2025-02-05, 12:57 AM
(2025-02-03, 10:43 PM)TheDreadPirate Wrote: Can you share a censored version of your Nginx config?
Sure, here it is:
Code:
# ------------------------------------------------------------
# jellyfin.domain.tld, jf.domain.tld
# ------------------------------------------------------------
map $scheme $hsts_header {
https "max-age=63072000;includeSubDomains; preload";
}
server {
set $forward_scheme http;
set $server "[REDACTED]";
set $port [REDACTED];
listen 80;
#listen [::]:80;
listen 443 ssl http2;
#listen [::]:443;
server_name jellyfin.domain.tld jf.domain.tld;
# SSL
include conf.d/include/[REDACTED]acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate [PATH_REDACTED];
ssl_certificate_key [PATH_REDACTED];
# Block Exploits
include conf.d/include/block-exploits.conf;
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security $hsts_header always;
# Force SSL
include conf.d/include/force-ssl.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
access_log [PATH_REDACTED]_access.log proxy;
error_log [PATH_REDACTED]_error.log warn;
location / {
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security $hsts_header always;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
# Proxy!
include conf.d/include/proxy.conf;
}
# Custom
include /data/nginx/custom/server_proxy[.]conf;
}