diff --git a/pillars/roles/nginx/jellyfin.sls b/pillars/roles/nginx/jellyfin.sls index 153e2ec..ace1e18 100644 --- a/pillars/roles/nginx/jellyfin.sls +++ b/pillars/roles/nginx/jellyfin.sls @@ -4,6 +4,11 @@ nginx: https: port: 8096 prot: http + proxy_headers: + X-Forwarded-Protocol: $scheme + Upgrade: $http_upgrade + Connection: upgrade + portal: Media: diff --git a/states/roles/maintain/nginx-proxy/local.conf b/states/roles/maintain/nginx-proxy/local.conf index 754729c..95e4463 100644 --- a/states/roles/maintain/nginx-proxy/local.conf +++ b/states/roles/maintain/nginx-proxy/local.conf @@ -39,6 +39,11 @@ server { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Ssl on; +{%- if pillar['nginx'][server]['proxy_headers'] is defined -%} + {%- for header in pillar['nginx'][server]['proxy_headers'] %} + proxy_set_header {{header}} {{pillar['nginx'][server]['proxy_headers'][header]}}; + {%- endfor %} +{%- endif %} # re-write redirects to http as to https, example: /home proxy_redirect http:// https://; diff --git a/states/roles/maintain/nginx-proxy/remote.conf b/states/roles/maintain/nginx-proxy/remote.conf index 9bccdd8..adbc78c 100644 --- a/states/roles/maintain/nginx-proxy/remote.conf +++ b/states/roles/maintain/nginx-proxy/remote.conf @@ -38,8 +38,17 @@ server { {% set location="2" %}{% include 'roles/maintain/nginx-proxy/auth.conf' %} proxy_pass $backend; proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Port 443; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Ssl on; + +{%- if pillar['nginx'][server]['proxy_headers'] is defined -%} + {%- for header in pillar['nginx'][server]['proxy_headers'] %} + proxy_set_header {{header}} {{pillar['nginx'][server]['proxy_headers'][header]}}; + {%- endfor %} +{%- endif %} # re-write redirects to http as to https, example: /home proxy_redirect http:// https://;