Nginx Proxy Manager: Custom locations don't work

[Iacov]

well, apparently i forgot to tell npm where to route the request in the "advanced" tab

the improved code looks like this and is to be posted in the "advanced" tab

Code:

location / {
    # Proxy main Jellyfin traffic
    proxy_pass http://$jellyfin:8096;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Protocol $scheme;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_headers_hash_max_size 2048;
    proxy_headers_hash_bucket_size 128;

    # Security / XSS Mitigation Headers
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "0";
    add_header X-Content-Type-Options "nosniff";

    # Content Security Policy
    #add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
}

location /socket {
    # Proxy Jellyfin Websockets traffic
    proxy_pass http://$jellyfin:8096;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Protocol $scheme;
    proxy_set_header X-Forwarded-Host $http_host;

    # Security / XSS Mitigation Headers
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "0";
    add_header X-Content-Type-Options "nosniff";

    # Content Security Policy
    #add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
}

i did have to adapt proxy_pass http://$jellyfin:8096; to my actual ip - but npm is content now and i can access the site
i just don't know how to test if it works now
because the / location worked even without a custom location or the advanced tab

edit: but had do delete the code again, because having this code active prohibited the dashboard of showing playback info in real time. (e.g. the time did not refresh on its own when looking at the current playback...always hat to f5 the page)

[TheDreadPirate]

edit: but had do delete the code again, because having this code active prohibited the dashboard of showing playback info in real time. (e.g. the time did not refresh on its own when looking at the current playback...always hat to f5 the page)

This mean that the websocket (/socket) isn't being passed.

[Iacov]

This mean that the websocket (/socket) isn't being passed.

it's weird that it's working then without the custom location code..

is it for sure, that i actually need the custom locations?
because if it were not for the documentation, i would have no indication that i need to "fix" something, as everything seems to work as far as i can tell at the moment

[TheDreadPirate]

Its possible that NPM has changed since the docs were written.

[Iacov]

can i somehow contribute in finding a conclusion so that the docs can be updated?
either that it's not necessary anymore or in finding clues that it might still be relevant?

[TheDreadPirate]

I have a test setup I plan to add NPM to. Thanks for working through this with us. I will be writing up some updates to a bunch of documentation and this is now on my to-do list.

[Iacov]

I have a test setup I plan to add NPM to.  Thanks for working through this with us.  I will be writing up some updates to a bunch of documentation and this is now on my to-do list.

alright, let me know if i can provide any infos from my setup

[TheDreadPirate]

Here is what I wrote up (not final, hasn't been published to the site).

https://github.com/jellyfin/jellyfin.org...xy-manager

Does it match up with what ended up working for you?

[Iacov]

Create a proxy host and point it to your Jellyfin server's IP address and http port (usually 8096)

Enable "Block Common Exploits", and "Websockets Support". Configure the access list if you intend to use them. Otherwise leave it on "publicly accessible".

this does match 1:1 (i have deactived caching after your recommendation)

In the "SSL" tab, use the jellyfin.example.org certificate that you created with Nginx Proxy Manager and enable "Force SSL", "HTTP/2 Support", "HSTS Enabled", "HSTS Subdomains".

this also matches 1:1

In the "Advanced" tab, enter the following in "Custom Nginx Configuration". This is optional, but recommended if you intend to make Jellyfin accessible outside of your home.

this (and the following code block) is not in my configuration
do you recommend to add these settings? can i somehow test their effect? (i only use jellyfin in my local LAN or via selfhosted wireguard vpn)

so effectively, in my config, i have only "use" the tabs "Details" and "SSL"

[TheDreadPirate]

There won't be a practical difference with or without the Custom Nginx Configuration. They are just extra security options.