Nextcloud + Jellyfin over the internet

TomEighty15 · June 2, 2020, 9:13am

Hello,

I have dietpi 6.30 installed on my rpi4.
I have installed Nextloud from software optimised and jellyfin manually. I use nginx as webserver.

I have setup noip and lets encrypt. I am able to access nextcloud from the url https://mydomain.net/nextcloud. But I can’t acces jellyfin.

Following the jellyfin doc, I have to use a reverse proxy : https://jellyfin.org/docs/general/networking/nginx.html. WIth that, I can access jellyfin over the internet but not Nextcloud.

Do you have any idea on how I can access both over the internet?

Thank you in advance

Joulinar · June 2, 2020, 1:34pm

Hi,

many thanks for your request. Would it be possible to share your revers proxy config file? I guess you would need to forward the subpath with Nginx only and not the entire traffic that is arriving on port 80.

Another option would be to connect directly to Jellyfin (http://YOUR_ADDRESS:8096/) without using a revers proxy

TomEighty15 · June 2, 2020, 8:27pm

Hi,

My reverse config file is almost the same as the first one here : https://jellyfin.org/docs/general/networking/nginx.html

server {
    listen 80;
    server_name DOMAIN_NAME;

    # Uncomment to redirect HTTP to HTTPS
     return 301 https://$host$request_uri;
}

# Uncomment this section after you have acquired a SSL Certificate
server {
    listen 443 ssl http2;
    server_name DOMAIN_NAME;
    ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    add_header Strict-Transport-Security "max-age=31536000" always;
    ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN_NAME/chain.pem;
    ssl_stapling on;
    ssl_stapling_verify on;

#    # Security / XSS Mitigation Headers
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    # Content Security Policy
    # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
    # Enforces https content and restricts JS/CSS to origin
    # External Javascript (such as cast_sender.js for Chromecast or YouTube embed JS for external trailers) must be whitelisted.
    add_header Content-Security-Policy "default-src https: data: blob:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.youtube.com/iframe_api https://s.ytimg.com; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";

    location /jellyfin/ {
        # Proxy main Jellyfin traffic
        proxy_pass http://SERVER_IP_ADDRESS:8096/jellyfin/;
        proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;

        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
        proxy_buffering off;
    }
   
   location jellyfin/socket {
       # Proxy Jellyfin Websockets traffic
        proxy_pass http://SERVER_IP_ADDRESS:8096/jellyfin/socket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
  }
}

If I use this file, I can access jellyfin through www.mydomain.net/jellyfin with https. But I can’t acess nextcloud anymore…

I have the idea to put jellyfin and nextcloud in two dockers, would it be better?

Joulinar · June 2, 2020, 11:33pm

ok I found a working solution. It’s quite simple. Forget about the Jellyfin docs as it will break DietPi configurations. Pls remove the jellyfin.conf file you created.

We will create our own conf file like this

nano /etc/nginx/sites-dietpi/jellyfin.conf

pls copy the following inside the file

  # Jellyfin
    location /jellyfin {
        return 302 $scheme://$host/jellyfin/;
    }

    location /jellyfin/ {
        # Proxy main Jellyfin traffic

        # The / at the end is significant.
        # https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/

        proxy_pass http://localhost:8096/jellyfin/;

        proxy_pass_request_headers on;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $http_host;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;

        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
        proxy_buffering off;
    }

save the file and restart nginx

systemctl restart nginx.service

TomEighty15 · June 10, 2020, 3:54pm

I just tried.

And it’s working! Thank you