2024-02-26, 08:28 PM
What exactly isn't working about it?
I'm not super familiar with pfSense's GUI wrapper on top of HAProxy, but I have had this working in the past. Here was my backend section:
That said, I moved to NGiNX for Jellyfin and avoid sending it through my load balancer at this point; I'd recommend the same as it makes the TLS stuff easier and such.
I'm not super familiar with pfSense's GUI wrapper on top of HAProxy, but I have had this working in the past. Here was my backend section:
Code:
backend jfX_http
mode http
balance leastconn
cookie SERVERID insert indirect nocache
stick store-request src
stick-table type ip size 200k expire 30m peers keepalived-pair
option httpchk GET /health HTTP/1.1\r\nHost:\ jellyfin
option forwardfor
timeout queue 5000
timeout server 32000000
timeout connect 5000
acl no_BAD path_reg -i ^\/Images\/Remote
acl no_BAD path_reg -i ^\/Items\/RemoteSearch\/Image
acl no_BAD path_reg -i ^\/Items\/[^\.]*\/RemoteImages\/Download
http-request redirect location https://i.ytimg.com/vi/avCWDDox1nE/maxresdefault.jpg if no_BAD
http-response set-header X-Frame-Options SAMEORIGIN
http-response set-header X-XSS-Protection "1;mode=block"
http-response set-header Referrer-Policy "no-referrer,same-origin,strict-origin,strict-origin-when-cross-origin"
http-response set-header X-Content-Type-Options nosniff
http-response set-header Strict-Transport-Security max-age=31536000;includeSubDomains;preload
http-response set-header Content-Security-Policy "default-src 'none'; font-src 'self'; connect-src 'self' wss: ws: https://mb3admin.com; media-src 'self' blob: data:; manifest-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; worker-src 'self' blob:; script-src 'unsafe-inline' 'self' https://www.gstatic.com; img-src data: https: http: ; style-src 'unsafe-inline' 'self'"
server jf1 192.168.0.100:8096/ check inter 5000 cookie jf1
That said, I moved to NGiNX for Jellyfin and avoid sending it through my load balancer at this point; I'd recommend the same as it makes the TLS stuff easier and such.