• Login
  • Register
    • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below
  • Forum
  • Website
  • GitHub
  • Status
  • Translation
  • Features
  • Team
  • Rules
  • Help
  • Feeds
User Links
  • Login
  • Register
    • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below

    Useful Links Forum Website GitHub Status Translation Features Team Rules Help Feeds
    Jellyfin Forum Support Troubleshooting Networking & Access NGINX, OPNSense

     
    • 0 Vote(s) - 0 Average

    NGINX, OPNSense

    Jellyfin connection issues
    shadoweng01
    Offline

    Junior Member
    Posts: 1
    Threads: 1
    Joined: 2025 Aug
    Reputation: 0
    Country:United States
    #1
    9 hours ago
    Hello and thanks in advance for the help.

    I am unable to connect to my Jellyfin server through the app on my Pixel and my Chromecasts. I am however able to connect to it via my PC and phone (via web browser) with the url I have set up in Nginx (my.domain.lan). I am using OPNsense and the Nginx native plug-in on there for the reverse proxy. I don't know if this is relevant but I use Unbound DNS as my DNS resolver and ad-blocker. No VPN anywhere on my network. Jellyfin is running on a docker container with the host machine running Debian.  Below is be a censored Nginx config generated by the WebGui of OPNsense as well as the latest Jellyfin log file.

    Code:
    server {
        listen [serverip]:80;
        listen [serverip]:8096;
        listen [serverip]:443 ssl;
        listen [serverip]:8920 ssl;
        http2 on;

        ssl_client_certificate /usr/local/etc/nginx/key/my.domain_ca.pem;
        ssl_verify_client off;
        ssl_certificate_key /usr/local/etc/nginx/key/my.domain.key;
        ssl_certificate /usr/local/etc/nginx/key/my.domain.pem;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_dhparam /usr/local/opnsense/data/OPNsense/Nginx/dh-parameters.4096.rfc7919;
        ssl_ciphers ECDHE-ECDSA-CAMELLIA256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CAMELLIA256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CAMELLIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CAMELLIA128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-AES128-SHA256;
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_prefer_server_ciphers on;
        ssl_stapling off;

        sendfile Off;
        server_name  my.domain;
        real_ip_header X-Forwarded-For;
        client_header_buffer_size 1k;
        large_client_header_buffers 4 8k;
        charset utf-8;
        access_log  /var/log/nginx/my.domain.access.log main;
        access_log  /var/log/nginx/tls_handshake.log handshake;
        error_log  /var/log/nginx/my.domain.error.log error;
        client_max_body_size 200m;

        #include tls.conf;
        error_page 403 /opnsense_error_403.html;
        error_page 404 /opnsense_error_404.html;
        error_page 405 /waf_denied.html;
        error_page 500 501 502 503 504 /opnsense_server_error.html;
        location = /opnsense_error_403.html {
            internal;
            root /usr/local/etc/nginx/views;
        }
        location = /opnsense_error_404.html {
            internal;
            root /usr/local/etc/nginx/views;
        }
        location = /opnsense_server_error.html {
            internal;
            root /usr/local/etc/nginx/views;
        }

        # security rules
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;

        # location to ban the host permanently
        set $naxsi_extensive_log 0;
        location @permanentban {
            access_log /var/log/nginx/permanentban.access.log main;
            internal;
            add_header "Content-Type" "text/plain; charset=UTF-8" always;
            return 403 "You got banned permanently from this server.";
        }
        error_page 418 = @permanentban;
        location = /waf_denied.html {
            root /usr/local/etc/nginx/views;
            access_log /var/log/nginx/waf_denied.access.log main;
        }
        location ^~ /.well-known/acme-challenge/ {
            default_type "text/plain";
            proxy_pass http://127.0.0.1:43580;
        }

