Skip to content
On this page

Nginx

Nginx auth_basic

sh
sudo sh -c "echo -n 'yunyuyuan:' >> /etc/nginx/auth-pairs"
sudo sh -c "openssl passwd -apr1 >> /etc/nginx/auth-pairs"

Nginx conf

nginx
server {
	listen [::]:8888 ssl;
	#listen [::]:443 ssl;
	listen 443 ssl;
	listen 80;
	listen [::]:80;
	server_name i-cf.yunyuyuan.net i-d.yunyuyuan.net i-v.yunyuyuan.net;
	error_page 497 https://$host:8888$request_uri;

	set $whole_url "$scheme://$host";
	if ($whole_url ~ ^http://[^.]*-v) {
		return https://$host$request_uri;
	}

	root /var/www/i;
}

server {
	root /var/www/aria;
  location /jsonrpc {
          proxy_pass http://localhost:6800/jsonrpc;
          proxy_redirect off;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $host;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
  }
}

server {
  set $jellyfin 127.0.0.1;
  add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Content-Type-Options "nosniff";

	set $dist_url "/web/";

	if ($host ~ ^video-d) {
    set $dist_url ":8888/web/";
	}

  location = / {
    return 302 https://$host$dist_url;
  }
  location = /web {
    return 302 https://$host$dist_url;
  }

  location / {
    proxy_pass http://$jellyfin:8096;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Protocol $scheme;
    proxy_set_header X-Forwarded-Host $http_host;

    proxy_buffering off;
  }
  location = /web/ {
    proxy_pass http://$jellyfin:8096/web/index.html;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Protocol $scheme;
    proxy_set_header X-Forwarded-Host $http_host;
  }
  location /socket {
    # Proxy Jellyfin Websockets traffic
    proxy_pass http://$jellyfin:8096;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Protocol $scheme;
    proxy_set_header X-Forwarded-Host $http_host;
  }
}

server {
	auth_basic  "Restricted";
	auth_basic_user_file  /etc/nginx/auth-pairs;
}