Yesterday, 05:01 PM
(This post was last modified: Yesterday, 05:11 PM by telepathicChimp. Edited 4 times in total.)
@TheDreadPirate, thank you for the reply.
I am at work right now, but I'll try out some of your suggestions when I get home.
I see. It's strange because the uPnP rules are the only ones that work, but I'll try turning it off since, like I said, they create port forwarding rules to a completely unrecognizable IP.
Thank you for this information. I guess I meant to say that I encounter this issue whether
I already checked and Comcast explicitly does not block 443 or 80. However, I still believe this might be a possibility since I have experienced so much bitter frustration in trying to make this work.
This, I don't quite understand. The way I have it set up now, when I connect to https://jellyfin.example.com, my DNS provider points it to my remote VM, which is SSL-certified and running Nginx. The Nginx configuration forwards to port 8096 (default unencrypted to my pi). My pi's Nginx then forwards to https://example.jellyfin.com:8920, which is admittedly quite confusing and doesn't intuitively make sense to me or maybe anyone else, but that's how I was able to get it to work (I could be wrong so I'll go double-check when I get home). Both my pi and my remote VM are using the same certificates for https://example.jellyfin.com. Both 8096 and 8920 are automatically being forwarded on my router, set up by uPnP. I have also configured
If I set up my reverse proxy to listen on a random port in the ephemeral range, wouldn't that make it not possible for friends or family to connect to it like a web page? I know you can select the desired port in the Jellyfin app but it would be cool to have the web page working as well. Or are you saying reverse proxy requests on 80 and 443 on my remote VM to 49152–65535 on my public IP? I am also new to this stuff so I appreciate your patience as I juggle these terms.
On an unrelated note, I'm probably going to sell the pi soon anyway since it's apparently not great, either for Jellyfin or for Steam Link.
I am at work right now, but I'll try out some of your suggestions when I get home.
Quote:You should not use uPnP for port forwarding rules. You should set static rules. uPnP rules expire after a while on most routers.
I see. It's strange because the uPnP rules are the only ones that work, but I'll try turning it off since, like I said, they create port forwarding rules to a completely unrecognizable IP.
Quote:UFW being disabled does not mean the firewall is disabled. UFW is a front end for iptables of nftables. When UFW is disabled, any rules created by UFW are disabled, but iptables/nftables is still running.
Thank you for this information. I guess I meant to say that I encounter this issue whether
ufw is enabled or disabled, **or** if I have allowed HTTP/HTTPS. Explicitly allowing those ports still does not allow anything to come through. I'll try again when I get home, though.Quote:Some ISPs do not allow web servers on residential Internet plans.
I already checked and Comcast explicitly does not block 443 or 80. However, I still believe this might be a possibility since I have experienced so much bitter frustration in trying to make this work.
Quote:Change your reverse proxy to listen on a random port, preferably in the ephemeral range (49152–65535), setup port fowarding and UFW accordingly, and try again.
This, I don't quite understand. The way I have it set up now, when I connect to https://jellyfin.example.com, my DNS provider points it to my remote VM, which is SSL-certified and running Nginx. The Nginx configuration forwards to port 8096 (default unencrypted to my pi). My pi's Nginx then forwards to https://example.jellyfin.com:8920, which is admittedly quite confusing and doesn't intuitively make sense to me or maybe anyone else, but that's how I was able to get it to work (I could be wrong so I'll go double-check when I get home). Both my pi and my remote VM are using the same certificates for https://example.jellyfin.com. Both 8096 and 8920 are automatically being forwarded on my router, set up by uPnP. I have also configured
ufw to block any connections not originating from my remove VM or my LAN.If I set up my reverse proxy to listen on a random port in the ephemeral range, wouldn't that make it not possible for friends or family to connect to it like a web page? I know you can select the desired port in the Jellyfin app but it would be cool to have the web page working as well. Or are you saying reverse proxy requests on 80 and 443 on my remote VM to 49152–65535 on my public IP? I am also new to this stuff so I appreciate your patience as I juggle these terms.
On an unrelated note, I'm probably going to sell the pi soon anyway since it's apparently not great, either for Jellyfin or for Steam Link.