From 42a170066068b19bad72dca384715a3989d4663f Mon Sep 17 00:00:00 2001
From: roib20 <66280613+roib20@users.noreply.github.com>
Date: Mon, 20 Feb 2023 00:20:54 +0200
Subject: [PATCH 1/2] Add jfa-go conf

Signed-off-by: roib20 <66280613+roib20@users.noreply.github.com>
---
 jfa-go.subdomain.conf.sample | 44 ++++++++++++++++++++++++++++++++++++
 jfa-go.subfolder.conf.sample | 29 ++++++++++++++++++++++++
 2 files changed, 73 insertions(+)
 create mode 100644 jfa-go.subdomain.conf.sample
 create mode 100644 jfa-go.subfolder.conf.sample

diff --git a/jfa-go.subdomain.conf.sample b/jfa-go.subdomain.conf.sample
new file mode 100644
index 0000000..18718af
--- /dev/null
+++ b/jfa-go.subdomain.conf.sample
@@ -0,0 +1,44 @@
+## Version 2023/02/05
+# make sure that your jfa-go container is named jfa-go
+# make sure that your dns has a cname set for jfa-go
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name jfa-go.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app jfa-go;
+        set $upstream_port 8056;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+}
diff --git a/jfa-go.subfolder.conf.sample b/jfa-go.subfolder.conf.sample
new file mode 100644
index 0000000..e0488dc
--- /dev/null
+++ b/jfa-go.subfolder.conf.sample
@@ -0,0 +1,29 @@
+## Version 2023/02/05
+# make sure that your jfa-go container is named jfa-go
+# make sure to go into jfa-go Settings, under "General" set the Reverse Proxy subfolder to "/jfa-go/" and restart the jfa-go container
+
+location /jfa-go {
+    return 301 $scheme://$host/jfa-go/;
+}
+
+location ^~ /jfa-go/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_app jfa-go;
+    set $upstream_port 8056;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+}

From 006fc0636d8a4df235d2cfc579d6f662fcff1b2e Mon Sep 17 00:00:00 2001
From: roib20 <66280613+roib20@users.noreply.github.com>
Date: Mon, 20 Feb 2023 13:17:47 +0200
Subject: [PATCH 2/2] Update jfa-go confs to conform to jfa-go wiki

Signed-off-by: roib20 <66280613+roib20@users.noreply.github.com>
---
 jfa-go.subfolder.conf.sample | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/jfa-go.subfolder.conf.sample b/jfa-go.subfolder.conf.sample
index e0488dc..0709ebc 100644
--- a/jfa-go.subfolder.conf.sample
+++ b/jfa-go.subfolder.conf.sample
@@ -1,6 +1,6 @@
 ## Version 2023/02/05
 # make sure that your jfa-go container is named jfa-go
-# make sure to go into jfa-go Settings, under "General" set the Reverse Proxy subfolder to "/jfa-go/" and restart the jfa-go container
+# make sure to set the URL base (“Reverse Proxy subfolder”) in jfa-go > Settings > General (ui > url_base in jfa-go config.ini) to "/jfa-go/"
 
 location /jfa-go {
     return 301 $scheme://$host/jfa-go/;
@@ -26,4 +26,8 @@ location ^~ /jfa-go/ {
     set $upstream_port 8056;
     set $upstream_proto http;
     proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    # Remove the CSP header set for Jellyfin
+    proxy_hide_header Content-Security-Policy;
+    add_header Content-Security-Policy "";
 }