This is absolutely possible as I do it myself however, executed entirely differently, my ASUS WRT Router with Merlin firmware handles the VPN server and it routes the IP range through my VPN provider (Proton), on the clients end their device see a Proton IP.

Didn’t have to mess with config files or anything, install the custom firmware and created a rule for the routing in the VPN Director.

Jellyfin thankfully lets you download content offline alternatively they just text me the IP and I whitelist it then blacklist it a week later, granted if I remember.

This really isn’t viable as WireGuard clients are just that, single device per client connection, what if someone started watching/listening content on their phone then all of sudden wanted to switch over to their TV or streaming device without having to go through a lot of hoops?

I opted to reverse proxy Jellyfin with Traefik however have fail2ban setup blocking every IP and only whitelisting the known users, added bonus of hiding Jellyfin’s default login form and required Keycloak for SSO.

Thank you for this! I never used Nginx directly and only thought of it as a reverse proxy but I had no idea it was capable of actually hosting html/php.

I went back to the drawing board so to say and was able to get GoAccess running, granted non-containerized on bare metal, and was able to reverse proxy the Nginx instance via Traefik.

Okay so going at it again, i think i now understand the reason for the Docker label now, here is my current docker-compose.yml i made some tweaks to the one from your github but i can’t seem to get a log file to generate.

I suspected it was a permissions issue on the volume mount so i ran chmod 777 on the ./config/csp directory but still wont get a log file.

Volume directory permissions:

user@debian:~/compose$ ls config/ | grep csp; ls config/csp/; ls config/csp/logs/
drwxrwxrwx  3 user user 4096 Aug  9 09:11 csp
total 12
drwxrwxrwx  3 user user 4096 Aug  9 09:11 .
drwxr-xr-x 44 user user 4096 Aug  8 16:41 ..
drwxrwxrwx  2 user user 4096 Aug  9 09:04 logs
total 8
drwxrwxrwx 2 user user 4096 Aug  9 09:04 .
drwxrwxrwx 3 user user 4096 Aug  9 09:11 ..

docker-compose.yml:

  csp-report:
    image: mhzawadi/csp-report
    networks:
      main:
        ipv4_address: 172.18.0.38
    #ports:
     # - "8432:8080"
    ports:
      - target: 8080
        published: 8432
        mode: host
    container_name: csp-report
    environment:
      - TZ=America/Vancouver
    labels:
      - "csp_report.url=192.168.1.199:3000"
    volumes:
      - ./config/csp/logs:/var/www/html/logs

Logs from the docker container:

user@debian:~/compose$ sudo docker compose up -d csp-report --force-recreate; sudo docker logs csp-report -f
WARN[0000] The "POSTGRES_DB" variable is not set. Defaulting to a blank string. 
[+] Running 1/1
 ✔ Container csp-report  Started                                                                                                             0.5s 
/config/start.sh: Launching Unit daemon to perform initial configuration...
2025/08/09 16:21:18 [info] 12#12 unit 1.34.1 started
2025/08/09 16:21:18 [info] 14#14 discovery started
BusyBox v1.37.0 (2025-08-05 16:42:11 UTC) multi-call binary.

Usage: seq [-w] [-s SEP] [FIRST [INC]] LAST

Print numbers from FIRST to LAST, in steps of INC.
FIRST, INC default to 1.

        -w      Pad with leading zeros
        -s SEP  String separator
2025/08/09 16:21:18 [notice] 14#14 module: php 8.4.2 "/usr/lib/unit/modules/php84.unit.so"
2025/08/09 16:21:18 [info] 13#13 controller started
2025/08/09 16:21:18 [notice] 13#13 process 14 exited with code 0
2025/08/09 16:21:18 [info] 18#18 router started
2025/08/09 16:21:18 [info] 18#18 OpenSSL 3.3.4 1 Jul 2025, 30300040
{
        "certificates": {},
        "config": {
                "listeners": {},
                "routes": [],
                "applications": {}
        },

        "status": {
                "modules": {
                        "php": {
                                "version": "8.4.2",
                                "lib": "/usr/lib/unit/modules/php84.unit.so"
                        }
                },

                "connections": {
                        "accepted": 0,
                        "active": 0,
                        "idle": 0,
                        "closed": 0
                },

                "requests": {
                        "total": 0
                },

                "applications": {}
        }
}
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
2025/08/09 16:21:18 [info] 20#20 "csp_report" prototype started
2025/08/09 16:21:18 [info] 21#21 "csp_report" application started
{
        "success": "Reconfiguration done."
}
100   413  100    43  100   370   2808  24162 --:--:-- --:--:-- --:--:-- 27533
/config/start.sh: Stopping Unit daemon after initial configuration...
2025/08/09 16:21:18 [notice] 13#13 process 17 exited with code 0
2025/08/09 16:21:18 [notice] 20#20 app process 21 exited with code 0
2025/08/09 16:21:18 [alert] 20#20 sendmsg(13, -1, -1, 2) failed (32: Broken pipe)
2025/08/09 16:21:18 [notice] 13#13 process 18 exited with code 0
2025/08/09 16:21:18 [notice] 13#13 process 20 exited with code 0
BusyBox v1.37.0 (2025-08-05 16:42:11 UTC) multi-call binary.

Usage: seq [-w] [-s SEP] [FIRST [INC]] LAST

Print numbers from FIRST to LAST, in steps of INC.
FIRST, INC default to 1.


/config/start.sh: Unit initial configuration complete; ready for start up...

        -w      Pad with leading zeros
        -s SEP  String separator
2025/08/09 16:21:18 [info] 1#1 unit 1.34.1 started
2025/08/09 16:21:18 [info] 31#31 discovery started
2025/08/09 16:21:18 [notice] 31#31 module: php 8.4.2 "/usr/lib/unit/modules/php84.unit.so"
2025/08/09 16:21:18 [info] 1#1 controller started
2025/08/09 16:21:18 [notice] 1#1 process 31 exited with code 0
2025/08/09 16:21:18 [info] 33#33 router started
2025/08/09 16:21:18 [info] 33#33 OpenSSL 3.3.4 1 Jul 2025, 30300040
2025/08/09 16:21:18 [info] 34#34 "csp_report" prototype started
2025/08/09 16:21:18 [info] 35#35 "csp_report" application started
127.0.0.1 - - [09/Aug/2025:16:21:23 +0000] "POST / HTTP/1.1" 200 7 "-" "curl/8.12.1"

Hey there! Following up on this, i got your application started however, it seems that this is more for folks who actually know PHP an HTML and less for folks like myself who just find Docker applications (Invidious, Homepage, RedLib) spin them up and rig them to work with one another so i don’t think this will work for me personally at the moment in time regardless seems like a great tool nonetheless!

Thanks again!

Is there any special configuration needed for it? Env variables, network interface, volumes & config files, etc?

I plan to set this up in a docker-compose file later this afternoon once I get some free time.

Ah bless!

I’ve been using Firefox extensions to make up my CSP’s and so far it’s been an absolute nightmare! Thank you for this tool!