx/conf.d
- certbot-etc:/etc/letsencrypt:ro - certbot-cert:/etc/letsencrypt:ro
networks: networks:
- app-network - app-network
wp_db: wp_db:
@ -114,6 +115,7 @@ services:
- jellyfin-config:/config - jellyfin-config:/config
- jellyfin-tvseries:/data/tvshows - jellyfin-tvseries:/data/tvshows
- jellyfin-movies:/data/movies - jellyfin-movies:/data/movies
- jellyfin:/var/www/html
#ports: #ports:
# - 8096:8096 # - 8096:8096
# - 8920:8920 #optional # - 8920:8920 #optional
@ -130,11 +132,12 @@ services:
profiles: profiles:
- certbot - certbot
volumes: volumes:
- certbot-etc:/etc/letsencrypt - certbot-cert:/etc/letsencrypt
- wordpress:/var/www/html - wordpress:/var/www/html
#command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --domain www.bensuperpc.org --domain bensuperpc.org - jellyfin:/var/www/jellyfin
#command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --force-renewal --domain www.bensuperpc.org --domain bensuperpc.org #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot --webroot-path=/var/www/html --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --domain www.bensuperpc.org --domain bensuperpc.org #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --force-renewal --webroot --webroot-path=/var/www/html --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot --webroot-path=/var/www/html --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
phpmyadmin: phpmyadmin:
image: phpmyadmin:5.2.0 image: phpmyadmin:5.2.0
container_name: phpmyadmin container_name: phpmyadmin
@ -162,8 +165,8 @@ services:
networks: networks:
- app-network - app-network
volumes: volumes:
certbot-etc: certbot-cert:
name: certbot-etc name: certbot-cert
wordpress: wordpress:
name: wordpress name: wordpress
dbdata: dbdata:
@ -181,6 +184,8 @@ volumes:
name: jellyfin-tvseries name: jellyfin-tvseries
jellyfin-movies: jellyfin-movies:
name: jellyfin-movies name: jellyfin-movies
jellyfin:
name: jellyfin
postgres-data: postgres-data:
name: postgres-data name: postgres-data

29
nginx-conf-cert/jellyfin.conf Normal file
View File

@ -0,0 +1,29 @@
server {
listen 80;
listen [::]:80;
server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org;
root /var/www/jellyfin;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/jellyfin;
}
location / {
# Proxy main Jellyfin traffic
proxy_pass http://jellyfin:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
resolver 8.8.8.8;
}

4
nginx-conf-cert/default.conf → nginx-conf-cert/wordpress.conf
View File

@ -2,7 +2,7 @@ server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name your_domain www.your_domain; server_name bensuperpc.org www.bensuperpc.org;
index index.php index.html index.htm; index index.php index.html index.htm;
@ -41,4 +41,6 @@ server {
expires max; expires max;
log_not_found off; log_not_found off;
} }
resolver 8.8.8.8;
} }

45
nginx-conf/jellyfin.conf
View File

@ -9,33 +9,40 @@ upstream jellyfin_server {
# server jellyfin:8096 weight=1 max_fails=3 fail_timeout=30s; # server jellyfin:8096 weight=1 max_fails=3 fail_timeout=30s;
} }
#server { # Redirect all http requests to the main server wordpress_server
# listen 80;
# listen [::]:80;
# server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org;
# Uncomment to redirect HTTP to HTTPS
# return 301 https://$host$request_uri;
#}
server { server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org; server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org;
client_max_body_size 20M; location ~ /.well-known/acme-challenge {
set $jellyfin jellyfin; allow all;
resolver 127.0.0.1 valid=30; root /var/www/jellyfin;
}
#ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem; location / {
#ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem; return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org;
#client_max_body_size 20M;
set $jellyfin jellyfin;
resolver 8.8.8.8 valid=30;
# All things related to SSL
ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem;
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
#add_header Strict-Transport-Security "max-age=31536000" always; #add_header Strict-Transport-Security "max-age=31536000" always;
#ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN_NAME/chain.pem;
include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;
# include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;
# Security / XSS Mitigation Headers # Security / XSS Mitigation Headers
# NOTE: X-Frame-Options may cause issues with the webOS app # NOTE: X-Frame-Options may cause issues with the webOS app

6
nginx-conf/wordpress.conf
View File

@ -81,9 +81,9 @@ server {
include /etc/nginx/conf.d/sub/gzip.conf; include /etc/nginx/conf.d/sub/gzip.conf;
# All things related to SSL # All things related to SSL
ssl_certificate /etc/letsencrypt/live/www.bensuperpc.org/fullchain.pem; ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.bensuperpc.org/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.bensuperpc.org/chain.pem; ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem;
include /etc/nginx/conf.d/sub/options-ssl-nginx.conf; include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;