SOLVED: Jellyfin dashboard not saving https enabled checkbox

[Peval]

Dear Community,
I have Jellyfin 10.10.5 running on my Synology NAS.
In the dashboard settings, http is enabled on default port 8096 and I would like to enable https on a custom port 8443
I can tick the https checkbox and change the port number as you can see here:



Then i click ok at the bottom of the page, and i get the following warning message:



I am using Tailscale and I already have a valid certificate for the URL of my NAS, so I assume there is nothing I have to do here in the dashboard and everything should be saved and fine
However if i reload the page, or i just exit and come back, no settings have been saved and i find the page as it was with no https enabled as you can see here:



Same result happen even if i try to enable https keeping the suggested port 8920 or any other port.
What should I do to enable https?

Many thanks!
Paolo

[TheDreadPirate]

Further down in the networking page, there is a field to provide a certificate. Jellyfin is picky about the format this needs to be in. Without a valid, supported, cert in that field you cannot enable https in Jellyfin.

However, if you are already using tailscale there is no need for https in Jellyfin. The traffic is already encrypted as it traverses the VPN. Enabling https would only be necessary if the VPN exit is not on the same host or not on a host in the same network as your Jellyfin server. If that is the case, using a reverse proxy to handle https connections is preferable to using Jellyfin's built in https server. It is not configurable to restrict clients to strong ciphers not hardened against TLS attacks.

[Peval]

Thank you!!
My internet provider use CGNAT so i cannot enable port forwarding on my router, therefore in order to give my friends access to my Jellyfin server i need either to explain them how tailscale works and get it installed on their devices, or use tailscale funnel command to expose Jellyfin port on the public internet through Tailscale relay server

Tailscale funnel only works on port 8443 (and some more) so this is why I needed to have Jellyfin https listening on that port

Mind that i am already using tailscale serve command to redirect https to port 5000 where the tailscale certificate is provided, as in port 5001 the synology DDNS certificate replies by default

What would you recommend me doing?

---

By the way, further down there is a section named "require https" but i did not want to force it, i just wanted it work in parallel with http
It says "If checked, the server will automatically redirect all requests over HTTP to HTTPS"

I also read "Custom SSL certificate path" and "Path to a PKCS #12 file containing a certificate and private key to enable TLS support on a custom domain." which are requests not very comprehensible to me. :-(

[TheDreadPirate]

In this situation, I'd still recommend using a reverse proxy like caddy/nginx/apache to handle the https connection. IT would listen on port 8443 for https requests coming to your tailscale funnel and proxy the traffic.