2025-02-02, 07:13 PM
I got a server on 192.168.2.10, that has nginx and functions as a reverse proxy. My jellyfin server at 192.168.2.92 works correctly in browser when typing it in directly.
This is my nginx conf file, and the SSL certificates were generated correctly.
Sadly, when going to the domain, it says "error too many forwards", ufw is set to allow 8096 on both the reverse proxy and the jellyfin server.
What have I done wrongly?
Code:
server {
listen 80;
listen [::]:80;
server_name test.something.com.com;
# Uncomment to redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
# Nginx versions prior to 1.25
listen 443 ssl http2;
listen [::]:443 ssl http2;
# Nginx versions 1.25+
#listen 443 ssl;
#listen [::]:443 ssl;
#http2 on;
server_name test.something.com.com;
## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
client_max_body_size 20M;
# Comment next line to allow TLSv1.0 and TLSv1.1 if you have very old clients
ssl_protocols TLSv1.3 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/test.something.com.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test.something.com.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_trusted_certificate /etc/letsencrypt/live/test.something.com.com/chain.pem;
# use a variable to store the upstream proxy
set $jellyfin 192.168.2.92;
# Security / XSS Mitigation Headers
add_header X-Content-Type-Options "nosniff";
# Permissions policy. May cause issues with some clients
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
# Content Security Policy
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# Enforces https content and restricts JS/CSS to origin
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'";
location / {
# Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://$jellyfin:8096;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}This is my nginx conf file, and the SSL certificates were generated correctly.
Sadly, when going to the domain, it says "error too many forwards", ufw is set to allow 8096 on both the reverse proxy and the jellyfin server.
What have I done wrongly?
- AMD TR 2950x (16C/32T, proxmox)
- 128GB DDR4 ECC
- NVIDIA P4000
- 2TB NVME (Transcode, metadata, logs)
- 18TB (Movies, Series, Music)
- X399 professional gaming AsRock (iommu enabled)
- 1TB NVME OS drive