Jellyfin Forum
Jellyfin Random Log out on Playback - Printable Version

+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+---- Forum: Networking & Access (https://forum.jellyfin.org/f-networking-access)
+---- Thread: Jellyfin Random Log out on Playback (/t-jellyfin-random-log-out-on-playback)

Jellyfin Random Log out on Playback - jbamford - 2024-12-27

Good afternoon,

So I have a strange problem with the Android App, Desktop Browsers, and Desktop Jellyfin App seems to work okay but the Jellyfin app on Android on a Samsung A9 Tablet has a strange problem, can log in and play Movies, TV Shows etc but after so long Jellyfin will boot itself out with Connection cannot be established, Please check the hostname and your network connection. When this happens I can log back in straight away and carry on watching which show I was watching.

Jellyfin is running behind two Nginx Load Balancers with SSL Offloading, I have tested with just the IP address of the Server over HTTP and the same happens, no one else externally is having this problem though, some users use Android Jellyfin App, Android TV App or browsers.

I thought it was a Client timeout issue so before I tested with just the Servers IP Address with no Load Balancers in front I changed the Configuration.

Would anyone have any ideas as to what is causing the problem?

Jellyfin is installed on Ubuntu 24.04 no Docker,
ffmpeg
Jellyfin Version 10.9.9 Updated to latest Version but to test but rolled back to do a comparison of logs. Logs show nothing related to this problem apart from error receiving data: "The remote party closed the WebSocket connection without completing the close handshake

Hardware. 3 node Cluster R740s. Tested on bare metal fresh install of Ubuntu.

I cannot reproduce it on my Samsing A25 Phone, Desktop, Laptop or TV Android App, only seems to happen on the tablet.

Nginx Config

Code:
server {
    listen 80;
    server_name domain.uk;
        return 301 https://domain.uk$request_uri;

}

#map $http_upgrade $connection_upgrade {
#    default upgrade;
#    ''      close;

server {
    listen 443;
    server_name domain.uk;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Content-Type-Options "nosniff";
    add_header X-XSS-Protection "0";

    ssl_certificate /etc/letsencrypt/live/domain.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.uk/privkey.pem;
    include /etc/nginx/common/ssl.conf;

    keepalive_timeout 65;        # Time (in seconds) to keep the connection open
    keepalive_requests 100;      # Max number of requests per connection

    client_max_body_size 100M;

    location / {
        proxy_set_header    Host                $host;
        proxy_set_header    X-Real-IP          $remote_addr;
        proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto  $scheme;
        proxy_http_version  1.1;
        proxy_set_header    Upgrade            $http_upgrade;
        proxy_set_header    Connection          $connection_upgrade;
        proxy_pass          http://10.10.0.21:8096;
        proxy_buffering on;
        proxy_buffers 16 4k;
        proxy_buffer_size 4k;
        proxy_busy_buffers_size 8k;
        proxy_temp_file_write_size 8k;
        proxy_max_temp_file_size 16k;
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;

        }

    location = /web/ {
        proxy_pass http://10.10.0.21:8096/web/index.html;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;

        }

    location /socket {
        proxy_pass http://10.10.0.21:8096;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;

        }

    location ~ /Items/(.*)/Images {
        proxy_pass http://10.10.0.21:8096;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;

        }


Regards

RE: Jellyfin Random Log out on Playback - TheDreadPirate - 2024-12-27

Remove the /web location in your nginx config. That was deprecated in 10.9 and needs to be removed. Not sure if that is the root or the problem, but we should eliminate it as a factor. Also, buffering should not be enabled. It really doesn't benefit Jellyfin.

Can you replicate the problem then share your Jellyfin log via pastebin?

Here is my nginx config for reference.

Code:
server {
    listen 50443 ssl;
    listen [::]:50443 ssl;
    http2 on;
    server_name jellyfin.domain.tld;

    ## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
    client_max_body_size 20M;

    # use a variable to store the upstream proxy
    # in this example we are using a hostname which is resolved via DNS
    # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g `set $jellyfin 127.0.0.1`)
    set $jellyfin 172.16.100.10;
    
    ssl_certificate /etc/letsencrypt/live/domain.tld-0002/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.tld-0002/privkey.pem; # managed by Certbot
    ssl_trusted_certificate /etc/letsencrypt/live/domain.tld-0002/chain.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    # Security / XSS Mitigation Headers
    # NOTE: X-Frame-Options may cause issues with the webOS app
    add_header X-XSS-Protection "0"; # Do NOT enable. This is obsolete/dangerous
    add_header X-Content-Type-Options "nosniff";

    # kill cache
    add_header Last-Modified $date_gmt;
    add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
    if_modified_since off;
    expires off;
    etag off;

    # Permissions policy. May cause issues on some clients
    add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;

    # Tell browsers to use per-origin process isolation
    add_header Origin-Agent-Cluster "?1" always;

    # Content Security Policy
    # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
    # Enforces https content and restricts JS/CSS to origin
    # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
    # NOTE: The default CSP headers may cause issues with the webOS app
    add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";

    location / {
        # Proxy main Jellyfin traffic
        proxy_pass http://$jellyfin:8096;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;

        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
        proxy_buffering off;
    }

    location /socket {
        # Proxy Jellyfin Websockets traffic
        proxy_pass http://$jellyfin:8096;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
    }

    # Cache images
    location ~ /Items/(.*)/Images {
        proxy_pass http://$jellyfin:8096;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;

        proxy_cache jellyfin;
        proxy_cache_revalidate on;
        proxy_cache_lock on;
    }
}