Add example reverse proxy configs

docs/administrator-docs/reverse-proxy.md

@@ -0,0 +1,95 @@
+# Running Jellyfin Behind a Reverse Proxy
+
+It's possible to run Jellyfin behind another server acting as a reverse proxy.  With a reverse proxy setup, this alternative server handles all network traffic and proxies it back to Jellyfin.  This has the benefit of having nice DNS names and not having to remember port numbers, as well as easier integration with SSL certificates.
+
+Three popular options for reverse proxy systems are [Apache](https://httpd.apache.org/), [Haproxy](https://www.haproxy.com/), and [Nginx](https://www.nginx.com/).
+
+## Apache
+
+```
+<VirtualHost *:80>
+    ServerAdmin master@jellyfin.example.com
+    ServerName jellyfin.example.com
+
+    Redirect permanent / https://jellyfin.example.com
+
+    ErrorLog /var/log/apache2/jellyfin.example.com-error.log
+    CustomLog /var/log/apache2/jellyfin.example.com-access.log combined
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+    ServerAdmin master@jellyfin.example.com
+    ServerName jellyfin.example.com
+
+    ProxyPreserveHost On
+
+    ProxyPass "/embywebsocket" "ws://127.0.0.1:8096/embywebsocket"
+    ProxyPassReverse "/embywebsocket" "ws://127.0.0.1:8096/embywebsocket"
+
+    ProxyPass "/" "http://127.0.0.1:8096/"
+    ProxyPassReverse "/" "http://127.0.0.1:8096/"
+
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/jellyfin.example.com/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/jellyfin.example.com/privkey.pem
+
+    ErrorLog /var/log/apache2/jellyfin.example.com-error.log
+    CustomLog /var/log/apache2/jellyfin.example.com-access.log combined
+</VirtualHost>
+</IfModule>
+```
+
+If you encouter errors, you may have to enable `mod_proxy` or `mod_ssl` support manually.
+```
+$ sudo a2enmod proxy proxy_http
+$ sudo a2enmod ssl
+```
+
+## Haproxy
+
+```
+frontend https_proxy
+    bind *:80
+# Note that haproxy requires you to concatenate the certificate and key into a single file
+    bind *:443 ssl crt /etc/letsencrypt/live/jellyfin.example.com/complete.pem
+    default_backend jellyfin
+    redirect scheme https if !{ ssl_fc }
+
+backend jellyfin
+    http-request set-header X-Forwarded-Port %[dst_port]
+    http-request add-header X-Forwarded-Proto https if { ssl_fc }
+    server jellyfin 127.0.0.1:8096
+```
+
+## Nginx
+
+```
+server {
+    listen 80;
+    server_name jellyfin.example.com;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name jellyfin.example.com;
+    ssl_certificate /etc/letsencrypt/live/jellyfin.example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/jellyfin.example.com/privkey.pem;
+
+    location / {
+        proxy_pass http://127.0.0.1:8096;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto $remote_addr;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_redirect off;
+
+        # Send websocket data to the backend aswell
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
+```

mkdocs.yml

@@ -17,6 +17,7 @@ pages:
     - Migrating from Emby: 'administrator-docs/migrate-from-emby.md'
     - Port bindings: 'administrator-docs/port-bindings.md'
     - Plugins: 'administrator-docs/plugins.md'
+    - Reverse proxy: 'administrator-docs/reverse-proxy.md'
   - Contributor Docs:
     - Contributing to Jellyfin: 'contributor-docs/contributing.md'
     - GitHub Issues: 'contributor-docs/issues.md'