+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+---- Forum: Networking & Access (https://forum.jellyfin.org/f-networking-access)
+---- Thread: SOLVED: Apps cant connect to Jellyfin from externally (/t-solved-apps-cant-connect-to-jellyfin-from-externally)
Apps cant connect to Jellyfin from externally - emperor_bln - 2024-11-07
Hello,
I have the problem that it is not possible to access my instance with TLD domain from outside via Android & FireTV App, but it is possible in the web browser.
The domain jelly.mydomain.de points via CNAME entry to my DynDNS address myID.myfritz.net, which is automatically kept up to date by the router (Fritzbox 6690).
The ports 80/443 are forwarded in the router to my instance of Nginx Proxy Manager.
Jellyfin and Nginx Proxy Manager are each operated in their own Proxmox LXC container, without a firewall (not even Proxmox's own)
Access works:
from LAN everything (10.10.x.x) both apps and web browser
from LAN on Android smartphone to jelly.mydomain.de (but through my own local technitium DNS Server)
from WAN on all devices via web browser jelly.mydomain.de
from WAN to jelly.mydomain.de via LG TV WebOS app
Access does not work:
from WAN (mobile network) on Android smartphone via Jellyfin app to jelly.mydomain.de
from WAN (other household with DSL connection) on Amazon FireTV Stick and Jellyfin App on jelly.mydomain.de
FireTV App https://www.amazon.de/-/en/dp/B07TX7Z725
Android App https://play.google.com/store/apps/details?id=org.jellyfin.mobile
These two only work if I use my DynDNS myID.myfritz.net as the server address and open port 8096 in the router to my Jellyfin instance, which of course I don't want to do, everything should be managed via Nginx Proxy Manager.
I have of course played around with various settings and then restarted the services or even the entire container, but without any effect on the problem.
Nginx Proxy Manager:
Force SSL enabled or disabled => no effect
HSTS Enabled activated or deactivated => no effect
Jellyfin Adminpanel:
Enable IPv6 enabled or disabled => no effect
Bind to local network address => leave empty or enter value, no effect
Published server URIs => leave empty or enter value, no effect
I also replaced the Chain.pem certificate with the Fullchain.pem certificate as a test, but this also had no effect.
Screenshots: https://imgur.com/a/Y69s8xL
Jellyfin Log: https://pastebin.com/QfdDKi3E
Android Logcat Jellyfin: https://pastebin.com/F3c6KCnc
TLDR 2024-11-06 14:06:53.722 30747 30747 org.jellyfin.mobile I ConnectionHelper: No valid servers found, invalid candidates were: https://jelly.MYDOMAIN.de/Failure(org.jellyfin.sdk.api.client.exception.TimeoutException: HTTP request timed out),
Since the LG WebOS app does not cause any problems externally, I suspect that the Android and FireTV app use a different method to resolve the domain and search for an instance.
help would be appreciated
###################################################
Deutsche Version des Posts, falls jemand mitliest aber Probleme mit englisch hat
###################################################
Guten Tag,
ich habe das Problem, dass von Extern kein Zugriff per Android & FireTV App auf meine Instanz mit TLD Domain möglich ist, im Webbrowser allerdings schon.
Die Domain jelly.mydomain.de weist per CNAME Eintrag auf meine DynDNS Adresse myID.myfritz.net, diese wird von dem Router (Fritzbox 6690) automatisch aktuell gehalten.
Die Ports 80/443 sind im Router weitergeleitet auf meine Instanz von Nginx Proxy Manager.
Betrieben werden Jellyfin und Nginx Proxy Manager jeweils in einem eigenen Proxmox LXC Container, ohne Firewall (auch nicht die Proxmox eigene)
Zugriff funktioniert:
Alles lokal im LAN (10.10.x.x) sowohl Apps als auch Webbrowser
an allen Geräten per Webbrowser (LAN 10.10.x.x & WAN jelly.mydomain.de)
von WAN auf jelly.mydomain.de per LG TV WebOS App
von LAN am Android Smartphone auf jelly.mydomain.de
Zugriff funktioniert nicht:
von WAN (mobiles Netz) am Android Smartphone per Jellyfin App auf jelly.mydomain.de
von WAN (anderer Haushalt mit DSL Anschluss) am Amazon FireTV Stick und Jellyfin App auf jelly.mydomain.de
FireTV App https://www.amazon.de/-/en/dp/B07TX7Z725
Android App https://play.google.com/store/apps/details?id=org.jellyfin.mobile
Diese beiden funktionieren nur, wenn ich als Serveradresse myID.myfritz.net verwende und den Port 8096 im Router auf meine Jellyfin Instanz freigebe, was ich aber natürlich nicht machen möchte, es soll alles über Nginx Proxy Manager verwaltet werden.
