2025-01-22, 01:37 AM
(This post was last modified: 2025-01-22, 01:38 AM by telepathicChimp. Edited 1 time in total.)
I have attached a Mermaid flowchart to explain what I'm talking about.
I have a DO server. Requests for a subdomain of my server are reverse proxied to my home router. Here is the configuration for that proxy:
Code:
server {
listen 443 ssl http2;
server_name example.jellyfin.com;
ssl_certificate /etc/letsencrypt/live/example.jellyfin.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.jellyfin.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass https://5.6.7.8:8920;
proxy_ssl_verify off;
#proxy_ssl_trusted_certificate /etc/letsencrypt/live/example.jellyfin.com/fullchain.pem;
#proxy_ssl_protocols TLSv1.2 TLSv1.3;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
}
}
# Redirect HTTP to HTTPS for example.jellyfin.com
server {
if ($host = example.jellyfin.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.jellyfin.com;
return 301 https://$host$request_uri;
}I have port-forwarding for port 8920 (I think I gave the wrong port in a previous post). Here is the Nginx configuration on my Raspberry Pi machine:
Code:
server {
listen 80;
server_name example.jellyfin.com;
location / {
return 301 https://example.jellyfin.com$request_uri;
}
}
server {
listen 443 ssl http2;
server_name example.jellyfin.com;
# Use your new Let’s Encrypt cert
ssl_certificate /etc/letsencrypt/live/example.jellyfin.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.jellyfin.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# Simple redirect to Jellyfin's built-in HTTPS port
location / {
return 301 https://example.jellyfin.com:8920$request_uri;
}
}So if you visit example.jellyfin.com, you get redirected to my home router at 5.6.7.8 at port 8920. If, for whatever reason, someone visits example.jellyfin.com on their web browser, they, too, get redirected to 8920.
I have the following
ufw rules in place:Code:
❯ sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
8096/tcp ALLOW 1.2.3.4
8920/tcp ALLOW 1.2.3.4
8096/tcp ALLOW 192.168.0.0/24
8920/tcp ALLOW 192.168.0.0/24
8096/tcp DENY Anywhere
8920/tcp DENY Anywhere
443 ALLOW Anywhere
80/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
8096/tcp (v6) DENY Anywhere (v6)
8920/tcp (v6) DENY Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)Anyway, ports 80 and 443 are blocked for some reason. I can't figure out why. And it seems that Comcast isn't blocking those ports.
The ip
49.57.50.46 was automatically set up by Jellyfin, presumably by uPnP. The actual LAN IP address for my ethernet-connected Pi, 192.168.0.45, doesn't work for my router's port-forwarding rules, even though that's the IP address I use to SSH into my Pi.I hope I explained myself well, and I, once again, thank you for all your help.