• Login
  • Register
    • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below
  • Forum
  • Website
  • GitHub
  • Status
  • Translation
  • Features
  • Team
  • Rules
  • Help
  • Feeds
User Links
  • Login
  • Register
    • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below

    Useful Links Forum Website GitHub Status Translation Features Team Rules Help Feeds
    Jellyfin Forum Support Troubleshooting https installation problem

     
    • 0 Vote(s) - 0 Average

    https installation problem

    Https > Debian12 - NGINX - Let's Encrypt
    fafa
    Offline

    Junior Member
    Posts: 3
    Threads: 1
    Joined: 2024 Feb
    Reputation: 0
    #1
    2024-02-25, 10:55 PM
    Hello everyone, 
    I am having problems setting up JellyFin at https://box.xxxxx.Com.
    The installation is on a Debian 12 on a dedicated server with a fixed IP.
    The web application works great when I type: http://51.xxx.153.xxx:8096/
    However, when I type: https://box.xxxxx.com I come across the Welcome NGINX homepage 
    Please! Do any of you notice an error on my setup: 

    nano /etc/nginx/conf.d/jellyfin.conf

    --------------------------------------------------------------------------------------

    # Uncomment the commented sections after you have acquired a SSL Certificate
    server {
        listen 80;
        listen [::]:80;
        server_name DOMAIN_NAME;

        # Uncomment to redirect HTTP to HTTPS
        return 301 https://$host$request_uri;
    }

    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name DOMAIN_NAME;

        ## The default client_max_body_size is 1M, this might not be enough for some posters, etc.
        client_max_body_size 20M;

        # Uncomment next line to Disable TLS 1.0 and 1.1 (Might break older devices)
        # ssl_protocols TLSv1.3 TLSv1.2;

        # use a variable to store the upstream proxy
        # in this example we are using a hostname which is resolved via DNS
        # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g set $jellyfin 127.0.0.1)
        set $jellyfin 51.xxx.153.xxx;

        ssl_certificate /etc/letsencrypt/live/box.xxxx.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/box.xxxx.com/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
        add_header Strict-Transport-Security "max-age=31536000" always;
        ssl_trusted_certificate /etc/letsencrypt/live/box.xxxx.com/chain.pem;
        ssl_stapling on;
        ssl_stapling_verify on;

        # Security / XSS Mitigation Headers
        # NOTE: X-Frame-Options may cause issues with the webOS app
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "0"; # Do NOT enable. This is obsolete/dangerous
        add_header X-Content-Type-Options "nosniff";

        # COOP/COEP. Disable if you use external plugins/images/assets
        add_header Cross-Origin-Opener-Policy "same-origin" always;
        add_header Cross-Origin-Embedder-Policy "require-corp" always;
        add_header Cross-Origin-Resource-Policy "same-origin" always;

        # Permissions policy. May cause issues on some clients
        add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), >


        # Content Security Policy
        # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
        # Enforces https content and restricts JS/CSS to origin
        # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
        # NOTE: The default CSP headers may cause issues with the webOS app
        #add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' >

       location = / {
            return 302 http://$host/web/;
            #return 302 https://$host/web/;
        }

        location / {
            # Proxy main Jellyfin traffic
            proxy_pass http://$jellyfin:8096;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Protocol $scheme;
            proxy_set_header X-Forwarded-Host $http_host;

            # Disable buffering when the nginx proxy gets very resource heavy upon streaming
            proxy_buffering off;
        }

        # location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
        location = /web/ {
            # Proxy main Jellyfin traffic
            proxy_pass http://$jellyfin:8096/web/index.html;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Protocol $scheme;
            proxy_set_header X-Forwarded-Host $http_host;
        }

        location /socket {
            # Proxy Jellyfin Websockets traffic
            proxy_pass http://$jellyfin:8096;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Protocol $scheme;
            proxy_set_header X-Forwarded-Host $http_host;
        }
    }
    -------------------------------------------------------------------------------------------------------------------------------------------
    mcarlton00
    Offline

    Kodi Addon Maintainer
    Posts: 145
    Threads: 1
    Joined: 2023 Sep
    Reputation: 9
    Country:United States
    #2
    2024-02-25, 11:28 PM
    You have to restart nginx after making changes to the config file. What you're describing is literally impossible with the config file you have right now, so it sounds like you haven't restarted it yet.
    fafa
    Offline

    Junior Member
    Posts: 3
    Threads: 1
    Joined: 2024 Feb
    Reputation: 0
    #3
    2024-02-25, 11:41 PM
    Thank you for answers but yes I restart Nginx correctly
    mcarlton00
    Offline

    Kodi Addon Maintainer
    Posts: 145
    Threads: 1
    Joined: 2023 Sep
    Reputation: 9
    Country:United States
    #4
    2024-02-26, 01:01 AM
    With the config file that you have, you cannot access your server over http. If you try you'll immediately get redirected to https instead. That's why I say that the behavior you're describing and the config file you've posted don't match, so something doesn't add up. At a glance I don't see anything wrong with the config file.
    TheDreadPirate
    Offline

    Community Moderator
    Posts: 15,374
    Threads: 10
    Joined: 2023 Jun
    Reputation: 460
    Country:United States
    #5
    2024-02-26, 01:29 AM
    Is it because your server_name doesn't include the subdomain?

    Also, in my nginx config I commented out this entire section. It has never worked for me.

    Code:
    location = / {
            return 302 http://$host/web/;
            #return 302 https://$host/web/;
        }
    Jellyfin 10.10.7 (Docker)
    Ubuntu 24.04.2 LTS w/HWE
    Intel i3 12100
    Intel Arc A380
    OS drive - SK Hynix P41 1TB
    Storage
        4x WD Red Pro 6TB CMR in RAIDZ1
    [Image: GitHub%20Sponsors-grey?logo=github]
    fafa
    Offline

    Junior Member
    Posts: 3
    Threads: 1
    Joined: 2024 Feb
    Reputation: 0
    #6
    2024-02-26, 10:15 PM
    Thank you everyone for yours answers
    I have the same problem of @TheDreadPirate
    Now it works!
    iEiEi
    Offline

    Junior Member
    Posts: 2
    Threads: 0
    Joined: 2024 Feb
    Reputation: 0
    Country:Germany
    #7
    2024-02-28, 03:42 PM
    On top of your /etc/nginx/conf.d/jellyfin.conf you define a redirect from http (Port 80) to https (Port 443). That's ok and should be done.

    server {
        listen 80;
        listen [::]:80;
        server_name jellyfin.domain.tld;

        # Uncomment to redirect HTTP to HTTPS
        return 301 https://$host$request_uri;
        }

    In your setup for https, however, you specify that a call of the document root should be redirected to http - this leads to an endless loop:

    location = / {
        return 302 http://$host/web/;
        #return 302 https://$host/web/;
        }

    And that's working in my configuration for secure connections:

    location = / {
        return 302 https://$host/web/;
        }

    Regards
    Achim
    Actually Jellyfin is running with Ubuntu 22.04 on a small Mini-ITX equipped self-built NAS with 8 GB memory. I use this box mainly as a backup target and media center for my music archive – and of course as playground for Linux.
    « Next Oldest | Next Newest »

    Users browsing this thread: 2 Guest(s)


    • View a Printable Version
    • Subscribe to this thread
    Forum Jump:

    Home · Team · Help · Contact
    © Designed by D&D - Powered by MyBB
    L


    Jellyfin

    The Free Software Media System

    Linear Mode
    Threaded Mode