checking in some changes to jellyfin #48

Merged
ben merged 6 commits from jellyfin-logs-nginx into main 2023-02-15 16:12:39 +00:00
7 changed files with 81 additions and 66 deletions

View File

@ -1,3 +1,7 @@
--- ---
jellyfin_root: /srv/jellyfin jellyfin_root: /srv/jellyfin
jellyfin_backend: main
jellyfin_nginx_listen_port: "443"
jellyfin_nginx_enabled: true
jellyfin_auth_enabled: false

View File

@ -4,6 +4,7 @@
service: service:
name: nginx name: nginx
state: reloaded state: reloaded
when: jellyfin_nginx_enabled
- name: restart telegraf - name: restart telegraf
service: service:

View File

@ -30,15 +30,17 @@
- name: create dir structure - name: create dir structure
file: file:
path: "{{ jellyfin_root }}/{{ item }}" path: "{{ jellyfin_root }}/{{ item.name }}"
state: directory state: directory
mode: 0750 mode: "{{ item.mode | default('0750') }}"
owner: jellyfin owner: jellyfin
group: jellyfin group: jellyfin
with_items: with_items:
- config - name: config
- config/plugins/configurations - name: config/plugins/configurations
- cache - name: cache
- name: jellyfin-web
mode: "0755"
tags: jellyfin-dirs tags: jellyfin-dirs
- name: create nginx cache dir - name: create nginx cache dir
@ -60,6 +62,7 @@
tags: tags:
- nginx-config - nginx-config
- jellyfin-conf - jellyfin-conf
when: jellyfin_auth_enabled
notify: reload nginx notify: reload nginx
- name: template html - name: template html
@ -72,6 +75,7 @@
with_items: with_items:
- jellyfin_auth_ok.html - jellyfin_auth_ok.html
- jellyfin_auth_prompt.html - jellyfin_auth_prompt.html
when: jellyfin_auth_enabled
tags: tags:
- nginx-config - nginx-config
- jellyfin-conf - jellyfin-conf
@ -83,14 +87,16 @@
owner: www-data owner: www-data
group: www-data group: www-data
mode: 0755 mode: 0755
tags:
- jellyfin-web-config.json
- name: start container - name: start container
docker_container: docker_container:
name: jellyfin name: jellyfin
image: jellyfin/jellyfin:10.8.7 image: jellyfin/jellyfin:{{ jellyfin_version }}
auto_remove: no auto_remove: false
detach: yes detach: true
pull: yes pull: true
restart_policy: "unless-stopped" restart_policy: "unless-stopped"
state: started state: started
user: "{{ systemuserlist.jellyfin.uid }}:{{ grouplist.media.gid }}" user: "{{ systemuserlist.jellyfin.uid }}:{{ grouplist.media.gid }}"
@ -100,7 +106,9 @@
dockerlogs_format: jellyfin dockerlogs_format: jellyfin
ports: ports:
- 127.0.0.1:8096:8096 - 127.0.0.1:8096:8096
networks_cli_compatible: no - 1999:1900/tcp
- 1900:1900/udp
networks_cli_compatible: true
networks: networks:
- name: bridgewithdns - name: bridgewithdns
ipv4_address: "{{ bridgewithdns.notflix }}" ipv4_address: "{{ bridgewithdns.notflix }}"
@ -120,7 +128,7 @@
# - type: bind # - type: bind
# source: "{{ jellyfin_root }}/index.html" # source: "{{ jellyfin_root }}/index.html"
# target: /jellyfin/jellyfin-web/index.html # target: /jellyfin/jellyfin-web/index.html
# read_only: yes # read_only: true
env: env:
JELLYFIN_PublishedServerUrl: "{{ jellyfin_url }}" JELLYFIN_PublishedServerUrl: "{{ jellyfin_url }}"
tags: tags:
@ -154,6 +162,8 @@
owner: jellyfin owner: jellyfin
group: jellyfin group: jellyfin
mode: 0644 mode: 0644
tags:
- jellyfin-log
- name: jellyfin nginx dir - name: jellyfin nginx dir
file: file:
@ -169,6 +179,7 @@
owner: jellyfin owner: jellyfin
group: jellyfin group: jellyfin
mode: 0775 mode: 0775
when: jellyfin_auth_enabled
changed_when: false changed_when: false
- name: template auth stuff - name: template auth stuff
@ -184,6 +195,7 @@
with_items: with_items:
- users.digest - users.digest
- jellyfin_auth.conf - jellyfin_auth.conf
when: jellyfin_auth_enabled
- name: template acl script - name: template acl script
template: template:
@ -192,6 +204,7 @@
mode: 0755 mode: 0755
owner: www-data owner: www-data
group: www-data group: www-data
when: jellyfin_auth_enabled
tags: tags:
- jellyfin-auth - jellyfin-auth
@ -199,6 +212,7 @@
template: template:
src: private/jellyfin_auth.service.j2 src: private/jellyfin_auth.service.j2
dest: "/etc/systemd/system/jellyfin_auth.service" dest: "/etc/systemd/system/jellyfin_auth.service"
when: jellyfin_auth_enabled
tags: tags:
- jellyfin-auth - jellyfin-auth
@ -208,6 +222,7 @@
enabled: false enabled: false
daemon_reload: true daemon_reload: true
name: jellyfin_auth name: jellyfin_auth
when: jellyfin_auth_enabled
- name: template robots.txt - name: template robots.txt
template: template:

