apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: jellyfin-backend-ingress
  namespace: media
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`media.kluster.moll.re`) && !Path(`/metrics`)
      middlewares:
        - name: jellyfin-websocket
        - name: jellyfin-server-headers
      kind: Rule
      services:
        - name: jellyfin-server
          port: 8096
  tls:
    certResolver: default-tls
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: jellyfin-websocket
  namespace: media
spec:
  headers:
    customRequestHeaders:
      Connection: keep-alive, Upgrade
      Upgrade: WebSocket
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: jellyfin-server-headers
  namespace: media
spec:
  headers:
    accessControlAllowCredentials: true
    accessControlAllowHeaders: [ "Authorization","Content-Type" ] # "Accept","Origin"
    accessControlAllowMethods: [ "GET","HEAD","OPTIONS" ] # "POST","PUT"
    accessControlAllowOriginList:
      - "*"
    accessControlMaxAge: 100