        location /opnsense-auth-request {
          internal;
          fastcgi_pass  unix:/var/run/php-webgui.socket;
          fastcgi_index index.php;
          fastcgi_param TLS-Cipher $ssl_cipher;
          fastcgi_param TLS-Protocol $ssl_protocol;
          fastcgi_param TLS-SNI-Host $ssl_server_name;
          fastcgi_param Original-URI $request_uri;
          fastcgi_param Original-HOST $host;
          fastcgi_param SERVER-UUID "3ff00805-c4ec-4c7b-a399-df330c046d7f";
          fastcgi_param SCRIPT_FILENAME  /usr/local/opnsense/scripts/nginx/ngx_auth.php;
          fastcgi_intercept_errors on;
          include        fastcgi_params;
        }
        if ($scheme != "https") {
            return 302 https://$host$request_uri;
        }
        include 3ff00805-c4ec-4c7b-a399-df330c046d7f_pre/*.conf;
    location  / {
        LearningMode;
        BasicRule wl:19;
        DeniedUrl "/waf_denied.html";
        autoindex off;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-TLS-Cipher $ssl_cipher;
        proxy_set_header X-TLS-Protocol $ssl_protocol;
        proxy_set_header X-TLS-SNI-Host $ssl_server_name;
        # proxy headers for backend server
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-TLS-Client-Intercepted $tls_intercepted;
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
        proxy_ignore_client_abort off;
        proxy_request_buffering off;
        proxy_max_temp_file_size 4096m;
        proxy_buffering off;
        proxy_pass http://upstream952a0856e5c44c92ab0c6379c7685d78;
        proxy_hide_header X-Powered-By;
        proxy_hide_header X-XSS-Protection;
        proxy_hide_header X-Content-Type-Options;
        proxy_hide_header Strict-Transport-Security;
        include 3299d012-a8eb-4a7b-89b4-bb63cb398d3f_post/*.conf;
    }

