configpolicy/roles/jellyfin/templates/jellyfin.httpd.conf.j2

<VirtualHost _default_:80>
    ServerName {{ jellyfin_server_name }}

    RewriteEngine On
    RewriteCond %{HTTPS} !on
    RewriteCond %{SERVER_NAME} {{ jellyfin_server_name }}
    RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]
</VirtualHost>

<VirtualHost _default_:443>
    ServerName {{ jellyfin_server_name }}

    SSLCertificateFile {{ jellyfin_ssl_certificate }}
    SSLCertificateKeyFile {{ jellyfin_ssl_certificate_key }}
    SSLCertificateChainFile {{ jellyfin_ssl_certificate }}

    ProxyPreserveHost On
    ProxyRequests Off

    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*)  ws://localhost:8096/$1 [P,L]
    RewriteRule /(.*)  http://localhost:8096/$1 [P,L]
    ProxyPassReverse / http://localhost:8096/

    Header always set \
        Strict-Transport-Security "max-age=63072000; includeSubDomains"
</VirtualHost>