+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+--- Thread: SOLVED: Jelly Nginx Help needed (/t-solved-jelly-nginx-help-needed)
Jelly Nginx Help needed - Afgin - 2023-07-26
Hello!
I want to start out by saying, that I'm no expert in domain setup or anything like that. I have once few years ago setup a jellyfin server with a https domain using Nginx. It didn't go smoothly. Took a lot of trial and error, but got it working eventually. Been working great these few years.
Now I am upgrading my setup since my last one was just a cheap old laptop. Also at the same I'm changing the domain to something cheaper.
Same trial and error going on again, but I can't for the life of me get it to work on my new setup.
URL directs to Nginx welcome page.
My (/etc/nginx/conf.d/jellyfin.conf) file is like this: ( jellyfin.example.com is changed in here because don't want to reveal the real url)
_______________________________________________
# Jellyfin hosted on https://DOMAIN_NAME/jellyfin
server {
listen 80;
listen [::]:80;
server_name jellyfin.example.com;
# Uncomment to redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name jellyfin.example.com;
# You can specify multiple domain names if you want
#server_name jellyfin.local;
ssl_certificate /etc/letsencrypt/live/jellyfin.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/jellyfin.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/jellyfin.example.com/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
# use a variable to store the upstream proxy
# in this example we are using a hostname which is resolved via DNS
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g
set $jellyfin 127.0.0.1)set $jellyfin jellyfin;
resolver 127.0.0.1 valid=30;
# Jellyfin
location /jellyfin {
return 302 $scheme
/$host/jellyfin/;}
location /jellyfin/ {
# Proxy main Jellyfin traffic
# The / at the end is significant.
# https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
proxy_pass http://$jellyfin:8096;
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
}
____________________________________________________________________________________________
sudo systemctl status nginx.service
status give this error:
____________________________________________________________________________________________
heinä 26 15:09:19 localhost systemd[1]: Starting A high performance web server and a reverse proxy server...
heinä 26 15:09:19 localhost nginx[5292]: nginx: [warn] conflicting server name "jellyfin.example.com" on 0.0.0.0:80, ignored
heinä 26 15:09:19 localhost nginx[5292]: nginx: [warn] conflicting server name "jellyfin.example.com " on [::]:80, ignored
heinä 26 15:09:19 localhost nginx[5292]: nginx: [warn] conflicting server name "jellyfin.example.com " on 0.0.0.0:443, ignored
heinä 26 15:09:19 localhost nginx[5292]: nginx: [warn] conflicting server name "jellyfin.example.com " on [::]:443, ignored
heinä 26 15:09:19 localhost nginx[5293]: nginx: [warn] conflicting server name "jellyfin.example.com " on 0.0.0.0:80, ignored
heinä 26 15:09:19 localhost nginx[5293]: nginx: [warn] conflicting server name "jellyfin.example.com " on [::]:80, ignored
heinä 26 15:09:19 localhost nginx[5293]: nginx: [warn] conflicting server name "jellyfin.example.com " on 0.0.0.0:443, ignored
heinä 26 15:09:19 localhost nginx[5293]: nginx: [warn] conflicting server name "jellyfin.example.com " on [::]:443, ignored
heinä 26 15:09:19 localhost systemd[1]: Started A high performance web server and a reverse proxy server.
____________________________________________________________________________________________
So must be something wrong with the jellyfin.conf file?
Ports has been opened in my router for 80, 443, 8096, 8920
I can enter jellyfin through localhost:8096
In the network settings enabling https says this: To enable secure connections, you will need to supply a trusted SSL certificate, such as Let's Encrypt. Please either supply a certificate, or disable secure connections.
I have made the certificates with letsencrypt Certbot, and it was succesfull.
when trying to manually select the path for certficate in network settings it says "The path could not be found. Please ensure the path is valid and try again."
/etc/letsencrypt/live/jellyfin.example.com
I used this as path
(edit: later I managed to solve this by giving jellyfin access to that folder with: setfacl -m u:jellyfin:rx /etc/letsencrypt/live) Didn't bring any difference to the problem.
I hope someone can point me towards the mistake I have in here.
Really want this to get up and running.
Thank you in advance
To enable secure connections, you will need to supply a trusted SSL certificate, such as Let's Encrypt. Please either supply a certificate, or disable secure connections. To enable secure connections, you will need to supply a trusted SSL certificate, such as Let's Encrypt. Please either supply a certificate, or disable secure connections. o enable secure connections, you will need to supply a trusted SSL certificate, such as Let's Encrypt. Please either supply a certificate, or disable secure connections. To enable secure connections, you will need to supply a trusted SSL certificate, such as Let's Encrypt. Please either supply a certificate, or disable secure connections.
