WebOS App and HTTPS

[dupl0]

Jellyfin server version: latest version of docker image, stable
Jellyfin client version: LG TV WebOS app, latest
Access method: both via reverse proxy and via native SSL set up within Jellyfin

Hello, 

I have setup the Jellyfin server and connected successfully to it via HTTP from my WebOS TV app. 

After that I set up HTTPS via a reverse proxy on my Synology NAS, which also worked like a charm in my MacOS browser. However; the WebOS TV app refuses point blank to connect if I put in the FQDN of the reverse proxy and the correct port (the exact same domain and port part of the address line as the one that works in the browser). 

I suspect it fails because the root certificate is not installed on the TV, but I still decided to try and add HTTPS natively instead effectively bypassing the reverse proxy.
Once again, in my browser my configuration works flawlessly
- but once I try that connection address in the WebOS TV app, no joy. 

Anyone else had similar troubles and has a hint to were the trouble is? 
I have seen in the forum some suggestions on the reverse proxy part that has not worked for me. 

MUST the TV have the Root Certificate from my Home Root CA installed for this to work (can it not accept/prompt to use an untrusted cert to simply accomplish encrypted traffic)? 
(reason I ask is because I do not use a commercial provider, only my "home CA". I also do not think the TV allows for installing custom Root CAs unless you go through some hassle with developer mode). 

Or is there something else I am missing?
On my home network I guess I can live with HTTP, but then I miss out on all the remote capability via the internet (if connecting with WebOS).

[dupl0]

UPDATE: I tested going towards the Jellyfin HTTPS DNS address + port via the TV browser and that worked (displaying a "sure you wanna continue" and I could proceed).
This variant instead failed on the authentication for some strange reason - but that could be limitations in the proprietary browser installed on the TV, I expect this browser is pretty rudimental/simple.

Anyhow, I am left with this problem being due to the certificate not being trusted?
If that is the case, I think the app on LG WebOS should be able to establish https (via user warning) in cases where cert is either self-signed or untrusted due to lack of root cert - just in order to get encrypted auth over a home network.

I also found out that installing custom root certs on the TV is not possible without rooting the TV.
So installing root certs is not possible to do via developer mode.

Tried "forcing" HTTPS - and instead pointing the app to HTTP only to be redirected to HTTPS, to no avail

[dupl0]

Anybody out there?

Surely someone else out there must have attempted HTTPS to Jellyfin from WebOS?

[dupl0]

https://github.com/jellyfin/jellyfin-webos/issues/63

So it is impossible currently to create secure communications in my local lan, because self-signed or root CA’s not trusted by the TV is simply not supported 🙄

[dupl0]

UPDATE:

So I got this "working" by generating a new Lets Encrypt cert for my NAS, and reverse proxying via that (so it was the root cert problem that was the showstopper).
However, almost nothing plays when I am logged in over HTTPS as opposed to almost everything when logged in over HTTP. I also suspect the media traffic takes a detour via the internet when using the SSL setup since the DNS seemingly must point to a public IP (A public domain that I control and own) when buying or creating certs from a third party cert provider
(I also believe to have configured everything correctly in regards to X-Forwarding and so on, but this just will not work).

Anyhow, it seems to me I have to choose between
1. unencrypted communications within my LAN, and
2. a halfway working HTTPS solution that has to have open ports to the internet and where the traffic likely gets throttled due to detouring via WAN.
If I am wrong about this and there is a way to make the media traffic route exclusively internally when the DNS is public, I am eager to understand it.

I do not know how Plex solves this, but I am reverting back to Plex for now and may make a new Jellyfin attempt later on. My experience is that the HTTPS part is difficult to get working with Jellyfin (in away that maintains full playback capabilities).

What I optimally want is to be able to sign my own certs and point jellyfin to my internal DNS that points to an internal IP address - but that seems to be impossible as long as the WebOS app cannot be told to ignore that the cert is unstrusted?

[Consuming2212]

Thanks for posting all this! I decided I wanted a proper SSL/TLS cert today and encountered most of the same issues you had. In the end, I generated a certificate with Let's Encrypt using the DNS verification method. You can do this without any proxying though, and it works with internal DNS. You can give Jellyfin a host name like jellyfin.internal.yourdomain.com and as long as you own yourdomain.com, you can issue certificates for subdomains. In my case jellyfin.internal.yourdomain.com isn't even a public DNS record, it is resolved by my router only. I use Cloudflare for my DNS, which has an API for this kind of thing. So you use the Let's Encrypt ACME program, give it your API token etc, and you're good to go!