+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+--- Thread: Jellyfin + Nginx + Rootless Podman (/t-jellyfin-nginx-rootless-podman)
Jellyfin + Nginx + Rootless Podman - MaxxRoach - 2025-02-08
Hello all,
I am having a bit of trouble finishing my home server setup. The crux of the issue is I am getting HTTP 404 when requesting the jellyfin app through Nginx reverse proxy using HTTPS.
My setup:
Fedora 41.
SELinux enabled.
Jellyfin rootless Podman container running as the "Jellyfin" user.
Nginx rootless podman container running as the "Nginx" user on top of the Nginx system user.
HTTPS certificates were created using certbot (Had to do a little massaging of the cert permissions because rootless containers are more locked down).
AWS Route 53 for DNS resolution and domain registration.
What works:
Jellyfin access from LAN and WAN using HTTP and router port forwarding. The Jellyfin container listens on port 8096 and forwards traffic into the container on port 8096 (Rootless containers don't let you use ports < 1024).
HTTPS certs were created and registered successfully using certbot and I can use my phone on 5G (access outside my local network) to connect to my webserver via HTTPS and view my custom root webpage.
What doesn't work:
I'm trying to set up the reverse proxy to serve up the Jellyfin app when I connect to https://mydomain/media/. I have tried a few things and I'm getting an error 404.
My config files:
Rootless Jellyfin Podman container file:
https://pastebin.com/s694n1yp
Rootless Nginx Podman container file:
https://pastebin.com/mQG9yBz7
Nginx config file:
https://pastebin.com/dEajLvUU
Any help would be appreciated. I believe it's probably an issue with the nginx config file.
RE: Jellyfin + Nginx + Rootless Podman - TheDreadPirate - 2025-02-10
If you setup a subpath in your reverse proxy, you also have to setup the subpath in Jellyfin's Networking dashboard in the base URL field.
Also, for clarification, are you running Nginx Proxy Manager? Or SWAG? Or some other Nginx container?
RE: Jellyfin + Nginx + Rootless Podman - MaxxRoach - 2025-02-11
Thanks for the response DreadPirate,
I am running the unprivileged nginx container found here:
https://github.com/nginxinc/docker-nginx-unprivileged
It’s exactly like “normal” nginx but rootless.
I will check the network settings on Jellyfin and report back.
RE: Jellyfin + Nginx + Rootless Podman - MaxxRoach - 2025-02-11
Ok I added my subpath in Jellyfin, restarted the container and I'm still getting 404.
RE: Jellyfin + Nginx + Rootless Podman - TheDreadPirate - 2025-02-11
Giving another look at your nginx config. Why is there a separate listen block for port 8096 that doesn't go anywhere? I THINK your proxy_pass for /media/ is looping back into that server block listening on port 8096. Essentially going nowhere.
Remove this section from your nginx config and try again.
Code:
server {
listen 8096;
server_name $DOMAIN;
}RE: Jellyfin + Nginx + Rootless Podman - MaxxRoach - 2025-02-14
Still no dice.
Code:
An error occurred.
Sorry, the page you are looking for is currently unavailable.
Please try again later.
If you are the system administrator of this resource then you should check the error log for details.
Faithfully yours, nginx.Code:
2025/02/14 20:01:24 [error] 23#23: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 169.254.1.2, request: "GET /media/ HTTP/1.1", upstream: "http://192.168.0.49:8096/media/", host: "192.168.0.49:43443"
169.254.1.2 - - [14/Feb/2025:20:01:24 +0000] "GET /media/ HTTP/1.1" 502 497 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0"RE: Jellyfin + Nginx + Rootless Podman - TheDreadPirate - 2025-02-14
When you type in your URL in your browser, are you adding a slash after "media"? Yes, that makes a difference. For subpath setups it is common to add a 302 redirect from /subpath to /subpath/.
RE: Jellyfin + Nginx + Rootless Podman - MaxxRoach - 2025-02-16
I am indeed adding a “/“ after “media”