View File

@ -5,9 +5,9 @@
# map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; } #} # map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; } #}
server { server {
listen 443 ssl http2; listen {{ jellyfin_nginx_listen_port }} ssl http2;
{% if inventory_hostname in wg_clients -%} {% if inventory_hostname in wg_clients -%}
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2; listen {{ wg_clients[inventory_hostname].ip }}:{{ jellyfin_nginx_listen_port }} ssl http2;
{% endif -%} {% endif -%}
include /etc/nginx/sudo-known.conf; include /etc/nginx/sudo-known.conf;
@ -20,7 +20,6 @@ server {
# set $jellyfin jellyfin; # set $jellyfin jellyfin;
# resolver 127.0.0.1 valid=30; # resolver 127.0.0.1 valid=30;
# access log is used by python script
access_log /var/log/nginx/access_{{ jellyfin_url }}.log main; access_log /var/log/nginx/access_{{ jellyfin_url }}.log main;
error_log /var/log/nginx/error_{{ jellyfin_url }}.log warn; error_log /var/log/nginx/error_{{ jellyfin_url }}.log warn;
@ -58,20 +57,6 @@ server {
proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Accept-Encoding ""; proxy_set_header Accept-Encoding "";
proxy_hide_header last-modified;
proxy_hide_header cache-control;
proxy_hide_header date;
etag off;
proxy_hide_header "ETag";
if_modified_since off;
expires off;
# this causes nginx to add a second cache-control header
# but with value 'no-cache'.
#expires -1;
add_header Last-Modified $date_gmt always;
add_header Cache-Control 'no-store' always;
# Disable buffering when the nginx proxy gets very resource # Disable buffering when the nginx proxy gets very resource
# heavy upon streaming # heavy upon streaming
@ -93,22 +78,40 @@ server {
proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Accept-Encoding ""; proxy_set_header Accept-Encoding "";
proxy_hide_header last-modified;
proxy_hide_header cache-control;
proxy_hide_header date;
etag off; # ## this was also in the 'location /' block, if i add it back, also add it
proxy_hide_header "ETag"; # ## back there! (2023-02)
if_modified_since off; # proxy_hide_header last-modified;
expires off; # proxy_hide_header cache-control;
add_header Last-Modified $date_gmt always; # proxy_hide_header date;
add_header Cache-Control 'no-store' always;
# etag off;
# proxy_hide_header "ETag";
# if_modified_since off;
# expires off;
# add_header Last-Modified $date_gmt always;
# add_header Cache-Control 'no-store' always;
# add_header Clear-Site-Data "cache" always; # add_header Clear-Site-Data "cache" always;
# # useful until builds/jellyfin-web is in use.
# sub_filter_types application/javascript;
# sub_filter_once off;
# sub_filter 'config.json' 'config.json?id=$request_id';
}
location = /web/config.json {
# redirect = 302 = temporary
#
# seems to work this way without rewriting the javascript with sub_filter and
# overriding cache entries (providing the client/browser doesnt already have
# the stupid service worker cache already)
if ($is_args = '') {
rewrite "^/web/config.json$" "/web/config.json?id=$request_id" redirect;
}
alias "{{ jellyfin_root }}/jellyfin-web/config.json";
} }
# location = /web/config.json {
# alias "{{ jellyfin_root }}/jellyfin-web/config.json";
# }
location /socket { location /socket {
proxy_pass http://127.0.0.1:{{ jellyfin_port }}; proxy_pass http://127.0.0.1:{{ jellyfin_port }};
@ -127,7 +130,9 @@ server {
{% for item in ["/health", "/GetUtcTime"] -%} {% for item in ["/health", "/GetUtcTime"] -%}
location {{ item }} { location {{ item }} {
allow 127.0.0.1; allow 127.0.0.1;
{% if inventory_hostname in my_public_ips -%}
allow {{ my_public_ips[inventory_hostname] }}/32; allow {{ my_public_ips[inventory_hostname] }}/32;
{% endif -%}
allow {{ my_public_ips[ansible_control_host] }}/32; allow {{ my_public_ips[ansible_control_host] }}/32;
allow {{ wireguard_cidr }}; allow {{ wireguard_cidr }};
deny all; deny all;
@ -187,9 +192,6 @@ server {
# ## in addition to “text/html”. # ## in addition to “text/html”.
# sub_filter_types application/javascript; # sub_filter_types application/javascript;
# sub_filter_types application/javascript;
# sub_filter_once off;
# sub_filter 'config.json' 'config.json?foo=$date_gmt';
} }

