3.7 KiB
ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m;
upstream plex_backend {
server 127.0.0.1:32400; keepalive 32; }
server {
listen 443 ssl http2; # http2 can provide a substantial improvement for streaming: https://blog.cloudflare.com/introducing-http2/ listen [::]:443 ssl http2; server_name plex.theribbles.org;
send_timeout 100m; # Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause (e.g. Chrome)
ssl_stapling on; ssl_stapling_verify on;
gzip on; gzip_vary on; gzip_min_length 1000; gzip_proxied any; gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml; gzip_disable "MSIE [1-6]\.";
client_max_body_size 100M;
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade";
proxy_redirect off; proxy_buffering off;
location / {
proxy_pass http://plex_backend; }
#}
ssl_certificate /etc/letsencrypt/live/theribbles.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/theribbles.org/privkey.pem; # managed by Certbot }
server { if ($host = plex.theribbles.org) { return 301 https://$host$request_uri; } # managed by Certbot
listen 80; listen [::]:80;
server_name plex.theribbles.org; return 404; # managed by Certbot
}