-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathjellyfin.yml
63 lines (62 loc) · 3.3 KB
/
jellyfin.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
version: "3.7"
services:
## Jellyfin - Media Server
jellyfin:
container_name: jellyfin
image: linuxserver/jellyfin:latest
restart: always
devices:
- /dev/dri:/dev/dri
networks:
home_net:
ipv4_address: 192.168.0.75
ports:
- "8097:8096"
- "8921:8920"
security_opt:
- no-new-privileges:true
volumes:
- $HOME/Training/:/TVSHOWS:ro
- $USERDIR/media:/config
environment:
- PUID=$PUID
- PGID=$PGID
- TZ=$TZ
- UMASK_SET=022
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.jellyfin-rtr.entrypoints=https"
- "traefik.http.routers.jellyfin-rtr.rule=HostHeader(`media.$DOMAINNAME`)"
- "traefik.http.routers.jellyfin-rtr.tls=true"
## Middlewares
- "traefik.http.routers.jellyfin-rtr.middlewares=jellyfin-headers"
- "traefik.http.middlewares.jellyfin-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT"
- "traefik.http.middlewares.jellyfin-headers.headers.accesscontrolalloworiginlist=https://$DOMAINNAME"
- "traefik.http.middlewares.jellyfin-headers.headers.accesscontrolmaxage=100"
- "traefik.http.middlewares.jellyfin-headers.headers.addvaryheader=true"
# - "traefik.http.middlewares.jellyfin-headers.headers.allowedhosts=jellyfin.$DOMAINNAME"
- "traefik.http.middlewares.jellyfin-headers.headers.hostsproxyheaders=X-Forwarded-Host"
- "traefik.http.middlewares.jellyfin-headers.headers.sslredirect=true"
# - "traefik.http.middlewares.jellyfin-headers.headers.sslhost=jellyfin.$DOMAINNAME"
# - "traefik.http.middlewares.jellyfin-headers.headers.sslforcehost=true"
# - "traefik.http.middlewares.jellyfin-headers.headers.sslproxyheaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.jellyfin-headers.headers.stsseconds=63072000"
- "traefik.http.middlewares.jellyfin-headers.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.jellyfin-headers.headers.stspreload=true"
- "traefik.http.middlewares.jellyfin-headers.headers.forcestsheader=true"
- "traefik.http.middlewares.jellyfin-headers.headers.framedeny=true"
# - "traefik.http.middlewares.jellyfin-headers.headers.customframeoptionsvalue=SAMEORIGIN" # This option overrides FrameDeny
- "traefik.http.middlewares.jellyfin-headers.headers.contenttypenosniff=true"
- "traefik.http.middlewares.jellyfin-headers.headers.browserxssfilter=true"
# - "traefik.http.middlewares.jellyfin-headers.headers.contentsecuritypolicy=frame-ancestors 'none'; object-src 'none'; base-uri 'none';"
- "traefik.http.middlewares.jellyfin-headers.headers.referrerpolicy=same-origin"
- "traefik.http.middlewares.jellyfin-headers.headers.featurepolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
- "traefik.http.middlewares.jellyfin-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex,"
- "traefik.http.middlewares.jellyfin-headers.headers.customframeoptionsvalue=allow-from https:$DOMAINNAME" # This option overrides FrameDeny
## HTTP Services
- "traefik.http.routers.jellyfin-rtr.service=jellyfin-svc"
- "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096"
networks:
home_net:
external: true