diff --git a/modules/nixos/deertopia/authelia.nix b/modules/nixos/deertopia/authelia.nix
index 45dcdc2..95d7ad4 100644
--- a/modules/nixos/deertopia/authelia.nix
+++ b/modules/nixos/deertopia/authelia.nix
@@ -136,12 +136,12 @@ in {
          forceSSL = true;
          enableACME = true;
          extraConfig = ''
-        set $upstream http://127.0.0.1:${builtins.toString cfg.httpPort};
-      '';
+           set $upstream http://127.0.0.1:${builtins.toString cfg.httpPort};
+         '';
          locations."/".extraConfig = ''
-        include ${./authelia/proxy.conf};
-        proxy_pass $upstream;
-      '';
+           include ${./authelia/proxy.conf};
+           proxy_pass $upstream;
+         '';
          locations."/api/verify".proxyPass = "$upstream";
          locations."/api/authz".proxyPass = "$upstream";
        };
diff --git a/modules/nixos/deertopia/jellyfin.nix b/modules/nixos/deertopia/jellyfin.nix
index 41b92d8..a001e0f 100644
--- a/modules/nixos/deertopia/jellyfin.nix
+++ b/modules/nixos/deertopia/jellyfin.nix
@@ -28,12 +28,42 @@ in {
       openFirewall = true;
     };
 
-    sydnix.deertopia.nginx.vhosts."watch".vhost = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://localhost:8096"; # Uses default port.
+    sydnix.deertopia.nginx.vhosts."watch".vhost =
+      # Currently no (convenient) way to specify Jellyfin's port from Nix.
+      let port = builtins.toString 8096;
+      in {
+        forceSSL = true;
+        enableACME = true;
+        locations."/".extraConfig = ''
+          # Proxy main Jellyfin traffic.
+          proxy_pass $jellyfin;
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          proxy_set_header X-Forwarded-Protocol $scheme;
+          proxy_set_header X-Forwarded-Host $http_host;
+
+          # Disable buffering when the nginx proxy gets very resource heavy upon
+          # streaming.
+          proxy_buffering off;
+        '';
+        locations."/socket".extraConfig = ''
+          # Proxy Jellyfin Websockets traffic
+          proxy_pass $jellyfin;
+          proxy_http_version 1.1;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "upgrade";
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          proxy_set_header X-Forwarded-Protocol $scheme;
+          proxy_set_header X-Forwarded-Host $http_host;
+        '';
+        extraConfig = ''
+          set $jellyfin http://127.0.0.1:${port};
+        '';
       };
-    };
   };
 }