• Login
  • Register
    • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below
  • Forum
  • Website
  • GitHub
  • Status
  • Translation
  • Features
  • Team
  • Rules
  • Help
  • Feeds
User Links
  • Login
  • Register
    • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below

    Useful Links Forum Website GitHub Status Translation Features Team Rules Help Feeds
    Jellyfin Forum Support Troubleshooting Networking & Access Yet another dude with Jellyfin Android app not connecting when using domains

     
    • 0 Vote(s) - 0 Average

    Yet another dude with Jellyfin Android app not connecting when using domains

    NGINX, OPNSense, TrueNAS Scale setup
    fakemoth
    Offline

    Junior Member
    Posts: 6
    Threads: 1
    Joined: 2025 Jan
    Reputation: 0
    #6
    2025-02-03, 11:18 AM
    Thank you for trying to help!
    I hope I didn't leave anything private in the config, in a hurry right now; here is the section for my subdomain:

    Code:
    server {

        listen 80;

        listen 443 ssl;
        http2 on;
        ssl_certificate_key /usr/local/etc/nginx/key/my.domain.key;
        ssl_certificate /usr/local/etc/nginx/key/my.domain.pem;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_dhparam /usr/local/opnsense/data/OPNsense/Nginx/dh-parameters.4096.rfc7919;
        ssl_ciphers ECDHE-ECDSA-CAMELLIA256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CAMELLIA256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CAMELLIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CAMELLIA128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-AES128-SHA256;
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_prefer_server_ciphers on;
        ssl_stapling off;

        sendfile On;
        server_name  my.domain;
        real_ip_header X-Forwarded-For;

        client_header_buffer_size 1k;
        large_client_header_buffers 4 8k;
        charset utf-8;
        access_log  /var/log/nginx/my.domain.access.log main;
        access_log  /var/log/nginx/tls_handshake.log handshake;
        error_log  /var/log/nginx/my.domain.error.log error;
        #include tls.conf;
        error_page 403 /opnsense_error_403.html;
        error_page 404 /opnsense_error_404.html;
        error_page 405 /waf_denied.html;
        error_page 500 501 502 503 504 /opnsense_server_error.html;

        location = /opnsense_error_403.html {
            internal;
            root /usr/local/etc/nginx/views;
        }
        location = /opnsense_error_404.html {
            internal;
            root /usr/local/etc/nginx/views;
        }
        location = /opnsense_server_error.html {
            internal;
            root /usr/local/etc/nginx/views;
        }
        # location to ban the host permanently
        set $naxsi_extensive_log 0;
        location @permanentban {
            access_log /var/log/nginx/permanentban.access.log main;
            access_log /var/log/nginx/perm_ban.access.log main_ban;
            internal;
            add_header "Content-Type" "text/plain; charset=UTF-8" always;
            return 403 "You got banned permanently from this server.";
        }
        error_page 418 = @permanentban;
        location = /waf_denied.html {
            root /usr/local/etc/nginx/views;
            access_log /var/log/nginx/waf_denied.access.log main;
        }
        # block based on User Agents defined in global http settings
        if ($http_user_agent ~* Python-urllib|Nmap|python-requests|libwww-perl|MJ12bot|Jorgee|fasthttp|libwww|Telesphoreo|A6-Indexer|ltx71|okhttp|ZmEu|sqlmap|LMAO/2.0|l9explore|l9tcpid|Masscan|zgrab|Ronin/2.0|Hakai/2.0|Indy\sLibrary|^Mozilla/[\d\.]+$|Morfeus\sFucking\sScanner|MSIE\s[0-6]\.\d+) {
            return 418;
        }
        location /opnsense-auth-request {
          internal;
          fastcgi_pass  unix:/var/run/php-webgui.socket;
          fastcgi_index index.php;
          fastcgi_param TLS-Cipher $ssl_cipher;
          fastcgi_param TLS-Protocol $ssl_protocol;
          fastcgi_param TLS-SNI-Host $ssl_server_name;
          fastcgi_param Original-URI $request_uri;
          fastcgi_param Original-HOST $host;
          fastcgi_param SERVER-UUID "c8449996-bb2c-4a9d-b39e-69414f6caef1";
          fastcgi_param SCRIPT_FILENAME  /usr/local/opnsense/scripts/nginx/ngx_auth.php;
          fastcgi_param AUTH_SERVER "Local Database";
          fastcgi_intercept_errors on;
          include        fastcgi_params;
        }
        if ($scheme != "https") {
            return 302 https://$host$request_uri;
        }
        include c8449996-bb2c-4a9d-b39e-69414f6caef1_pre/*.conf;


    location  / {
        BasicRule wl:19;
        DeniedUrl "/waf_denied.html";
        if ($scheme != "https") {
            return 302 https://$host$request_uri;
        }
            # IP ACL
            allow x.y.z.w/27;

            deny all;
        autoindex off;
        proxy_set_header Host $host;
        proxy_set_header X-TLS-Cipher $ssl_cipher;
        proxy_set_header X-TLS-Protocol $ssl_protocol;
        proxy_set_header X-TLS-SNI-Host $ssl_server_name;
        # proxy headers for backend server
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-TLS-Client-Intercepted $tls_intercepted;
        proxy_ignore_client_abort off;
        proxy_request_buffering on;
        proxy_max_temp_file_size 1024m;
        proxy_buffering on;
        proxy_pass http://upstreamafdd56911f3640859ad5d426a4f9d922;
        proxy_hide_header X-Powered-By;
        include 64941bab-b974-47bc-956b-93198373ff49_post/*.conf;
    }
        include c8449996-bb2c-4a9d-b39e-69414f6caef1_post/*.conf;

    }
    « Next Oldest | Next Newest »

    Users browsing this thread: 1 Guest(s)


    Messages In This Thread
    Yet another dude with Jellyfin Android app not connecting when using domains - by fakemoth - 2025-01-22, 08:39 AM
    RE: Yet another dude with Jellyfin Android app not connecting when using domains - by bitmap - 2025-01-22, 02:20 PM
    RE: Yet another dude with Jellyfin Android app not connecting when using domains - by fakemoth - 2025-02-02, 12:58 PM
    RE: Yet another dude with Jellyfin Android app not connecting when using domains - by fakemoth - 2025-02-02, 01:08 PM
    RE: Yet another dude with Jellyfin Android app not connecting when using domains - by TheDreadPirate - 2025-02-03, 12:39 AM
    RE: Yet another dude with Jellyfin Android app not connecting when using domains - by fakemoth - 2025-02-03, 11:18 AM
    RE: Yet another dude with Jellyfin Android app not connecting when using domains - by TheDreadPirate - 2025-02-03, 12:44 PM
    RE: Yet another dude with Jellyfin Android app not connecting when using domains - by fakemoth - 2025-02-03, 01:21 PM
    RE: Yet another dude with Jellyfin Android app not connecting when using domains - by TheDreadPirate - 2025-02-03, 02:07 PM
    RE: Yet another dude with Jellyfin Android app not connecting when using domains - by fakemoth - 2025-02-04, 06:37 PM
    RE: Yet another dude with Jellyfin Android app not connecting when using domains - by TheDreadPirate - 2025-02-04, 06:48 PM
    RE: Yet another dude with Jellyfin Android app not connecting when using domains - by DominikFickenwirth - 2025-02-10, 06:43 PM

    • View a Printable Version
    • Subscribe to this thread
    Forum Jump:

    Home · Team · Help · Contact
    © Designed by D&D - Powered by MyBB
    L


    Jellyfin

    The Free Software Media System

    Linear Mode
    Threaded Mode