From e923048e76ff1d3947275ffbd44af764c562f3b1 Mon Sep 17 00:00:00 2001
From: ltp <leo@ltp.pt>
Date: Thu, 22 Aug 2024 19:39:18 -0300
Subject: [PATCH 1/4] restrict access to metrics endpoint in subdomain

https://jellyfin.org/docs/general/networking/monitoring/#prometheus-metrics
---
 jellyfin.subdomain.conf.sample | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/jellyfin.subdomain.conf.sample b/jellyfin.subdomain.conf.sample
index 479ca30..da0c45b 100644
--- a/jellyfin.subdomain.conf.sample
+++ b/jellyfin.subdomain.conf.sample
@@ -37,4 +37,22 @@ server {
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
     }
+
+    # Restrict access to /metrics
+    # https://jellyfin.org/docs/general/networking/monitoring/#prometheus-metrics
+    location /jellyfin/metrics {
+        allow 192.168.0.0/16;
+        allow 10.0.0.0/8;
+        allow 172.16.0.0/12
+        allow 127.0.0.0/8;
+
+        deny all;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app jellyfin;
+        set $upstream_port 8096;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
 }

From 41d2b0c17a55425c3cfad044f01cef54f3b04450 Mon Sep 17 00:00:00 2001
From: ltp <leo@ltp.pt>
Date: Thu, 22 Aug 2024 20:03:06 -0300
Subject: [PATCH 2/4] update version

---
 jellyfin.subdomain.conf.sample | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jellyfin.subdomain.conf.sample b/jellyfin.subdomain.conf.sample
index da0c45b..95c7f81 100644
--- a/jellyfin.subdomain.conf.sample
+++ b/jellyfin.subdomain.conf.sample
@@ -1,4 +1,4 @@
-## Version 2024/07/16
+## Version 2024/08/22
 # make sure that your jellyfin container is named jellyfin
 # make sure that your dns has a cname set for jellyfin
 # if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work as is

From 5ab73be89b3b00f8a056311d160c059453f3c8fe Mon Sep 17 00:00:00 2001
From: ltp <leo@ltp.pt>
Date: Thu, 22 Aug 2024 20:06:49 -0300
Subject: [PATCH 3/4] fix missing semi colon

---
 jellyfin.subdomain.conf.sample | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jellyfin.subdomain.conf.sample b/jellyfin.subdomain.conf.sample
index 95c7f81..ffc92c4 100644
--- a/jellyfin.subdomain.conf.sample
+++ b/jellyfin.subdomain.conf.sample
@@ -43,7 +43,7 @@ server {
     location /jellyfin/metrics {
         allow 192.168.0.0/16;
         allow 10.0.0.0/8;
-        allow 172.16.0.0/12
+        allow 172.16.0.0/12;
         allow 127.0.0.0/8;
 
         deny all;

From 7efa252e1316f760a2e644d56ed76a5d5e44fcef Mon Sep 17 00:00:00 2001
From: ltp <leo@ltp.pt>
Date: Fri, 23 Aug 2024 09:44:11 -0300
Subject: [PATCH 4/4] fix metrics path

---
 jellyfin.subdomain.conf.sample | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jellyfin.subdomain.conf.sample b/jellyfin.subdomain.conf.sample
index ffc92c4..36d1e73 100644
--- a/jellyfin.subdomain.conf.sample
+++ b/jellyfin.subdomain.conf.sample
@@ -40,7 +40,7 @@ server {
 
     # Restrict access to /metrics
     # https://jellyfin.org/docs/general/networking/monitoring/#prometheus-metrics
-    location /jellyfin/metrics {
+    location /metrics {
         allow 192.168.0.0/16;
         allow 10.0.0.0/8;
         allow 172.16.0.0/12;