Yet another dude with Jellyfin Android app not connecting when using domains

[fakemoth]

Hi. I usually lurk on the forums, and just as I was hoping for things to stay the same, I am met with an insurmountable problem. I am always self hosting everything, so here is the relevant info for my issue:

• so I had Jellyfin as a jail on my TrueNAS Core for quite a while, worked fine, TVs and phone apps connected on my own domain;
  
• Core is gone so enter TrueNAS Scale, the Linux version; Jellyfin was also a deciding factor as it didn't work anymore on latest Core version;
  
• now Jellyfin is in a docker container, had some problems but everything checks out fine;
  
• some personal subdomains, including the one for Jellyfin are managed by my own DNS servers, pointing to my OPNSense router at home that has a static IP address;
  
• access from outside world is blocked in the firewall, but I always was able to access the personal subdomains with my personal services only from LAN and via Wireguard;
  
• on the OPNSense machine I also run my NGINX proxy, via the plugin, works fine for all the subdomains; worked even for Jellyfin on Core until breakage, nothing was changed;
  
• but now I can't connect my phone (moved to CalyxOS from LineageOS if it matters) using the official app from FDroid (also tried the on from Google, via Aurora);
  
• I just can't even connect - it is eating my brains for days now; keeps saying "Tried 3 candidates for input without success. Unable to reach server" or something of that sort;
  
• I am filling, as I once did, only the address in the form > "https://my.domain.tld" tried other variations, with ":443" and such, no luck;
  
• problem is: I can access the Jellyfin docker container just fine from the browser on my phone, my PC, or any other device, so in fact it is not like stuff is not reachable...
  
• and yes, in the app is getting over the first field and I am asked for a username and password if I fill in the internal IP of the TrueNAS machine and the port of the container; just not working with a domain;
  
• and before you ask: yes, I have the X-Forwarded-For active in NGINX; and yes, I filed a bunch of IPs in Jellyfin's "Known proxies" setting: the external public IP, the IPs of the NAS, the IPs of the router; and yes, I did restart the devices involved, like a lot;
  
• the NGINX logs: Stream Error log - empty; Stream Access log - empty; HTTP Error log - nothing with my phone IP (???); HTTP Access log - when trying with app=nothing, when from phone's browser = it displays access
  
• as for the OPNSense firewall itself it shows that it properly allows traffic both from the app and from web, from the same phone, to the Jellyfin container. So no problem there with the switches either, between VLANS and such. Proof is that I can access the domain from my phone, except with the Jellyfin app.
  

Thank you very much and let me extend my appreciation for this great project!

[bitmap]

Could you provide your Jellyfin log via pastebin or privatebin? I hear a couple different setups here and it's a little confusing, i.e., using both RP and Wireguard. I also don't see anything about certs, but that doesn't mean much. You could try http://mydomain.tld, could double-check whether remote connections are allowed to the server for the user account you're attempting to use, but without looking at a log those are shots in the dark.