feat: add jellyfin to haproxy

2024-06-30 00:02:44 +10:00 · 2024-06-30 00:02:44 +10:00 · 2199e4e3c0
commit 2199e4e3c0
parent f81b5753ff
1 changed files with 19 additions and 0 deletions
--- a/hieradata/country/au/region/syd1/infra/halb/haproxy.yaml
+++ b/hieradata/country/au/region/syd1/infra/halb/haproxy.yaml
@ -11,6 +11,7 @@ profiles::haproxy::mappings:
      - 'lidarr.main.unkin.net be_lidarr'
      - 'readarr.main.unkin.net be_readarr'
      - 'prowlarr.main.unkin.net be_prowlarr'
+      - 'jellyfin.main.unkin.net be_jellyfin'
  fe_https:
    ensure: present
    mappings:
@ -21,6 +22,7 @@ profiles::haproxy::mappings:
      - 'lidarr.main.unkin.net be_lidarr'
      - 'readarr.main.unkin.net be_readarr'
      - 'prowlarr.main.unkin.net be_prowlarr'
+      - 'jellyfin.main.unkin.net be_jellyfin'

 profiles::haproxy::frontends:
  fe_http:
@ -153,6 +155,22 @@ profiles::haproxy::backends:
        - set-header X-Forwarded-Port %[dst_port]
        - add-header X-Forwarded-Proto https if { dst_port 443 }
      redirect: 'scheme https if !{ ssl_fc }'
+  be_jellyfin:
+    description: Backend for au-syd1 jellyfin
+    collect_exported: false # handled in custom function
+    options:
+      balance: roundrobin
+      option:
+        - httpchk GET /
+        - forwardfor
+        - http-keep-alive
+        - prefer-last-server
+      cookie: SRVNAME insert indirect nocache
+      http-reuse: always
+      http-request:
+        - set-header X-Forwarded-Port %[dst_port]
+        - add-header X-Forwarded-Proto https if { dst_port 443 }
+      redirect: 'scheme https if !{ ssl_fc }'

 profiles::haproxy::certlist::enabled: true
 profiles::haproxy::certlist::certificates:
@ -167,6 +185,7 @@ profiles::pki::vault::alt_names:
  - lidarr.main.unkin.net
  - readarr.main.unkin.net
  - prowlarr.main.unkin.net
+  - jellyfin.main.unkin.net

 # additional cnames
 profiles::haproxy::dns::cnames: