Https acces, local time out

Hello,
I have a problem with https access. I installed Jellyfin as a docker on a Synology NAS.
I have no problem accessing http://192.168.0.42:8096 at my jellyfin server, but impossible via https://192.168.0.42:8920 (time-out connection)

An idea ?
Thank you

How did you set up the SSL? Did you use a Reverse Proxy or add a certificate to Jellyfin?

We don’t include a certificate by default, so this needs some “first time setup”.

Thank you for your reply.
I chose the reverse proxy option, I created an ngnix container to solve the problem.

Hello,

Is it normal that in the activity of the server, it is impossible for me to know the real IP address of the person who connects? Instead, I have the IP address of my proxy appearing!

Ngnix Proxy :

server {
listen 8080;
server_name _;

location / {
    # Proxy main Jellyfin traffic
    proxy_pass http://192.168.0.42:8096;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Protocol $scheme;
    proxy_set_header X-Forwarded-Host $http_host;

    # Disable buffering when the nginx proxy gets very resource heavy upon streaming
    proxy_buffering off;
}
location /socket {
    # Proxy Jellyfin Websockets traffic
    proxy_pass http://192.168.0.42:8096;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Protocol $scheme;
    proxy_set_header X-Forwarded-Host $http_host;
}

}

Proxy DSM :

@EVOTk I’m new to jellyfin, but I can spot a couple things wrong with your nginx config:

Since you’re using a reverse proxy, you wouldn’t access the jellyfin port directly - https://192.168.0.42:8920 would not be correct. You want to enter the location of the proxy - in your case, you’ve set up the proxy location to be /socket - this is a little different than usual nginx cases I’ve seen - often you’ll want to proxy port 443 so you can access your server at https://192.168.0.42 without specifying a different port. What you have might work, not sure, but you would want to access it at https://192.168.0.42/socket since that’s how you set up the proxy.

Also You need to set the target of the proxy to the https port. Currently you have this line:

    proxy_pass http://192.168.0.42:8096;

This sets the target of the proxy to 8096 - which is the http port - so the target location of the proxy won’t be the https port anyway. This needs to be 8920 instead.

However, I’ve setup jellyfin directly on 443 and can’t get it to connect to https either so not sure if there’s a bigger problem here.

Update: I got this working and I was incorrect about which port you should target when handling https by reverse proxy. It seems that the jellyfin https port setting is not what port jellyfin is expecting https traffic on, but what port it should run its own https server on - and when you reverse proxy, it does not run its own https server or accept traffic on that port.

Here’s my full nginx config for jellyfin - which was almost entirely generated for me by using the certbot nginx plugin to generate my ssl certificate: (domain name changed to protect the innocent).

server {
  server_name  "myserver.local";
  location / {
    proxy_pass   http://127.0.0.1:8096;
  }
  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/myserver.local/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/myserver.local/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
  if ($host = myserver.local) {
    return 301 https://$host$request_uri;
  } # managed by Certbot¡

  listen 80;
  server_name  "myserver.local";
}