2025-08-20, 01:09 PM
Here is the current apache2 setup i got after reading many articles on jellyfin for this setup. Still not working on apps, working fine on all browsers remotely.
<VirtualHost *:443>
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
ProxyPreserveHost On
SSLEngine on
SSLCertificateFile /etc/apache2/certs/mysite.crt
SSLCertificateKeyFile /etc/apache2/certs/mysite.key
ServerName www.mysite.com
#DocumentRoot /var/www/mysite
# ProxyPass Directives
#ProxyPass /socket/ ws
/localhost:8096/socket/
#ProxyPassReverse /socket/ ws/localhost:8096/socket/
#ProxyPass / http://localhost:8096/
#ProxyPassReverse / http://localhost:8096/
#ProxyPass / http://10.10.10.40:8096/
#ProxyPassReverse / http://10.10.10.40:8096/
# Letsencrypt's certbot will place a file in this folder when updating/verifying certs
# This line will tell apache to not to use the proxy for this folder.
ProxyPass "/.well-known/" "!"
# Tell Jellyfin to forward requests that came from TLS connections
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
# Apache should be able to know when to change protocols (between WebSocket and HTTP)
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket
RewriteRule /(.*) ws/127.0.0.1:8096/socket/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket
RewriteRule /(.*) http://127.0.0.1:8096/$1 [P,L]
# Enable only strong encryption ciphers and prefer versions with Forward Secrecy
SSLCipherSuite HIGH:RC4-SHA:AES128-SHA:!aNULL:!MD5
SSLHonorCipherOrder on
# Disable insecure SSL and TLS versions
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
ErrorLog ${APACHE_LOG_DIR}/mysite.error.log
CustomLog ${APACHE_LOG_DIR}/mysite.access.log combined
</VirtualHost>
<Location /jellyfin/socket>
ProxyPreserveHost On
ProxyPass "ws/127.0.0.1:8096/jellyfin/socket"
ProxyPassReverse "ws/127.0.0.1:8096/jellyfin/socket"
</Location>
<Location /jellyfin>
ProxyPass "http://127.0.0.1:8096/jellyfin"
ProxyPassReverse "http://127.0.0.1:8096/jellyfin"
</Location>
<VirtualHost *:443>
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
ProxyPreserveHost On
SSLEngine on
SSLCertificateFile /etc/apache2/certs/mysite.crt
SSLCertificateKeyFile /etc/apache2/certs/mysite.key
ServerName www.mysite.com
#DocumentRoot /var/www/mysite
# ProxyPass Directives
#ProxyPass /socket/ ws
/localhost:8096/socket/#ProxyPassReverse /socket/ ws
/localhost:8096/socket/#ProxyPass / http://localhost:8096/
#ProxyPassReverse / http://localhost:8096/
#ProxyPass / http://10.10.10.40:8096/
#ProxyPassReverse / http://10.10.10.40:8096/
# Letsencrypt's certbot will place a file in this folder when updating/verifying certs
# This line will tell apache to not to use the proxy for this folder.
ProxyPass "/.well-known/" "!"
# Tell Jellyfin to forward requests that came from TLS connections
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
# Apache should be able to know when to change protocols (between WebSocket and HTTP)
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket
RewriteRule /(.*) ws
/127.0.0.1:8096/socket/$1 [P,L]RewriteCond %{HTTP:Upgrade} !=websocket
RewriteRule /(.*) http://127.0.0.1:8096/$1 [P,L]
# Enable only strong encryption ciphers and prefer versions with Forward Secrecy
SSLCipherSuite HIGH:RC4-SHA:AES128-SHA:!aNULL:!MD5
SSLHonorCipherOrder on
# Disable insecure SSL and TLS versions
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
ErrorLog ${APACHE_LOG_DIR}/mysite.error.log
CustomLog ${APACHE_LOG_DIR}/mysite.access.log combined
</VirtualHost>
<Location /jellyfin/socket>
ProxyPreserveHost On
ProxyPass "ws
/127.0.0.1:8096/jellyfin/socket"ProxyPassReverse "ws
/127.0.0.1:8096/jellyfin/socket"</Location>
<Location /jellyfin>
ProxyPass "http://127.0.0.1:8096/jellyfin"
ProxyPassReverse "http://127.0.0.1:8096/jellyfin"
</Location>