2025-01-22, 04:50 PM
(This post was last modified: 2025-01-22, 04:52 PM by TheDreadPirate. Edited 2 times in total.)
I'm a bit confused. Why is the RPi running a proxy at all? The DO Nginx proxy is going directly to Jellyfin via port 8920. It would never interact with the RPi proxy, as configured.
If your jellyfin subdomain, or the whole domain, points to the DO IP your RPi Nginx proxy never comes into play ever.
It isn't clear which host the UFW rules are from. But if they are from the server running Jellyfin, port 8920 is blocked. I'm assuming the UFW rules you've shown are from the RPi running Nginx. Regardless, on your home router port 8920 should be forwarding directly to Jellyfin and not the RPi. This is based on how you currently have things configured.
Users ---> 443<>DO Nginx<>8920 ---> 8290<>router<>8920 ---> 8920<>Jellyfin
If you do want the RPi to act as a second proxy, you'd need to change the DO proxy.
From
To
THEN the RPi proxy is used. Ideally, you would switch to http at this point on port 8096 since the traffic is now on the LAN.
Users ---> 443<>DO Nginx<>443 ---> 443<>router<>443 ---> 443<>RPi Nginx<>8096 ---> 8096<>Jellyfin Server
Some Nginx comments. You need to have a /socket location since you are using http2. Websockets are http 1.1 only. You can skip having that separate /socket location if you include a http 1.1 downgrade in the / location.
If you go with the DO to Jellyfin 8920 setup, you'd need a /socket location on the DO proxy. If you bring in the RPi Nginx into the mix, I THINK you would need a /socket location in BOTH the DO Nginx and RPi Nginx.
Another option you can explore is to forego the RPi Nginx entirely and setup Wireguard between the DO server and the Jellyfin server. This keeps the DO to Jellyfin traffic encrypted without the need for a second HTTPS connection.
If your jellyfin subdomain, or the whole domain, points to the DO IP your RPi Nginx proxy never comes into play ever.
It isn't clear which host the UFW rules are from. But if they are from the server running Jellyfin, port 8920 is blocked. I'm assuming the UFW rules you've shown are from the RPi running Nginx. Regardless, on your home router port 8920 should be forwarding directly to Jellyfin and not the RPi. This is based on how you currently have things configured.
Users ---> 443<>DO Nginx<>8920 ---> 8290<>router<>8920 ---> 8920<>Jellyfin
If you do want the RPi to act as a second proxy, you'd need to change the DO proxy.
From
Code:
proxy_pass https://5.6.7.8:8920;To
Code:
proxy_pass https://5.6.7.8;THEN the RPi proxy is used. Ideally, you would switch to http at this point on port 8096 since the traffic is now on the LAN.
Users ---> 443<>DO Nginx<>443 ---> 443<>router<>443 ---> 443<>RPi Nginx<>8096 ---> 8096<>Jellyfin Server
Some Nginx comments. You need to have a /socket location since you are using http2. Websockets are http 1.1 only. You can skip having that separate /socket location if you include a http 1.1 downgrade in the / location.
If you go with the DO to Jellyfin 8920 setup, you'd need a /socket location on the DO proxy. If you bring in the RPi Nginx into the mix, I THINK you would need a /socket location in BOTH the DO Nginx and RPi Nginx.
Another option you can explore is to forego the RPi Nginx entirely and setup Wireguard between the DO server and the Jellyfin server. This keeps the DO to Jellyfin traffic encrypted without the need for a second HTTPS connection.
Jellyfin 10.10.7 (Docker)
Ubuntu 24.04.2 LTS w/HWE
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
4x WD Red Pro 6TB CMR in RAIDZ1
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github)
Ubuntu 24.04.2 LTS w/HWE
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
4x WD Red Pro 6TB CMR in RAIDZ1