Jellyfin Forum
debian13+apache+jellyfin - Printable Version

+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+---- Forum: Networking & Access (https://forum.jellyfin.org/f-networking-access)
+---- Thread: debian13+apache+jellyfin (/t-debian13-apache-jellyfin--13362)

debian13+apache+jellyfin - qbwdp - 2025-08-19

I have signed certs and a registered domain. In my apache i have:

       ProxyPass /socket/ wsConfused-face/loc alhost:8096/socket/
       ProxyPassReverse /socket/ wsConfused-face/lo calhost:8096/socket/
       ProxyPass / http://localhost:8096/
       ProxyPassReverse / http://localhost:8096/

I can go to any browser of computer, android phone, apple phone. type 
https://my domain.com  and it takes me to my jellyfin server and i can log in fine.

When i use the jellyfin app on android and put in the above address it just crashes.
Apple Jellyfin app just says in red "Could not connect to server".

What might I be doing wrong here?

I do not wish to open up 8920 port on my firewall and connect that way. 443 is working fine for me coming in and then proxypass is doing the job to pass traffic to the local 8096. Why are the phone apps not working with this setup?



RE: debian13+apache+jellyfin - bitmap - 2025-08-19

Can you specify your local IP rather than using localhost? I use nginx, so not much help on Apache, but my setup works just fine on the Android and iOS apps.

RE: debian13+apache+jellyfin - qbwdp - 2025-08-19

:%s/localhost/10.10.10.10/g

changed localhost to my servers' ip, restarted apache. Again, all browsers on computer, android/apple phone work. But the jellyfin app on android crashed as soon as i put https://mydomian.com and hit connect. The apple jellyfin app just says Could not connect to server.

RE: debian13+apache+jellyfin - qbwdp - 2025-08-19

Additional
The access log of apache does not move when i try the android app, it just crashes when i hit connect with the address. While the apple jellyfin app does register this in the apache access log:
175.61.2.25 - - [18/Aug/2025:19:37:03 -0500] "GET /system/info/public HTTP/1.1" 302 3284 "-" "Jellyfin/1.6.1.0 CFNetwork/3826.600.41 Darwin/24.6.0"
175.61.2.25 - - [18/Aug/2025:19:37:20 -0500] "GET /system/info/public HTTP/1.1" 302 3284 "-" "Jellyfin/1.6.1.0 CFNetwork/3826.600.41 Darwin/24.6.0"

RE: debian13+apache+jellyfin - bitmap - 2025-08-19

Code:
server {
    listen 443 ssl;
    http2 on;

    server_name jellyfin.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 60M;

    set $jellyfin 192.168.1.3;
    
    add_header X-XSS-Protection "0"; # Do NOT enable. This is obsolete/dangerous
    add_header Origin-Agent-Cluster "?1" always;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 192.168.1.3;
        set $upstream_port 8096;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;

        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
        proxy_buffering off;
    }
    

    location ~ (/jellyfin)?/socket {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 192.168.1.3;
        set $upstream_port 8096;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
    }

    location /Users/ForgotPassword {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 192.168.1.3;
        set $upstream_port 8096;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port/Users/ForgotPassword;
        
        proxy_set_header X-Forwarded-For 192.168.1.199;
    }

    location /Users/ForgotPassword/Pin {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 192.168.1.3;
        set $upstream_port 8096;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port/Users/ForgotPassword/Pin;
        
        proxy_set_header X-Forwarded-For 192.168.1.199;
    }
}

server {
    listen 80;
    listen [::]:80;
    server_name jellyfin.bitmapserv.org;
    return 301 https://$host$request_uri;
}

This is my full nginx config. A 302 is a temporary redirect AFAIK, which you should not be getting.

