2025-09-27, 01:45 AM
(This post was last modified: Yesterday, 12:52 AM by xpd8y2zku. Edited 4 times in total.)
Setup:
Jellyfin server set up as a reverse proxy in Nginx Proxy Manager with a wildcard LetsEncrypt SSL Certificate set up.
Jellyfin LDAP plugin used for auth, connected to a authentik ldap server, which in-turn is connected to the main authentik server instance.
Everything is hosted as separate docker containers on TrueNAS Scale - they are all on the same IP address, just different ports.
Functionally speaking, everything is working fine. I can access the server through the reverse proxy, I can watch my media, there's no issues there.
My only issue is that the client IP isn't being passed through to Jellyfin properly. In the activity page, the IP addresses of user's accessing externally is an internal 172.xx.x.x address. I'm not sure if this is normal for my LDAP setup, or if there's a way for me to get the actual client IP passed through from NPM.
On the authentik side, all the LDAP logins show internal IP, but I'm assuming that's normal because the request is coming from an internal source (Jellyfin) anyway? And if anything, it should be Jellyfin that should see the client IP?
On the NPM side, I've tried using the "Advanced Configuration" examples from so many forum posts, but none of them seem to work.
The one I'm currently using is
On the Jellyfin side, I have most of the network settings unfilled. To my understanding, this should be fine as NPM will be handling all the HTTPS/SSL stuff. I do have Known Proxies set to the base ip address of the TrueNAS server, just 192.168.50.100, the same IP everything is hosted off.
In the logs for the Jellyfin container, the IPs for auth requests are internal IPs as well.
If anyone has a similar working setup, I'd love to know what exactly I'm doing wrong here.
Thank you!
SOLVED:
For people running a similar setup, where everything is hosted in docker containers inside something like TrueNAS, the Known Proxies field should be the internal docker ip. In my case, I just used the same 172.x.x.x ip that was showing up as the incorrect Client IP, and now it appears to be working.
Jellyfin server set up as a reverse proxy in Nginx Proxy Manager with a wildcard LetsEncrypt SSL Certificate set up.
Jellyfin LDAP plugin used for auth, connected to a authentik ldap server, which in-turn is connected to the main authentik server instance.
Everything is hosted as separate docker containers on TrueNAS Scale - they are all on the same IP address, just different ports.
Functionally speaking, everything is working fine. I can access the server through the reverse proxy, I can watch my media, there's no issues there.
My only issue is that the client IP isn't being passed through to Jellyfin properly. In the activity page, the IP addresses of user's accessing externally is an internal 172.xx.x.x address. I'm not sure if this is normal for my LDAP setup, or if there's a way for me to get the actual client IP passed through from NPM.
On the authentik side, all the LDAP logins show internal IP, but I'm assuming that's normal because the request is coming from an internal source (Jellyfin) anyway? And if anything, it should be Jellyfin that should see the client IP?
On the NPM side, I've tried using the "Advanced Configuration" examples from so many forum posts, but none of them seem to work.
The one I'm currently using is
location / {
proxy_pass $forward_scheme: //$server:$port;
# Proxy main Jellyfin traffic
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
On the Jellyfin side, I have most of the network settings unfilled. To my understanding, this should be fine as NPM will be handling all the HTTPS/SSL stuff. I do have Known Proxies set to the base ip address of the TrueNAS server, just 192.168.50.100, the same IP everything is hosted off.
In the logs for the Jellyfin container, the IPs for auth requests are internal IPs as well.
If anyone has a similar working setup, I'd love to know what exactly I'm doing wrong here.
Thank you!
SOLVED:
For people running a similar setup, where everything is hosted in docker containers inside something like TrueNAS, the Known Proxies field should be the internal docker ip. In my case, I just used the same 172.x.x.x ip that was showing up as the incorrect Client IP, and now it appears to be working.