RE: Jelly Nginx Help needed - TheDreadPirate - 2023-07-26
Port 8096 is the plain http port that jellyfin runs. You don't need to enabled https or provide a cert in the jellyfin config. https is entirely handled by nginx on port 443.
What happens when you go to https://localhost:443?
Also, you should NOT be opening port 8096 and 8920 on your router since that allows external users to bypass Nginx. Even port 80 shouldn't be open on your router since you should be using https on port 443 that nginx listens to.
RE: Jelly Nginx Help needed - Afgin - 2023-07-26
(2023-07-26, 05:03 PM)TheDreadPirate Wrote: Port 8096 is the plain http port that jellyfin runs. You don't need to enabled https or provide a cert in the jellyfin config. https is entirely handled by nginx on port 443.
What happens when you go to https://localhost:443?
Also, you should NOT be opening port 8096 and 8920 on your router since that allows external users to bypass Nginx. Even port 80 shouldn't be open on your router since you should be using https on port 443 that nginx listens to.
It comes to a page saying
your connection is not private.
https is red with crossed line.
True what you are speaking about the ports. they are open just for testing. I used to keep all ports closed (excluding ssh), and allowed only specific IP addresses to pass. With the old setup I mean.
RE: Jelly Nginx Help needed - TheDreadPirate - 2023-07-26
You are probably getting the "not private" message because you are using "localhost" and that doesn't match the cert, which is expected. If you continue anyway, I am assuming you get to your jellyfin server. If you type in https://your.jellyfin.domain (replace with your actual domain), what happens? Do you still get that "not private" message.
RE: Jelly Nginx Help needed - Afgin - 2023-07-26
(2023-07-26, 05:38 PM)TheDreadPirate Wrote: You are probably getting the "not private" message because you are using "localhost" and that doesn't match the cert, which is expected. If you continue anyway, I am assuming you get to your jellyfin server. If you type in https://your.jellyfin.domain (replace with your actual domain), what happens? Do you still get that "not private" message.
using my actual domain name brings me to the "welcome to nginx page"
https://jellyfin.myactualdomain.com
Like this I mean
RE: Jelly Nginx Help needed - TheDreadPirate - 2023-07-26
I use apache, so I can't say for certain. But it looks like you should be adding /jellyfin to the end of the URL?
RE: Jelly Nginx Help needed - Afgin - 2023-07-26
(2023-07-26, 06:13 PM)TheDreadPirate Wrote: I use apache, so I can't say for certain. But it looks like you should be adding /jellyfin to the end of the URL?
there are two options in the jellyfin setup for nginx
I chose nginx from subdomain (jellyfin.example.com)
That jellyfin.conf text is copied from there and replaced the urls in there
Dunno. Maybe I should try apache out? If I'd have better luck with that
RE: Jelly Nginx Help needed - TheDreadPirate - 2023-07-26
Neither is better or easier than the other.
Based on the documentation here
https://jellyfin.org/docs/general/networking/nginx/#nginx-with-subpath-exampleorgjellyfin
your config has it so that you need to add /jellyfin at the end
Code:
# Jellyfin
location /jellyfin {
return 302 $schemeConfused-face/$host/jellyfin/;
}
location /jellyfin/ {It is even at the top of your config since it looks like you copied it from the official jellyfin example.
Code:
# Jellyfin hosted on https://DOMAIN_NAME/jellyfinRE: Jelly Nginx Help needed - Afgin - 2023-07-26
(2023-07-26, 06:42 PM)TheDreadPirate Wrote: Neither is better or easier than the other.
Based on the documentation here
https://jellyfin.org/docs/general/networking/nginx/#nginx-with-subpath-exampleorgjellyfin
your config has it so that you need to add /jellyfin at the end
Code:# Jellyfin
location /jellyfin {
return 302 $schemeConfused-face/$host/jellyfin/;
}
location /jellyfin/ {
It is even at the top of your config since it looks like you copied it from the official jellyfin example.
Code:# Jellyfin hosted on https://DOMAIN_NAME/jellyfin
Oh man I feel dumb. Good point there. I'm dumb! I just copied the https config example from down in the setup guide. it was written in the /jellyfin way.
Now I got it working.
Thank you so much for pointing out the problem