View File

@ -16,6 +16,7 @@
fields_under_root: true fields_under_root: true
fields: fields:
service.type: jellyfin service.type: jellyfin
jellyfin.backend: {{ jellyfin_backend }}
tags: tags:
- jellyfin - jellyfin

View File

@ -50,12 +50,18 @@
"url": "https://status-{{ jellyfin_url }}/" "url": "https://status-{{ jellyfin_url }}/"
}, },
{ {
"name": "Password reset", "name": "change password",
"url": "https://{{ authelia_login_url }}/reset-password/step1" "url": "https://{{ authelia_login_url }}/reset-password/step1"
}, },
{ {
"name": "TV show calendar", "name": "tv calendar",
"url": "https://pirate.sudo.is/sonarr/feed/calendar/Sonarr.ics" "url": "https://pirate.sudo.is/sonarr/feed/calendar/Sonarr.ics"
},
{
"name": "chatroom: #{{ jellyfin_url.replace('.', ':', 1) }}",
"url": "https://matrix.to/#/#{{ jellyfin_url.replace('.', ':', 1) }}"
} }
] ]
} }

View File

@ -1,18 +1,17 @@
{ {
"Serilog": { "Serilog": {
// "Using": [ "Serilog.Sinks.Http" ],
"MinimumLevel": { "MinimumLevel": {
"Default": "Information", "Default": "Information",
"Override": { "Override": {
"Microsoft": "Warning", "Microsoft": "Information",
"System": "Warning" "System": "Information"
} }
}, },
"WriteTo": [ "WriteTo": [
{ {
"Name": "Async", "Name": "Async",
"Args": { "Args": {
//"bufferSize": 10000000, {# "bufferSize": 10000000, -#}
"configure": [ "configure": [
{ {
"Name": "File", "Name": "File",
@ -22,24 +21,11 @@
"retainedFileCountLimit": 3, "retainedFileCountLimit": 3,
"rollOnFileSizeLimit": true, "rollOnFileSizeLimit": true,
"fileSizeLimitBytes": 100000000, "fileSizeLimitBytes": 100000000,
//"outputTemplate": "{\"@timestamp\":\"{Timestamp:yyyy-MM-dd HH:mm:ss.fff zzz}\",\"level\":\"{Level:u3}\",\"thread_id\":\"{ThreadId}\",\"logger_name\":\"{SourceContext}\",\"message\":\"{Message:lj}\",\"exception\":\"{Exception:lj}\"} {NewLine}" {# "outputTemplate": "{\"@timestamp\":\"{Timestamp:yyyy-MM-dd HH:mm:ss.fff zzz}\",\"level\":\"{Level:u3}\",\"thread_id\":\"{ThreadId}\",\"logger_name\":\"{SourceContext}\",\"message\":\"{Message:lj}\",\"exception\":\"{Exception:lj}\"} {NewLine}" -#}
//"outputTemplate": "[{Timestamp:yyyy-MM-dd HH:mm:ss.fff zzz}] [{Level:u4}] [{ThreadId}] {SourceContext}: {Message}{NewLine}{Exception}" {# "outputTemplate": "[{Timestamp:yyyy-MM-dd HH:mm:ss.fff zzz}] [{Level:u4}] [{ThreadId}] {SourceContext}: {Message}{NewLine}{Exception}" -#}
"outputTemplate": "[{Level:u4}] - {SourceContext} - {Message}{NewLine}{Exception}" "outputTemplate": "[{Level:u4}] - {SourceContext} - {Message}{NewLine}{Exception}"
} }
} // , }
// {
// "Name": "Http",
// "Args":
// {
// //"outputTemplate": "[{Timestamp:yyyy-MM-dd HH:mm:ss.fff zzz}] [{Level:u3}] [{ThreadId}] {SourceContext}: {Message}{NewLine}{Exception}"
// "outputTemplate": "{\"@timestamp\":\"{Timestamp:yyyy-MM-dd HH:mm:ss.fff zzz}\",\"level\":\"{Level:u3}\",\"thread_id\":\"{ThreadId}\",\"logger_name\":\"{SourceContext}\",\"message\":\"{Message:lj}\",\"exception\":\"{Exception:lj}\"} {NewLine}",
// "requestUri": "http://{{ logstash_url }}:{{ logstash_http }}",
// "textFormatter": "Serilog.Formatting.Elasticsearch.ElasticsearchJsonFormatter, Serilog.Formatting.Elasticsearch",
// "batchFormatter": "Serilog.Sinks.Http.BatchFormatters.ArrayBatchFormatter, Serilog.Sinks.Http"
// }
// }
] ]
} }
} }