diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix
index 96d28cd..74a4dfe 100644
--- a/services/haproxy-acme.nix
+++ b/services/haproxy-acme.nix
@@ -58,6 +58,7 @@ let
         ''
         backend ${name}-backend
           mode http
+          ${value.extraBackend}
           ${(
             if value.socket == "" then
               ''
@@ -100,6 +101,7 @@ in
         port = mkOption { type = int; description = "Port number"; };
         socket = mkOption { type = str; description = "Emplacement du socket"; default = ""; };
         auth = mkOption { type = bool; description = "Enable authentification"; default = false; };
+        extraBackend = mkOption { type = str; description = "Options backend HaProxy suplémentaires"; default = ""; };
         extraAcls = mkOption { type = str; description = "ACL HaProxy suplémentaires"; default = ""; };
         aclBool = mkOption { type = str; description = "Logique d'authentification"; default = "!AUTH_OK"; };
       }; });
diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix
index 36493fe..ebef955 100644
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@@ -12,6 +12,17 @@ let
   factorio_port = 52351;
   airsonic_port = 4040;
 
+  jellyfin_backend = ''
+    http-request set-header X-Forwarded-Port %[dst_port]
+    http-request add-header X-Forwarded-Proto https if { ssl_fc }
+  '';
+  sonarr_acl = ''
+    acl API path_beg /api
+  '';
+  sonarr_auth = ''
+    !AUTH_OK !API
+  '';
+
   login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" ''
     if [ "$PAM_TYPE" != "close_session" ]; then
     ${pkgs.system-sendmail}/bin/sendmail paul@nyanlout.re <<EOF
@@ -60,9 +71,9 @@ in
       domaine = domaine;
       services = {
         "grafana.${domaine}" = { ip = "127.0.0.1"; port = 3000; auth = true; };
-        "emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; };
-        "radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = "acl API path_beg /api\n"; aclBool = "!AUTH_OK !API"; };
-        "sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = "acl API path_beg /api\n"; aclBool = "!AUTH_OK !API"; };
+        "emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; extraBackend = jellyfin_backend; };
+        "radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = sonarr_acl; aclBool = sonarr_auth; };
+        "sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = sonarr_acl; aclBool = sonarr_auth; };
         "transmission.${domaine}" = { ip = "127.0.0.1"; port = 9091; auth = true; };
         "syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; };
         "jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; };
@@ -174,10 +185,7 @@ in
       };
     };
 
-    emby = {
-      enable = true;
-      dataDir = "/var/lib/emby/ProgramData-Server";
-    };
+    jellyfin.enable = true;
 
     slimserver = {
       enable = true;
@@ -308,7 +316,7 @@ in
         paths = [
           "/var/certs"
           "/var/dkim"
-          "/var/lib/emby"
+          "/var/lib/jellyfin"
           "/var/lib/gitea"
           "/var/lib/grafana"
           "/var/lib/jackett"