-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDefault
56 lines (47 loc) · 2.8 KB
/
Default
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
## Start of actual server blocks
server {
listen [::]:443 ssl http2; ## Listens on port 443 IPv6 with http2 and ssl enabled
listen 443 ssl http2; ## Listens on port 443 IPv4 with http2 and ssl enabled
proxy_buffering off; ## Sends data as fast as it can not buffering large chunks.
server_name emby.domainname.com; ## enter your service name and domain name here example emby.domainname.com
access_log logs/emby.log emby; ## Creates a log file with this name and the log info above.
## SSL SETTINGS ##
ssl_session_timeout 30m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_certificate ssl/pub.pem; ## Location of your public PEM file.
ssl_certificate_key ssl/pvt.pem; ## Location of your private PEM file.
ssl_session_cache shared:SSL:10m;
location ^~ /swagger { ## Disables access to swagger interface
return 404;
}
location / {
proxy_pass http://127.0.0.1:8096; ## Enter the IP and port of the backend emby server here.
client_max_body_size 1000M; ## Allows for mobile device large photo uploads.
proxy_hide_header X-Powered-By; ## Hides nginx server version from bad guys.
proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested.
proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested.
proxy_set_header X-Real-IP $remote_addr; ## Passes the real client IP to the backend server.
#proxy_set_header X-Real-IP $http_CF_Connecting_IP; ## if you use cloudflare un-comment this line and comment out above line.
proxy_set_header Host $host; ## Passes the requested domain name to the backend server.
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server.
## ADDITIONAL SECURITY SETTINGS ##
## Optional settings to improve security ##
## add these after you have completed your testing and ssl setup ##
## NOTICE: For the Strict-Transport-Security setting below, I would recommend ramping up to this value ##
## See https://hstspreload.org/ read through the "Deployment Recommendations" section first! ##
add_header 'Referrer-Policy' 'origin-when-cross-origin';
add_header Strict-Transport-Security "max-age=15552000; preload" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client.
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
}