Enabling HTTPS on Jellyfin

LeVraiRoiDHyrule · 28 September 2020 22:10

Hi,

I would like to ask for some help to enable HTTPS on my Jellyfin media server. I can’t figure out how to configure it.

I’ve already set up a dynDNS and a domain.
I’ve already activated Letsencrypt in DietPi.

But I can’t figure out how to configure Jellyfin.

I guess I should here select the newly created cert, but where is it stored ? Where can I get it ?

I found this while browsing on my pi :

In the README there is written that the fullchain.pem is the one that should be used for other networking applications.
But in Jellyfin, when I try to enter the /etc/letsencrypt/live/[mydomain]/ , the folder looks empty :

So I don’t know what I should do to activate HTTPS on jellyfin, I didn’t find documentations on how to use it with Letsencrypt in the documentation.
Could someone help me ?
I may be imprecise on a lot of things, don’t hesitate to ask for more details
Thanks in advance, and have a good day

Joulinar · 29 September 2020 19:24

Hi,

many thanks for your report. Probably you would need grand read access for Jellyfin user to /etc/letsencrypt/live/[mydomain]/ as well as to the certificates. This way Jellyfin should be able to see the files.

Another option would be using Nginx as revers proxy. Benefit would be to reduce number of ports open to the internet as you don’t need to have Jellyfin port open. Another advantage, SSL/HTTPS handling will be done by Nginx fully. Means no settings needed within Jellyfin.

https://jellyfin.org/docs/general/networking/nginx.html

basically there are 2 options

Nginx from a subdomain (jellyfin.example.org)
Nginx with Subpath (example.org/jellyfin)

ioan-stan · 10 March 2021 03:40

Hi Joulinar, I’m interested in your first option below. I already have letsencrypt certs working fine on the same physical server for Nextcloud.

I’ve provided 775 permissions on the whole letsencrypt folder. Which file I should select in the Network Custom SSL certificate path? Anything else that needs to be done?

I selected the chain.pem file, i can save the settings, but JF is not listening on port 8920.

Many thanks,
ioan

Joulinar · 10 March 2021 08:56

does all your settings are saved correctly? And did you restart your system afterwards?

As well you would need to create a pkcs12 file. I found this one and on my test it is working https://gist.github.com/novemberborn/4eb91b0d166c27c2fcd4#gistcomment-2593153

root@DietPi4:/etc/jellyfin# ss -tulpn | grep jelly
udp     UNCONN   0        0                0.0.0.0:7359           0.0.0.0:*      users:(("jellyfin",pid=15203,fd=308))
tcp     LISTEN   0        512              0.0.0.0:8920           0.0.0.0:*      users:(("jellyfin",pid=15203,fd=292))
tcp     LISTEN   0        512              0.0.0.0:8096           0.0.0.0:*      users:(("jellyfin",pid=15203,fd=288))
root@DietPi4:/etc/jellyfin#

But this would need to be done again each time you receive a new certificate. Means you would need to create a script that will be executed by certbot once a new certificate was created.