+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+--- Thread: https installation problem (/t-https-installation-problem)
https installation problem - fafa - 2024-02-25
Hello everyone,
I am having problems setting up JellyFin at https://box.xxxxx.Com.
The installation is on a Debian 12 on a dedicated server with a fixed IP.
The web application works great when I type: http://51.xxx.153.xxx:8096/
However, when I type: https://box.xxxxx.com I come across the Welcome NGINX homepage
Please! Do any of you notice an error on my setup:
nano /etc/nginx/conf.d/jellyfin.conf
--------------------------------------------------------------------------------------
# Uncomment the commented sections after you have acquired a SSL Certificate
server {
listen 80;
listen [::]:80;
server_name DOMAIN_NAME;
# Uncomment to redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name DOMAIN_NAME;
## The default
client_max_body_size is 1M, this might not be enough for some posters, etc.client_max_body_size 20M;
# Uncomment next line to Disable TLS 1.0 and 1.1 (Might break older devices)
# ssl_protocols TLSv1.3 TLSv1.2;
# use a variable to store the upstream proxy
# in this example we are using a hostname which is resolved via DNS
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g
set $jellyfin 127.0.0.1)set $jellyfin 51.xxx.153.xxx;
ssl_certificate /etc/letsencrypt/live/box.xxxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/box.xxxx.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/box.xxxx.com/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
# Security / XSS Mitigation Headers
# NOTE: X-Frame-Options may cause issues with the webOS app
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "0"; # Do NOT enable. This is obsolete/dangerous
add_header X-Content-Type-Options "nosniff";
# COOP/COEP. Disable if you use external plugins/images/assets
add_header Cross-Origin-Opener-Policy "same-origin" always;
add_header Cross-Origin-Embedder-Policy "require-corp" always;
add_header Cross-Origin-Resource-Policy "same-origin" always;
# Permissions policy. May cause issues on some clients
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), >
# Content Security Policy
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# Enforces https content and restricts JS/CSS to origin
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
# NOTE: The default CSP headers may cause issues with the webOS app
#add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' >
location = / {
return 302 http://$host/web/;
#return 302 https://$host/web/;
}
location / {
# Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
# location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
location = /web/ {
# Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://$jellyfin:8096;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
-------------------------------------------------------------------------------------------------------------------------------------------
RE: https installation problem - mcarlton00 - 2024-02-25
You have to restart nginx after making changes to the config file. What you're describing is literally impossible with the config file you have right now, so it sounds like you haven't restarted it yet.
RE: https installation problem - fafa - 2024-02-25
Thank you for answers but yes I restart Nginx correctly
RE: https installation problem - mcarlton00 - 2024-02-26
With the config file that you have, you cannot access your server over http. If you try you'll immediately get redirected to https instead. That's why I say that the behavior you're describing and the config file you've posted don't match, so something doesn't add up. At a glance I don't see anything wrong with the config file.
RE: https installation problem - TheDreadPirate - 2024-02-26
Is it because your server_name doesn't include the subdomain?
Also, in my nginx config I commented out this entire section. It has never worked for me.
Code:
location = / {
return 302 http://$host/web/;
#return 302 https://$host/web/;
}RE: https installation problem - fafa - 2024-02-26
Thank you everyone for yours answers
I have the same problem of @TheDreadPirate
Now it works!
RE: https installation problem - iEiEi - 2024-02-28
On top of your /etc/nginx/conf.d/jellyfin.conf you define a redirect from http (Port 80) to https (Port 443). That's ok and should be done.
server {
listen 80;
listen [::]:80;
server_name jellyfin.domain.tld;
# Uncomment to redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
In your setup for https, however, you specify that a call of the document root should be redirected to http - this leads to an endless loop:
location = / {
return 302 http://$host/web/;
#return 302 https://$host/web/;
}
And that's working in my configuration for secure connections:
location = / {
return 302 https://$host/web/;
}
Regards
Achim