2023-09-18, 04:24 AM
Hi,
I'm having trouble connecting to Jellyfin via an nginx reverse proxy. The reverse proxy and Jellyfin server are both running on the same Windows 10 machine, both Jellyfin and nginx are both near-fresh installations, the only change being that in the jellyfin.conf the listening port is set to 8080 and the ip address is 127.0.0.1, aka localhost. I have tried adding the ip address of the server and all devices I have tested with to the Known-Proxies section under Networking in the Jellyfin Network configuration in the Dashboard, to no avail. I have tried connecting to Jellyfin with the host computer, and a few other devices on the same network (pointing to the host computer's ip address, not their own).
To be clear, connecting directly to Jellyfin via localhost:8096 (the host computer's ip address in the case of other devices) does work on all of my devices, I'm just struggling with the reverse proxy, any help would be appreciated. Thanks.
Another note: when I made changes to the nginx.conf file which is present in the same folder as the jellyfin.conf file, those changes were reflected as I intended, such as adding SSL or changing the port that is being listened to.
This is what my jellyfin.conf file looks like:
I'm having trouble connecting to Jellyfin via an nginx reverse proxy. The reverse proxy and Jellyfin server are both running on the same Windows 10 machine, both Jellyfin and nginx are both near-fresh installations, the only change being that in the jellyfin.conf the listening port is set to 8080 and the ip address is 127.0.0.1, aka localhost. I have tried adding the ip address of the server and all devices I have tested with to the Known-Proxies section under Networking in the Jellyfin Network configuration in the Dashboard, to no avail. I have tried connecting to Jellyfin with the host computer, and a few other devices on the same network (pointing to the host computer's ip address, not their own).
To be clear, connecting directly to Jellyfin via localhost:8096 (the host computer's ip address in the case of other devices) does work on all of my devices, I'm just struggling with the reverse proxy, any help would be appreciated. Thanks.
Another note: when I made changes to the nginx.conf file which is present in the same folder as the jellyfin.conf file, those changes were reflected as I intended, such as adding SSL or changing the port that is being listened to.
This is what my jellyfin.conf file looks like:
Code:
# Uncomment the commented sections after you have acquired a SSL Certificate
server {
listen 8080;
listen [::]:8080;
# server_name DOMAIN_NAME;
# Uncomment to redirect HTTP to HTTPS
# return 301 https://$host$request_uri;
#}
#server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
server_name 127.0.0.1;
## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
client_max_body_size 20M;
# use a variable to store the upstream proxy
# in this example we are using a hostname which is resolved via DNS
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g `set $jellyfin 127.0.0.1`)
set $jellyfin jellyfin;
resolver 127.0.0.1 valid=30;
#ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem;
#include /etc/letsencrypt/options-ssl-nginx.conf;
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
#add_header Strict-Transport-Security "max-age=31536000" always;
#ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN_NAME/chain.pem;
#ssl_stapling on;
#ssl_stapling_verify on;
# Security / XSS Mitigation Headers
# NOTE: X-Frame-Options may cause issues with the webOS app
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "0"; # Do NOT enable. This is obsolete/dangerous
add_header X-Content-Type-Options "nosniff";
# COOP/COEP. Disable if you use external plugins/images/assets
add_header Cross-Origin-Opener-Policy "same-origin" always;
add_header Cross-Origin-Embedder-Policy "require-corp" always;
add_header Cross-Origin-Resource-Policy "same-origin" always;
# Permissions policy. May cause issues on some clients
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
# Tell browsers to use per-origin process isolation
add_header Origin-Agent-Cluster "?1" always;
# Content Security Policy
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# Enforces https content and restricts JS/CSS to origin
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
# NOTE: The default CSP headers may cause issues with the webOS app
#add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
location = / {
return 302 http://$host/web/;
#return 302 https://$host/web/;
}
location / {
# Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
# location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
location = /web/ {
# Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://$jellyfin:8096;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}