Https reverse proxy documentations are missing crucial notes to prohibit unencrypted traffic

[wnhre2ur8cxx8]

I am not 100% sure which of those settings or both are needed to prohibit public http use, but none of them are mentioned in any reverse proxy example I was looking through. But anyhow, I suggest that 2 things are added to every reverse proxy page:

1. Make sure jellyfin is bound to localhost only (Settings->Networking->Bind to local network address: "127.0.0.1")
2. Set "Known proxies" to your domain. (Settings->Networking->Known proxies: "jellyfin.example.com")

You also need to restart jellyfin after that.

If those things are not set, jellyfin will continue to server content via the public IP and its HTTP port (default 8096) via HTTP. You can check this simply by setting it up like described in the docs with the two settings above left to their default value and then clicking on a log. It ill open in a browser window with http via the internal port. Of course this will only work if there is no firewall in between preventing this.

If you think this is a correct assumption I can prepare a pull request for some changes.