    Code:
    [2025-08-19 00:09:30.798 +00:00] [INF] [37] MediaBrowser.MediaEncoding.Transcoding.TranscodeManager: FFmpeg exited with code 0
    [2025-08-19 01:06:14.693 +00:00] [INF] [46] Emby.Server.Implementations.HttpServer.WebSocketManager: WS "[servergateway]" request
    [2025-08-19 01:09:13.097 +00:00] [INF] [50] Emby.Server.Implementations.AppBase.BaseConfigurationManager: Saving system configuration
    [2025-08-19 01:09:13.132 +00:00] [INF] [50] Emby.Server.Implementations.AppBase.BaseConfigurationManager: Setting cache path: "/cache"
    [2025-08-19 01:09:13.133 +00:00] [INF] [29] Jellyfin.Networking.PortForwardingHost: Stopping NAT discovery
    [2025-08-19 01:09:44.353 +00:00] [INF] [50] Emby.Server.Implementations.Session.SessionManager: Logging out access token "[token]"
    [2025-08-19 01:09:46.599 +00:00] [INF] [51] Emby.Server.Implementations.Session.SessionManager: Logging out access token "[token]"
    [2025-08-19 01:10:42.476 +00:00] [INF] [28] Jellyfin.Networking.Manager.NetworkManager: Defined LAN subnets: ["::1/128", "fe80::/10", "fc00::/7", "127.0.0.1/8", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
    [2025-08-19 01:10:42.476 +00:00] [INF] [28] Jellyfin.Networking.Manager.NetworkManager: Defined LAN exclusions: []
    [2025-08-19 01:10:42.476 +00:00] [INF] [28] Jellyfin.Networking.Manager.NetworkManager: Used LAN subnets: ["::1/128", "fe80::/10", "fc00::/7", "127.0.0.1/8", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
    [2025-08-19 01:10:42.476 +00:00] [INF] [28] Jellyfin.Networking.Manager.NetworkManager: Filtered interface addresses: ["127.0.0.1", "172.22.0.2", "::1"]
    [2025-08-19 01:10:42.476 +00:00] [INF] [28] Jellyfin.Networking.Manager.NetworkManager: Bind Addresses ["::"]
    [2025-08-19 01:10:42.477 +00:00] [INF] [28] Jellyfin.Networking.Manager.NetworkManager: Remote IP filter is "Allowlist"
    [2025-08-19 01:10:42.477 +00:00] [INF] [28] Jellyfin.Networking.Manager.NetworkManager: Filtered subnets: []
    [2025-08-19 01:25:27.571 +00:00] [INF] [76] Emby.Server.Implementations.HttpServer.WebSocketManager: WS "[servergateway]" closed
    [2025-08-19 01:33:37.487 +00:00] [INF] [74] Jellyfin.Server.Implementations.Users.UserManager: Authentication request for "[user]" has succeeded.
    [2025-08-19 01:33:37.488 +00:00] [INF] [74] Emby.Server.Implementations.Session.SessionManager: Current/Max sessions for user "[user]": 0/0
    [2025-08-19 01:33:37.488 +00:00] [INF] [74] Emby.Server.Implementations.Session.SessionManager: Creating new access token for user [token]
    [2025-08-19 01:33:37.699 +00:00] [INF] [74] Emby.Server.Implementations.HttpServer.WebSocketManager: WS "[servergateway]" request
    [2025-08-19 01:34:15.902 +00:00] [WRN] [70] Emby.Server.Implementations.HttpServer.WebSocketConnection: WS "[servergateway]" error receiving data: "The remote party closed the WebSocket connection without completing the close handshake."
    [2025-08-19 01:34:15.936 +00:00] [INF] [70] Emby.Server.Implementations.HttpServer.WebSocketManager: WS "[servergateway]" closed
    [2025-08-19 01:35:53.660 +00:00] [INF] [83] Emby.Server.Implementations.HttpServer.WebSocketManager: WS "[servergateway]" request
    [2025-08-19 01:35:55.467 +00:00] [INF] [89] Emby.Server.Implementations.HttpServer.WebSocketManager: WS "[servergateway]" closed
    [2025-08-19 02:00:00.093 +00:00] [INF] [152] Emby.Server.Implementations.ScheduledTasks.TaskManager: "Extract Chapter Images" Completed after 0 minute(s) and 0 seconds
    [2025-08-19 02:00:01.003 +00:00] [INF] [151] Emby.Server.Implementations.ScheduledTasks.TaskManager: Daily trigger for "Extract Chapter Images" set to fire at 2025-08-20 02:00:00.000 +00:00, which is 23:59:58.9966529 from now.
    [2025-08-19 02:18:07.760 +00:00] [INF] [8] Emby.Server.Implementations.HttpServer.WebSocketManager: WS "[servergateway]" request
    [2025-08-19 02:19:14.329 +00:00] [INF] [11] Jellyfin.Networking.Manager.NetworkManager: Defined LAN subnets: ["[VLAN IP]"]
    [2025-08-19 02:19:14.329 +00:00] [INF] [11] Jellyfin.Networking.Manager.NetworkManager: Defined LAN exclusions: []
    [2025-08-19 02:19:14.329 +00:00] [INF] [11] Jellyfin.Networking.Manager.NetworkManager: Used LAN subnets: ["[VLAN IP]"]
    [2025-08-19 02:19:14.329 +00:00] [INF] [11] Jellyfin.Networking.Manager.NetworkManager: Filtered interface addresses: ["127.0.0.1", "172.22.0.2", "::1"]
    [2025-08-19 02:19:14.329 +00:00] [INF] [11] Jellyfin.Networking.Manager.NetworkManager: Bind Addresses ["::"]
    [2025-08-19 02:19:14.329 +00:00] [INF] [11] Jellyfin.Networking.Manager.NetworkManager: Remote IP filter is "Allowlist"
    [2025-08-19 02:19:14.329 +00:00] [INF] [11] Jellyfin.Networking.Manager.NetworkManager: Filtered subnets: []
    [2025-08-19 02:34:36.174 +00:00] [WRN] [80] Emby.Server.Implementations.HttpServer.WebSocketConnection: WS "[servergateway]" error receiving data: "The remote party closed the WebSocket connection without completing the close handshake."
    [2025-08-19 02:34:36.343 +00:00] [INF] [80] Emby.Server.Implementations.HttpServer.WebSocketManager: WS "[servergateway]" closed
    [2025-08-19 02:50:14.984 +00:00] [INF] [22] Emby.Server.Implementations.HttpServer.WebSocketManager: WS "[servergateway]" request

    Literally set this up last night, and just tried a test today.
    « Next Oldest | Next Newest »

    Users browsing this thread: 1 Guest(s)


    • View a Printable Version
    • Subscribe to this thread
    Forum Jump:

    Home · Team · Help · Contact
    © Designed by D&D - Powered by MyBB
    L


    Jellyfin

    The Free Software Media System

    Linear Mode
    Threaded Mode