2023-07-11, 05:59 AM
(This post was last modified: 2023-07-11, 06:09 AM by dupl0. Edited 1 time in total.)
UPDATE:
So I got this "working" by generating a new Lets Encrypt cert for my NAS, and reverse proxying via that (so it was the root cert problem that was the showstopper).
However, almost nothing plays when I am logged in over HTTPS as opposed to almost everything when logged in over HTTP. I also suspect the media traffic takes a detour via the internet when using the SSL setup since the DNS seemingly must point to a public IP (A public domain that I control and own) when buying or creating certs from a third party cert provider
(I also believe to have configured everything correctly in regards to X-Forwarding and so on, but this just will not work).
Anyhow, it seems to me I have to choose between
1. unencrypted communications within my LAN, and
2. a halfway working HTTPS solution that has to have open ports to the internet and where the traffic likely gets throttled due to detouring via WAN.
If I am wrong about this and there is a way to make the media traffic route exclusively internally when the DNS is public, I am eager to understand it.
I do not know how Plex solves this, but I am reverting back to Plex for now and may make a new Jellyfin attempt later on. My experience is that the HTTPS part is difficult to get working with Jellyfin (in away that maintains full playback capabilities).
What I optimally want is to be able to sign my own certs and point jellyfin to my internal DNS that points to an internal IP address - but that seems to be impossible as long as the WebOS app cannot be told to ignore that the cert is unstrusted?
So I got this "working" by generating a new Lets Encrypt cert for my NAS, and reverse proxying via that (so it was the root cert problem that was the showstopper).
However, almost nothing plays when I am logged in over HTTPS as opposed to almost everything when logged in over HTTP. I also suspect the media traffic takes a detour via the internet when using the SSL setup since the DNS seemingly must point to a public IP (A public domain that I control and own) when buying or creating certs from a third party cert provider
(I also believe to have configured everything correctly in regards to X-Forwarding and so on, but this just will not work).
Anyhow, it seems to me I have to choose between
1. unencrypted communications within my LAN, and
2. a halfway working HTTPS solution that has to have open ports to the internet and where the traffic likely gets throttled due to detouring via WAN.
If I am wrong about this and there is a way to make the media traffic route exclusively internally when the DNS is public, I am eager to understand it.
I do not know how Plex solves this, but I am reverting back to Plex for now and may make a new Jellyfin attempt later on. My experience is that the HTTPS part is difficult to get working with Jellyfin (in away that maintains full playback capabilities).
What I optimally want is to be able to sign my own certs and point jellyfin to my internal DNS that points to an internal IP address - but that seems to be impossible as long as the WebOS app cannot be told to ignore that the cert is unstrusted?