2024-10-10, 08:44 AM
Hi all
Two of my AppleTV users are unable to play files.
After clicking play, the screen goes black. It loads for some seconds, then goes back again to the movie.
The files should be pretty easy to play, 720p and 1080p, H.264, one DTS the other AC3.
Logs will not show anything interesting
I am not sure if the problem persisted before or after I updated my NGINX reverse proxy settings to the new standards.
This is my new NGINX setting:
listen 443 ssl;
Two of my AppleTV users are unable to play files.
After clicking play, the screen goes black. It loads for some seconds, then goes back again to the movie.
The files should be pretty easy to play, 720p and 1080p, H.264, one DTS the other AC3.
Logs will not show anything interesting
Code:
[2024-10-09 14:11:52.503 +02:00] [INF] Playback stopped reported by app "Jellyfin tvOS" "1.0.1" playing "Albtraumhafte Super-Verwandlung! Freezers Kampfkraft ist 1.000.000.". Stopped at "850000" ms
[2024-10-09 14:11:52.549 +02:00] [INF] User policy for "readacted username". EnablePlaybackRemuxing: True EnableVideoPlaybackTranscoding: False EnableAudioPlaybackTranscoding: True
[2024-10-09 14:11:52.555 +02:00] [INF] User policy for "readacted username". EnablePlaybackRemuxing: True EnableVideoPlaybackTranscoding: False EnableAudioPlaybackTranscoding: True
[2024-10-09 14:11:52.560 +02:00] [INF] User policy for "readacted username". EnablePlaybackRemuxing: True EnableVideoPlaybackTranscoding: False EnableAudioPlaybackTranscoding: True
[2024-10-09 14:11:55.916 +02:00] [INF] User policy for "readacted username". EnablePlaybackRemuxing: True EnableVideoPlaybackTranscoding: False EnableAudioPlaybackTranscoding: True
[2024-10-09 14:11:55.919 +02:00] [INF] User policy for "readacted username". EnablePlaybackRemuxing: True EnableVideoPlaybackTranscoding: False EnableAudioPlaybackTranscoding: True
[2024-10-09 14:12:04.219 +02:00] [INF] Playback stopped reported by app "Jellyfin tvOS" "1.0.1" playing "Killer Joe". Stopped at "4387000" ms
I am not sure if the problem persisted before or after I updated my NGINX reverse proxy settings to the new standards.
This is my new NGINX setting:
listen 443 ssl;
Code:
listen [::]:443 ssl;
server_name jelly.mydomain.com;
http2 on;
## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
client_max_body_size 100M;
#already in ssl conf
# Uncomment next line to Disable TLS 1.0 and 1.1 (Might break older devices)
#ssl_protocols TLSv1.3 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/jelly.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jelly.mydomain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_trusted_certificate /etc/letsencrypt/live/jelly.mydomain.com/chain.pem;
# use a variable to store the upstream proxy
# in this example we are using a hostname which is resolved via DNS
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g `set $jellyfin 127.0.0.1`)
set $jellyfin 10.0.55.2;
# Security / XSS Mitigation Headers
# NOTE: X-Frame-Options may cause issues with the webOS app
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
# Permissions policy. May cause issues with some clients
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
# Content Security Policy
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# Enforces https content and restricts JS/CSS to origin
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
# NOTE: The default CSP headers may cause issues with the webOS app
add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
# old config add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtu>
# SSL own settings
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
ssl_stapling on;
ssl_stapling_verify on;
# logging
access_log /var/log/nginx/access.log combined buffer=512k flush=1m;
error_log /var/log/nginx/error.log warn;
# reverse proxy for Jelly
location / {
# Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://$jellyfin:8096;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
# additional config
# include nginxconfig.io/general.conf;
# Cache images (inside server block)
location ~ /Items/(.*)/Images {
proxy_pass http://$jellyfin:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_cache jellyfin;
proxy_cache_revalidate on;
proxy_cache_lock on;
# add_header X-Cache-Status $upstream_cache_status; # This is only to check if cache is working
}
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name jelly.mydomain.com;
include nginxconfig.io/letsencrypt.conf;
location / {
return 301 https://jelly.mydomain.com$request_uri;
}
}
# Add this outside of you server block (i.e. http block)
proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=10g inactive=60d use_temp_path=off;
Love Jellyfin
Running a Jellyfin Server on Debian behind a NGINX proxy.
I consider video transcodes a waste of CPU/GPU cycles.
Running a Jellyfin Server on Debian behind a NGINX proxy.
I consider video transcodes a waste of CPU/GPU cycles.