diff --git a/hosts/Alaska/default.nix b/hosts/Alaska/default.nix
index c34ba52..0449e51 100644
--- a/hosts/Alaska/default.nix
+++ b/hosts/Alaska/default.nix
@@ -6,7 +6,7 @@
   imports = [ 
     (import ./hardware-configuration.nix)
     (import ./containers/nextcloud.nix)
-    (import ./modules/nginx.nix)
+   (import ./modules/nginx.nix)
   ];
 
   environment.systemPackages = [
@@ -29,6 +29,11 @@
       };
   };
 
+  services.jellyfin = {
+    enable = true;
+    openFirewall = true;
+  };
+
   services = {
     sshd.enable = true;
     openssh.settings = {
diff --git a/hosts/Alaska/modules/nginx.nix b/hosts/Alaska/modules/nginx.nix
index 0477424..0c0567a 100644
--- a/hosts/Alaska/modules/nginx.nix
+++ b/hosts/Alaska/modules/nginx.nix
@@ -3,30 +3,40 @@
 {
   services.nginx = {
     enable = true;
+    commonHttpConfig = ''
+      real_ip_header CF-Connecting-IP;
+      add_header 'Referrer-Policy' 'origin-when-cross-origin';
+      add_header X-Frame-Options DENY;
+      add_header X-Content-Type-Options nosniff;
+    '';
+
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
 
     virtualHosts = {
-      "nickiel.net" = {
-        forceSSL = true;
-        sslCertificate = "/Aurora/nickiel.net.pem";
-        sslCertificateKey = "/Aurora/nickiel.net.key";
-        locations."/" = {
-          root = "/var/lib/acme/nickiel.net";
-        };
+
+      "jellyfin.nickiel.net" = {
+          forceSSL = true;
+          sslCertificate = "/Aurora/nickiel.net.pem";
+          sslCertificateKey = "/Aurora/nickiel.net.key";
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:8096/";
+            proxyWebsockets = true;
+            #extraConfig = "proxy_pass_header Authorization";
+          };
       };
 
-      "files.nickiel.net" = {
-            forceSSL = true;
-            sslCertificate = "/Aurora/nickiel.net.pem";
-            sslCertificateKey = "/Aurora/nickiel.net.key";
-            locations."/" = {
-              proxyPass = "http://192.168.100.11:80";
-              proxyWebsockets = true;
-            };
-          };
+      #"files.nickiel.net" = {
+      #      forceSSL = true;
+      #      sslCertificate = "/Aurora/nickiel.net.pem";
+      #      sslCertificateKey = "/Aurora/nickiel.net.key";
+      #      locations."/" = {
+      #        proxyPass = "http://192.168.100.11:80";
+      #        proxyWebsockets = true;
+      #      };
+      #    };
     };
   };
 }