Ich habe natürlich testweise an verschiedenen Einstellungen herumgespielt und danach die Dienste oder sogar den gesamten Container neu gestartet, jedoch ohne jegliche Auswirkung auf das Problem.
Nginx Proxy Manager:
Force SSL aktiviert oder deaktiviert => keine Auswirkung
HSTS Enabled aktiviert oder deaktiviert => keine Auswirkung
Jellyfin Adminpanel:
Enable IPv6 aktiviert oder deaktiviert => keine Auswirkung
Bind to local network address => leer lassen oder Wert eintragen, keine Auswirkung
Published Server URIs => leer lassen oder Wert eintragen, keine Auswirkung
Ich habe auch testweise das Chain.pem Zertifikat durch das Fullchain.pem ersetzt, aber auch das hatte keine Auswirkung.
Screenshots: https://imgur.com/a/Y69s8xL
Jellyfin Log: https://pastebin.com/QfdDKi3E
Android Logcat Jellyfin: https://pastebin.com/F3c6KCnc
TLDR 2024-11-06 14:06:53.722 30747 30747 org.jellyfin.mobile I ConnectionHelper: No valid servers found, invalid candidates were: https://jelly.MYDOMAIN.de/Failure(org.jellyfin.sdk.api.client.exception.TimeoutException: HTTP request timed out),
Da die LG WebOS App von extern keine Probleme macht, vermute ich, dass die Android und FireTV App eine andere Methode nutzen, um die Domain aufzulösen und nach einer Instanz zu suchen.
RE: Apps cant connect to Jellyfin from externally - TheDreadPirate - 2024-11-07
Are the Android devices using a private DNS?
Also, I'm assuming you are using Nginx Proxy Manager to get legit certs from Let's Encrypt. Do you know which certificate authority your server is using?
And what version of Android are your devices running?
RE: Apps cant connect to Jellyfin from externally - emperor_bln - 2024-11-07
Private DNS is disabled, it uses 62.109.121.53 which belongs to my cellular provider o2.
SSL Labs test is Provided in the link to the Screenshots, its lets encrypt e6.
i use a s22 ultra with android 14.
the also via dsl affected firetv stick is not nearby, so I cant provide infos for it.
RE: Apps cant connect to Jellyfin from externally - TheDreadPirate - 2024-11-07
The known proxies setting is for IPs or hostnames. It should contain the IPs of your reverse proxy if it is running on a different host/IP than Jellyfin. Looks like you already have the right IP for the Nginx container. You can remove the domain name. It doesn't do anything.
One thing I just noticed is that your domain is a CNAME for your DDNS address and I'm wondering if Android doesn't like that. I know you said that it works in the browser, but apps and browsers behave differently, I think.
Is there any possibility to have the jelly.domain.tld point directly to your public IP, at least temporarily, for testing?
RE: Apps cant connect to Jellyfin from externally - emperor_bln - 2024-11-08
Seems like you are right.
I created a new subdomain with an A Record directly pointing to my external IP, added it in Nginx Proxy Manager as new proxy host with new lets encrypt SSL certificate, removed the port forwarding for Port 8096 in my Router and tested it in the Jellyfin android app while on cellular and it works.
The Problem of course is, I would have to Update my domain every time my IP changes
isnt this something, that could be fixed in the app?
RE: Apps cant connect to Jellyfin from externally - TheDreadPirate - 2024-11-08
If you know how to use docker, there is an app called "Cloudflare DDNS" that will automatically update your IP in Cloudflare.
https://github.com/favonia/cloudflare-ddns
I use this container on my server to update my Cloudflare domain and it has worked flawlessly. Works with both A records for IPv4 and AAAA records for IPv6.
RE: Apps cant connect to Jellyfin from externally - emperor_bln - 2024-11-08
Thanks, but i deeply dislike docker ^^
I now went another route
I registered (completely free) at https://desec.io/
pointed my domain nameservers at ns1.desec.io & ns2.desec.org
created a simple dns.sh script that does a "curl --user jelly.mydomain.de:mysecrettoken https://update.dedyn.io/" for every subdomain
went into "crontab -e" and added it as "0 * * * * /usr/bin/dns.sh"
now I see nice clean A-Records and everything works
hope this can help other people in the future with the same problem
RE: Apps cant connect to Jellyfin from externally - TheDreadPirate - 2024-11-08
Cloudflare has an API, the same one that the CF DDNS container uses, to accomplish the same thing with a script.
https://developers.cloudflare.com/api/#dns-records-for-a-zone-list-dns-records
RE: Apps cant connect to Jellyfin from externally - emperor_bln - 2024-11-08
Ah okay, thank you. I marked the thread as solved