10 hours ago
(This post was last modified: 10 hours ago by TheDreadPirate. Edited 1 time in total.)
The proxy passes the original clients IP via the x-forwarded-for header.
As for what is considered "remote", there is a setting that defines what IP's are considered "local". Dashboard > Networking > LAN networks. By default (the field is blank), the following subnets are considered "local".
192.168.0.0/16
10.0.0.0/8
172.17.0.0/16
If your client IP does not belong to any of those subnets, the client is "remote" and you need to "Allow remote connections".
And since Apache forwards the client IP in the header, Jellyfin still sees the original IP and treats it according to what you've defined as local. You can literally put any IP address or subnet in the LAN networks field. If you have an OpenVPN or Tailscale VPN setup, you can configure Jellyfin to treat those VPN IP addresses as "local".
As for what is considered "remote", there is a setting that defines what IP's are considered "local". Dashboard > Networking > LAN networks. By default (the field is blank), the following subnets are considered "local".
192.168.0.0/16
10.0.0.0/8
172.17.0.0/16
If your client IP does not belong to any of those subnets, the client is "remote" and you need to "Allow remote connections".
And since Apache forwards the client IP in the header, Jellyfin still sees the original IP and treats it according to what you've defined as local. You can literally put any IP address or subnet in the LAN networks field. If you have an OpenVPN or Tailscale VPN setup, you can configure Jellyfin to treat those VPN IP addresses as "local".
Jellyfin 10.10.3 (Docker)
Ubuntu 24.04 LTS
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
3x WD Red Pro 6TB CMR in RAIDZ1 (JF Library)
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github)
Ubuntu 24.04 LTS
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
3x WD Red Pro 6TB CMR in RAIDZ1 (JF Library)