fix(jellyfin): use X-Forwarded-Proto header for TLS offloading via relayd

Amp-Thread-ID: https://ampcode.com/threads/T-019c12b1-e861-773b-8f74-64b6c2255a5f
Co-authored-by: Amp <amp@ampcode.com>

1 files changed, 7 insertions, 24 deletions

diff --git a/f3s/jellyfin/helm-chart/templates/ingress.yaml b/f3s/jellyfin/helm-chart/templates/ingress.yaml
index e7f0ade..6c5571b 100644
--- a/f3s/jellyfin/helm-chart/templates/ingress.yaml
+++ b/f3s/jellyfin/helm-chart/templates/ingress.yaml
@@ -1,4 +1,4 @@
-# Jellyfin Traefik IngressRoute - HTTPS
+# Jellyfin Traefik Ingress
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
@@ -6,40 +6,23 @@ metadata:
   namespace: services
 spec:
   entryPoints:
-    - websecure
-  routes:
-    - match: Host(`jellyfin.f3s.buetow.org`)
-      kind: Rule
-      services:
-        - name: jellyfin-server
-          port: 8096
-  tls:
-    certResolver: letsencrypt
----
-# Redirect HTTP to HTTPS
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: jellyfin-ingress-redirect
-  namespace: services
-spec:
-  entryPoints:
     - web
   routes:
     - match: Host(`jellyfin.f3s.buetow.org`)
       kind: Rule
       middlewares:
-        - name: redirect-https
+        - name: jellyfin-headers
       services:
         - name: jellyfin-server
           port: 8096
 ---
+# Middleware to add X-Forwarded-Proto header so Jellyfin knows it's HTTPS
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
-  name: redirect-https
+  name: jellyfin-headers
   namespace: services
 spec:
-  redirectScheme:
-    scheme: https
-    permanent: true
+  headers:
+    customRequestHeaders:
+      X-Forwarded-Proto: https