Jellyfin Forum
SOLVED: Roku Login 403 error - Printable Version

+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+--- Thread: SOLVED: Roku Login 403 error (/t-solved-roku-login-403-error)



Roku Login 403 error - hanaquacks - 2023-12-07

Hi!

I've encountered a problem with Roku login for remote users. They all report that after putting in https://subdomain.domain.net it says "Error 403, could not login to server." I have no such issue on other clients, only Roku of various ages and models. I'm on 10.8.12, I use NGINX Proxy Manager with a valid Let's Encrypt cert, Force SSL, HSTS Enabled, HSTS Subdomains. On Cloudflare I've enabled both SSL 1.2 and 1.3 because some devices couldn't log in unless it was 1.2

I imagine that it's something I've misconfigured, but I can't fathom what. Is there some security that needs to be enabled, does something need to be setup in Jellyfin? Because I thought like all my other exposed webapps that I could simply leave it as http://my-ip-address:8096 and then just have the reverse proxy do the rest.


RE: Roku Login 403 error - TheDreadPirate - 2023-12-07

Use this website to test your setup's TLS support. Share with us the TLS versions and ciphers available. And can you share your Nginx config with us?

https://testtls.com/

@cewert

Do you know what the TLS requirements are for Roku?


RE: Roku Login 403 error - hanaquacks - 2023-12-07

Secure Renegotiation
WARN
OpenSSL handshake didn't succeed

TLS 1.2
OK
offered
TLS 1.3
OK
offered with final

NULL ciphers (no encryption)
not offered
Anonymous NULL Ciphers (no authentication)
not offered
Export ciphers (excluding ADH+NULL)
not offered
LOW: 64 Bit + DES, RC[2,4] (excluding export)
not offered
Triple DES Ciphers / IDEA
not offered
Obsolete CBC ciphers (AES, ARIA etc.)
offered
Strong encryption (AEAD ciphers)
offered

ECDHE-ECDSA-CHACHA20-POLY1305-OLD
ECDH 256
ChaCha20
256
xcc14
ECDHE-ECDSA-AES256-GCM-SHA384
ECDH 256
AESGCM
256
xc02c
ECDHE-ECDSA-AES256-SHA384
ECDH 256
AES
256
xc024
ECDHE-ECDSA-AES256-SHA
ECDH 256
AES
256
xc00a
ECDHE-ECDSA-AES128-GCM-SHA256
ECDH 256
AESGCM
128
xc02b
ECDHE-ECDSA-AES128-SHA256
ECDH 256
AES
128
xc023
ECDHE-ECDSA-AES128-SHA
ECDH 256
AES
128
xc009

Forgive me, I have no idea how to show the config of Nginx Proxy Manager, it's all webUI and I'm not sure where it stores the running config files.


RE: Roku Login 403 error - hanaquacks - 2023-12-08

Found out that it didn't work with my cloudflare DNS record proxied.