From 65352d35d39e3f584c6013e103a502dad45706e8 Mon Sep 17 00:00:00 2001
From: Actaeus Curabitur <actcur@actcur.com>
Date: Wed, 6 Dec 2023 01:25:50 -0600
Subject: [PATCH] added per-service proxy header settings and set them for
 jellyfin

---
 pillars/roles/nginx/jellyfin.sls              | 5 +++++
 states/roles/maintain/nginx-proxy/local.conf  | 5 +++++
 states/roles/maintain/nginx-proxy/remote.conf | 9 +++++++++
 3 files changed, 19 insertions(+)

diff --git a/pillars/roles/nginx/jellyfin.sls b/pillars/roles/nginx/jellyfin.sls
index 153e2ec..ace1e18 100644
--- a/pillars/roles/nginx/jellyfin.sls
+++ b/pillars/roles/nginx/jellyfin.sls
@@ -4,6 +4,11 @@ nginx:
     https:
       port: 8096
       prot: http
+    proxy_headers:
+      X-Forwarded-Protocol: $scheme
+      Upgrade: $http_upgrade
+      Connection: upgrade
+
 
 portal:
   Media:
diff --git a/states/roles/maintain/nginx-proxy/local.conf b/states/roles/maintain/nginx-proxy/local.conf
index 754729c..95e4463 100644
--- a/states/roles/maintain/nginx-proxy/local.conf
+++ b/states/roles/maintain/nginx-proxy/local.conf
@@ -39,6 +39,11 @@ server {
     proxy_set_header X-Forwarded-For $remote_addr;
     proxy_set_header X-Forwarded-Ssl on;
 
+{%- if pillar['nginx'][server]['proxy_headers'] is defined -%}
+  {%- for header in pillar['nginx'][server]['proxy_headers'] %}
+    proxy_set_header {{header}} {{pillar['nginx'][server]['proxy_headers'][header]}};
+  {%- endfor %}
+{%- endif %}
 
     # re-write redirects to http as to https, example: /home
     proxy_redirect http:// https://;
diff --git a/states/roles/maintain/nginx-proxy/remote.conf b/states/roles/maintain/nginx-proxy/remote.conf
index 9bccdd8..adbc78c 100644
--- a/states/roles/maintain/nginx-proxy/remote.conf
+++ b/states/roles/maintain/nginx-proxy/remote.conf
@@ -38,8 +38,17 @@ server {
     {% set location="2" %}{% include 'roles/maintain/nginx-proxy/auth.conf' %}
     proxy_pass $backend;
     proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Proto https;
+    proxy_set_header X-Forwarded-Port 443;
     proxy_set_header X-Real-IP  $remote_addr;
     proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_set_header X-Forwarded-Ssl on;
+
+{%- if pillar['nginx'][server]['proxy_headers'] is defined -%}
+  {%- for header in pillar['nginx'][server]['proxy_headers'] %}
+    proxy_set_header {{header}} {{pillar['nginx'][server]['proxy_headers'][header]}};
+  {%- endfor %}
+{%- endif %}
 
     # re-write redirects to http as to https, example: /home
     proxy_redirect http:// https://;