+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+--- Thread: pfsense + HAProxy setup for JellyFin (/t-pfsense-haproxy-setup-for-jellyfin)
pfsense + HAProxy setup for JellyFin - Protos - 2024-02-23
I've been trying to do this forever and I am completely stuck. I have a working cert from ACME but that's as far as I've gotten. I've changed so many settings so many times in HAProxy but nothing even tries to work. Does anyone have a working setup with HAProxy on pfsense? If so, please share your wizard magic. I would greatly appreciate it... I've attached images of my setup below. And yes, I did enable HAProxy in the general settings. I know thats a common thing people miss
RE: pfsense + HAProxy setup for JellyFin - TheDreadPirate - 2024-02-23
Did you read this walkthrough in our guide section?
https://forum.jellyfin.org/t-haproxy-on-pfsense-gui-guide-with-screenshots-webhooks-and-all
RE: pfsense + HAProxy setup for JellyFin - Protos - 2024-02-25
Yeah and still no luck...
RE: pfsense + HAProxy setup for JellyFin - TheDreadPirate - 2024-02-25
Pretty sure for the "server list", you should be specifying port 8096 and http instead of 443 and https. It is already 443/https on the external connection.
RE: pfsense + HAProxy setup for JellyFin - Protos - 2024-02-26
Ah yeah I noticed that and I changed it a few days ago but still nothing
RE: pfsense + HAProxy setup for JellyFin - joshuaboniface - 2024-02-26
What exactly isn't working about it?
I'm not super familiar with pfSense's GUI wrapper on top of HAProxy, but I have had this working in the past. Here was my backend section:
Code:
backend jfX_http
mode http
balance leastconn
cookie SERVERID insert indirect nocache
stick store-request src
stick-table type ip size 200k expire 30m peers keepalived-pair
option httpchk GET /health HTTP/1.1\r\nHost:\ jellyfin
option forwardfor
timeout queue 5000
timeout server 32000000
timeout connect 5000
acl no_BAD path_reg -i ^\/Images\/Remote
acl no_BAD path_reg -i ^\/Items\/RemoteSearch\/Image
acl no_BAD path_reg -i ^\/Items\/[^\.]*\/RemoteImages\/Download
http-request redirect location https://i.ytimg.com/vi/avCWDDox1nE/maxresdefault.jpg if no_BAD
http-response set-header X-Frame-Options SAMEORIGIN
http-response set-header X-XSS-Protection "1;mode=block"
http-response set-header Referrer-Policy "no-referrer,same-origin,strict-origin,strict-origin-when-cross-origin"
http-response set-header X-Content-Type-Options nosniff
http-response set-header Strict-Transport-Security max-age=31536000;includeSubDomains;preload
http-response set-header Content-Security-Policy "default-src 'none'; font-src 'self'; connect-src 'self' wss: ws: https://mb3admin.com; media-src 'self' blob: data:; manifest-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; worker-src 'self' blob:; script-src 'unsafe-inline' 'self' https://www.gstatic.com; img-src data: https: http: ; style-src 'unsafe-inline' 'self'"
server jf1 192.168.0.100:8096/ check inter 5000 cookie jf1That said, I moved to NGiNX for Jellyfin and avoid sending it through my load balancer at this point; I'd recommend the same as it makes the TLS stuff easier and such.
RE: pfsense + HAProxy setup for JellyFin - Protos - 2024-02-26
This is what currently lies in my Backend Pass-thru settings:
Code:
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server JellyFin 192.168.0.157:8096
http-response set-header Access-Control-Allow-Origin https://movies.protostv.com
http-response set-header Cache-Control "no-cache, no-store, must-revalidate, private"
http-response del-header Server