RE: debian13+apache+jellyfin - qbwdp - 2025-08-20

Thank you for the config. I converted it to apche2 as best I could. Here is what I got out of yours, it is quite straight forward, I could not figure out what is $scheme variable, it is not defined in your script. In my config, socket, localhost and ip, all 3 setups work fine for me to get into mysite using any browser remotely. I kept the ip for now like yours. But, still can't access via android app or iphone. I think i'll just setup a VM and try nginx on it and see how it work using your setup, unless someone has apache2 config for jellyfin.

<VirtualHost *:443>
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
ProxyPreserveHost On
SSLEngine on
SSLCertificateFile /etc/apache2/certs/mysite.crt
SSLCertificateKeyFile /etc/apache2/certs/mysite.key
ServerName www.mysite.com
#DocumentRoot /var/www/mysite

# ProxyPass Directives
#ProxyPass /socket/ wsConfused-face/localhost:8096/socket/
#ProxyPassReverse /socket/ wsConfused-face/localhost:8096/socket/
#ProxyPass / http://localhost:8096/
#ProxyPassReverse / http://localhost:8096/
ProxyPass / http://10.10.10.40:8096/
ProxyPassReverse / http://10.10.10.40:8096/


ErrorLog ${APACHE_LOG_DIR}/mysite.error.log
CustomLog ${APACHE_LOG_DIR}/mysite.access.log combined
</VirtualHost>

RE: debian13+apache+jellyfin - qbwdp - 2025-08-20

Here is the current apache2 setup i got after reading many articles on jellyfin for this setup. Still not working on apps, working fine on all browsers remotely.

<VirtualHost *:443>
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
ProxyPreserveHost On
SSLEngine on
SSLCertificateFile /etc/apache2/certs/mysite.crt
SSLCertificateKeyFile /etc/apache2/certs/mysite.key
ServerName www.mysite.com
#DocumentRoot /var/www/mysite

# ProxyPass Directives
#ProxyPass /socket/ wsConfused-face/localhost:8096/socket/
#ProxyPassReverse /socket/ wsConfused-face/localhost:8096/socket/
#ProxyPass / http://localhost:8096/
#ProxyPassReverse / http://localhost:8096/
#ProxyPass / http://10.10.10.40:8096/
#ProxyPassReverse / http://10.10.10.40:8096/

# Letsencrypt's certbot will place a file in this folder when updating/verifying certs
# This line will tell apache to not to use the proxy for this folder.
ProxyPass "/.well-known/" "!"

# Tell Jellyfin to forward requests that came from TLS connections
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"

# Apache should be able to know when to change protocols (between WebSocket and HTTP)
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket
RewriteRule /(.*) wsConfused-face/127.0.0.1:8096/socket/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket
RewriteRule /(.*) http://127.0.0.1:8096/$1 [P,L]

# Enable only strong encryption ciphers and prefer versions with Forward Secrecy
SSLCipherSuite HIGH:RC4-SHA:AES128-SHA:!aNULL:!MD5
SSLHonorCipherOrder on

# Disable insecure SSL and TLS versions
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1



ErrorLog ${APACHE_LOG_DIR}/mysite.error.log
CustomLog ${APACHE_LOG_DIR}/mysite.access.log combined
</VirtualHost>

<Location /jellyfin/socket>
ProxyPreserveHost On
ProxyPass "wsConfused-face/127.0.0.1:8096/jellyfin/socket"
ProxyPassReverse "wsConfused-face/127.0.0.1:8096/jellyfin/socket"
</Location>
<Location /jellyfin>
ProxyPass "http://127.0.0.1:8096/jellyfin"
ProxyPassReverse "http://127.0.0.1:8096/jellyfin"
</Location>

RE: debian13+apache+jellyfin - qbwdp - 2025-08-20

Additional:
Changed the base url in my jellyfin server to /jellyfin and also when i go to the apple app i have to type https://mysite.com/jellyfin. Now it works on the apple app. Android app just crashes when i type any address and hit connect. I think it may have a conflict with some other app or security on the phone. I will test it on another android devices. Thank you for all your help bitmap, and someone could update the help docs on jellyfin with the complete config i posted.