-
Notifications
You must be signed in to change notification settings - Fork 1
/
UnicornLoadBalancer.conf
68 lines (55 loc) · 2.02 KB
/
UnicornLoadBalancer.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<VirtualHost *:80>
ServerName myplex.com
Redirect permanent / https://myplex.com
</VirtualHost>
<VirtualHost *:443>
ServerName myplex.com
# Logs
ErrorLog /var/log/httpd/myplex.com-error_log
CustomLog /var/log/httpd/myplex.com-access_log common
# SSL
SSLEngine On
SSLCertificateFile "/etc/letsencrypt/live/myplex.com/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/myplex.com/privkey.pem"
SSLProtocol +TLSv1.2
ProtocolsHonorOrder On
Protocols h2 http/1.1
############### Possible fixes if you have issues ##############
# SSLProxyVerify none
# SSLProxyCheckPeerCN Off
# SSLProxyCheckPeerName Off
# SSLStrictSNIVHostCheck On
################################################################
Options -Includes -ExecCGI
RewriteEngine On
LimitRequestBody 512000
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
FileETag None
TraceEnable off
Header edit Set-Cookie ^(.*)$ ;HttpOnly;Secure
Header set X-XSS-Protection "1; mode=block"
Timeout 60
<Location /:/websockets/notifications>
ProxyPass wss://<LoadBalancerIP>:<LoadBalancerPort>/:/websockets/notifications
ProxyPassReverse wss://<LoadBalancerIP>:<LoadBalancerPort>/:/websockets/notifications
ProxyPass ws://<LoadBalancerIP>:<LoadBalancerPort>/:/websockets/notifications
ProxyPassReverse ws://<LoadBalancerIP>:<LoadBalancerPort>/:/websockets/notifications
</Location>
# Proxy configuration
<Proxy "*">
Require all granted
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
SSLProxyEngine on
SSLProxyProtocol -ALL +TLSv1.2
ProxyPass / http://<LoadBalancerIP>:<LoadBalancerPort>/
ProxyPassReverse / http://<LoadBalancerIP>:<LoadBalancerPort>/
RewriteCond %{REQUEST_URI} !^/web
# plex web uses query strings, not headers
RewriteCond %{QUERY_STRING} !(.*(?:^|&))X-Plex-Device=(.*)((?:&|$).*)
RewriteCond %{HTTP:X-Plex-Device} ^$
RewriteCond %{REQUEST_METHOD} !^(OPTIONS)$
RewriteRule ^/$ /web/$1? [R,L]
</VirtualHost>