Nginx
Nginx auth_basic
sh
sudo sh -c "echo -n 'yunyuyuan:' >> /etc/nginx/auth-pairs"
sudo sh -c "openssl passwd -apr1 >> /etc/nginx/auth-pairs"
Nginx conf
nginx
server {
listen [::]:8888 ssl;
#listen [::]:443 ssl;
listen 443 ssl;
listen 80;
listen [::]:80;
server_name i-cf.yunyuyuan.net i-d.yunyuyuan.net i-v.yunyuyuan.net;
error_page 497 https://$host:8888$request_uri;
set $whole_url "$scheme://$host";
if ($whole_url ~ ^http://[^.]*-v) {
return https://$host$request_uri;
}
root /var/www/i;
}
server {
root /var/www/aria;
location /jsonrpc {
proxy_pass http://localhost:6800/jsonrpc;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
set $jellyfin 127.0.0.1;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
set $dist_url "/web/";
if ($host ~ ^video-d) {
set $dist_url ":8888/web/";
}
location = / {
return 302 https://$host$dist_url;
}
location = /web {
return 302 https://$host$dist_url;
}
location / {
proxy_pass http://$jellyfin:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_buffering off;
}
location = /web/ {
proxy_pass http://$jellyfin:8096/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://$jellyfin:8096;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
server {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/auth-pairs;
}