+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+---- Forum: Networking & Access (https://forum.jellyfin.org/f-networking-access)
+---- Thread: SOLVED: Native https access (/t-solved-native-https-access)
Native https access - ro55mo - 2024-02-04
Hi
I have just installed Jellyfin on a headless virtual Debian 12 server using the official repo.
Version: 10.8.13
https://jellyfin.org/docs/general/installation/linux#repository-automatic
I have attempted to figure basic https functionality following the official instructions
https://jellyfin.org/docs/general/networking/#self-signed-certificate
The path in the second command had to be amended as it points to a non existent location.
After the pfx has been created and the system has been configured to use it in the admin web GUI I received no errors but the https page on port 8920 is inaccessible.
It seems the https service is not being enabled?
Code:
sudo ss -tup
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp ESTAB 0 0 192.168.0.11:22 192.168.0.25:51002 users:(("sshd",pid=776,fd=4),("sshd",pid=767,fd=4))
tcp ESTAB 0 0 192.168.0.11:685 192.168.0.10:nfs
tcp ESTAB 0 0 192.168.0.11:22 192.168.0.25:45080 users:(("sshd",pid=763,fd=4),("sshd",pid=740,fd=4))
tcp ESTAB 0 0 [::ffff:192.168.0.11]:8096 [::ffff:192.168.0.25]:49422 users:(("jellyfin",pid=419,fd=337)) Code:
sudo ss -tup
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp ESTAB 0 0 192.168.0.11:8096 192.168.0.25:43270 users:(("jellyfin",pid=414,fd=318))
tcp ESTAB 0 0 192.168.0.11:8096 192.168.0.25:43302 users:(("jellyfin",pid=414,fd=333))
tcp ESTAB 0 0 192.168.0.11:8096 192.168.0.25:43278 users:(("jellyfin",pid=414,fd=329))
tcp ESTAB 0 0 192.168.0.11:931 192.168.0.10:nfs
tcp ESTAB 0 0 192.168.0.11:22 192.168.0.25:53914 users:(("sshd",pid=836,fd=4),("sshd",pid=830,fd=4))
tcp ESTAB 0 0 192.168.0.11:8096 192.168.0.25:53550 users:(("jellyfin",pid=414,fd=338))
tcp ESTAB 0 0 192.168.0.11:8096 192.168.0.25:43288 users:(("jellyfin",pid=414,fd=332))
tcp ESTAB 0 0 192.168.0.11:22 192.168.0.25:38216 users:(("sshd",pid=785,fd=4),("sshd",pid=762,fd=4))Toggling IPv6 on or off makes no difference. If I attempt to restart the server from the web GUI it hangs and does not restart. See attached debug log. I am then forced to reboot the entire VM from the terminal.
I would expect to see a service running on 8920 in the output above.
jellyfin20240204.log.zip (Size: 12.5 KB / Downloads: 22)
I am using Firefox 122 to connect. Playback over http on 8096 appears to be working fine. My media library was scanned without issue.
Am I doing something wrong? I have very much tried to RTFM in this case.
First post. Please be gentle.
Thanks in advance.
RE: Native https access - tmsrxzar - 2024-02-04
pretty sure you won't have to look much further than this "Error loading cert from "/home/app02-user/jellyfin.pfx""
is app02-user owned by the user jellyfin run as?
if no, you should put the file somewhere jellyfin owns
does jellyfin have permissions to the file itself?
if not, you need to chown it
RE: Native https access - TheDreadPirate - 2024-02-04
Not just the file itself, but the folder. And you shouldn't be giving other users permissions to your home directory. Definitely just move it outside of your home.
RE: Native https access - ro55mo - 2024-02-04
Thank you for your responses.
It was late for me last night and I could have looked at the log more thoroughly.
I moved the pfx into /etc/jellyfin and set ownership and permissions, then modified the path in the web GUI and saved.
Code:
/etc/jellyfin# ls -l
total 44
drwxr-xr-x 4 jellyfin jellyfin 4096 Feb 3 21:36 dlna
-rw-r--r-- 1 jellyfin jellyfin 2057 Feb 4 08:33 encoding.xml
-rw------- 1 jellyfin jellyfin 4195 Feb 4 08:15 jellyfin.pfx
-rw-r--r-- 1 jellyfin jellyfin 1362 Feb 3 21:36 logging.default.json
-rw-r--r-- 1 jellyfin root 1034 Feb 4 08:32 logging.json
-rw-r--r-- 1 jellyfin jellyfin 2181 Feb 3 22:26 migrations.xml
-rw-r--r-- 1 jellyfin jellyfin 1468 Feb 4 08:17 network.xml
-rw-r--r-- 1 jellyfin jellyfin 5655 Feb 3 21:42 system.xml
drwxr-xr-x 3 jellyfin jellyfin 4096 Feb 4 00:26 usersI then restarted the server both from the GUI (which now works for some reason) and the entire server.
The log no longer produces the error relating to the pfx but the issue still persists.
Code:
/etc/jellyfin# ss -tup
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp ESTAB 0 0 192.168.0.11:22 192.168.0.25:51804 users:(("sshd",pid=807,fd=4),("sshd",pid=784,fd=4))
tcp ESTAB 0 0 192.168.0.11:22 192.168.0.25:56142 users:(("sshd",pid=1059,fd=4),("sshd",pid=1053,fd=4))
tcp ESTAB 0 0 192.168.0.11:925 192.168.0.10:nfs
tcp ESTAB 0 0 192.168.0.11:8096 192.168.0.25:56336 users:(("jellyfin",pid=987,fd=325))
tcp ESTAB 0 0 192.168.0.11:22 192.168.0.25:57238New debug log attached.
jellyfin20240204_2.log.zip (Size: 36.29 KB / Downloads: 31)
RE: Native https access - ro55mo - 2024-02-04
So I just thought to try checking the 'Require HTTPS' setting now no errors were appearing about the pfx in the log. I also tweaked a couple of other settings.
After restarting the server again it kicked into life.
Code:
ss -tup
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp ESTAB 0 0 192.168.0.11:793 192.168.0.10:nfs
tcp ESTAB 0 0 192.168.0.11:8096 192.168.0.25:56240
tcp ESTAB 0 0 192.168.0.11:22 192.168.0.25:43956
tcp ESTAB 0 0 192.168.0.11:22 192.168.0.25:40928
tcp ESTAB 0 0 192.168.0.11:8920 192.168.0.25:40698
tcp ESTAB 0 0 192.168.0.11:8096 192.168.0.25:58180
tcp ESTAB 0 0 192.168.0.11:8096 192.168.0.25:56202
tcp ESTAB 0 0 192.168.0.11:8096 192.168.0.25:58176
tcp ESTAB 0 0 192.168.0.11:8096 192.168.0.25:58172
tcp ESTAB 0 0 192.168.0.11:22 192.168.0.25:56334
tcp ESTAB 0 0 192.168.0.11:8920 192.168.0.25:46234
tcp ESTAB 0 0 192.168.0.11:8096 192.168.0.25:56224The setting 'Require HTTPS' says 'If checked, the server will automatically redirect all requests over HTTP to HTTPS. This has no effect if the server is not listening on HTTPS.'
This does not seem to be happening right now. I can still open pages on 8096 and no redirection happens. It does work if I open an in-private browser session. Cached session of some type I guess.
Thank you for pointing me in the right direction. It would have been very helpful if the Jellyfin web GUI could have displayed any errors relating to the certificate though.
Expected behaviour from my point of view would be for https on 8920 to appear when 'Enable HTTPS' is checked and a valid cert is present, not 'Require HTTPS'.