Nextcloud + Jellyfin over the internet

TomEighty15 · 2 June 2020 09:13

Hello,

I have dietpi 6.30 installed on my rpi4.
I have installed Nextloud from software optimised and jellyfin manually. I use nginx as webserver.

I have setup noip and lets encrypt. I am able to access nextcloud from the url https://mydomain.net/nextcloud. But I can’t acces jellyfin.

Following the jellyfin doc, I have to use a reverse proxy : https://jellyfin.org/docs/general/networking/nginx.html. WIth that, I can access jellyfin over the internet but not Nextcloud.

Do you have any idea on how I can access both over the internet?

Thank you in advance

Joulinar · 2 June 2020 13:34

Hi,

many thanks for your request. Would it be possible to share your revers proxy config file? I guess you would need to forward the subpath with Nginx only and not the entire traffic that is arriving on port 80.

Another option would be to connect directly to Jellyfin (http://YOUR_ADDRESS:8096/) without using a revers proxy

TomEighty15 · 2 June 2020 20:27

Hi,

My reverse config file is almost the same as the first one here : https://jellyfin.org/docs/general/networking/nginx.html

server {
    listen 80;
    server_name DOMAIN_NAME;

    # Uncomment to redirect HTTP to HTTPS
     return 301 https://$host$request_uri;
}

# Uncomment this section after you have acquired a SSL Certificate
server {
    listen 443 ssl http2;
    server_name DOMAIN_NAME;
    ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    add_header Strict-Transport-Security "max-age=31536000" always;
    ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN_NAME/chain.pem;
    ssl_stapling on;
    ssl_stapling_verify on;

#    # Security / XSS Mitigation Headers
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    # Content Security Policy
    # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
    # Enforces https content and restricts JS/CSS to origin
    # External Javascript (such as cast_sender.js for Chromecast or YouTube embed JS for external trailers) must be whitelisted.
    add_header Content-Security-Policy "default-src https: data: blob:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.youtube.com/iframe_api https://s.ytimg.com; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";

    location /jellyfin/ {
        # Proxy main Jellyfin traffic
        proxy_pass http://SERVER_IP_ADDRESS:8096/jellyfin/;
        proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;

        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
        proxy_buffering off;
    }
   
   location jellyfin/socket {
       # Proxy Jellyfin Websockets traffic
        proxy_pass http://SERVER_IP_ADDRESS:8096/jellyfin/socket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
  }
}

If I use this file, I can access jellyfin through www.mydomain.net/jellyfin with https. But I can’t acess nextcloud anymore…

I have the idea to put jellyfin and nextcloud in two dockers, would it be better?

Joulinar · 2 June 2020 23:33

ok I found a working solution. It’s quite simple. Forget about the Jellyfin docs as it will break DietPi configurations. Pls remove the jellyfin.conf file you created.

We will create our own conf file like this

nano /etc/nginx/sites-dietpi/jellyfin.conf

pls copy the following inside the file

  # Jellyfin
    location /jellyfin {
        return 302 $scheme://$host/jellyfin/;
    }

    location /jellyfin/ {
        # Proxy main Jellyfin traffic

        # The / at the end is significant.
        # https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/

        proxy_pass http://localhost:8097/jellyfin/;

        proxy_pass_request_headers on;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $http_host;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;

        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
        proxy_buffering off;
    }

save the file and restart nginx

systemctl restart nginx.service

TomEighty15 · 10 June 2020 15:54

I just tried.

And it’s working! Thank you

brotherelric · 29 March 2023 15:13

Does this still work? I’ve tried this but it doesn’t seem to work for me when i do dnsdomain.com/jellyfin

Jappe · 29 March 2023 15:19

Do you use also nginx as Web Server?

brotherelric · 29 March 2023 15:35

Yeah, set up with Nextcloud

Joulinar · 29 March 2023 15:53

Can you share your web server configuration you created to enable Jellyfin

brotherelric · 29 March 2023 16:01

I don’t quite understand what you mean.
If you refer to the jellyfin.conf file I created, it’s copy and pasted from the one you shared here.

Joulinar · 29 March 2023 16:20

And in with folder you created the file? Did you activate configuration?

brotherelric · 29 March 2023 21:18

This is the directory i created the file in. I didn’t do anything other than creating the file, so I’m not sure how I should activate configuration…

Joulinar · 30 March 2023 05:05

Did you restarted the web server or whole system?

brotherelric · 2 April 2023 09:36

I did both “systemctl restart nginx.service” and “reboot”

Joulinar · 3 April 2023 16:30

ok 2 thinks to verify

inside etc/nginx/sites-dietpi/jellyfin.conf, Jellyfin port needs to be 8097. They changed somewhere the last years.

proxy_pass http://localhost:8097/jellyfin/;

did you activate the correct base URL inside Jellyfin admin interface?

brotherelric · 4 April 2023 15:09

Another thing to note, if I exclude jellyfin from starting up when dietpi boots up, when I type the “jellyfin” command this error pops up
[16:08:24] [ERR] [1] Main: The server is expected to host the web client, but the provided content directory is either invalid or empty: /usr/lib/jellyfin/bin/jellyfin-web. If you do not want to host the web client with the server, you may set the '--nowebclient' command line flag, or set'hostwebclient=false' in your config settings.

brotherelric · 4 April 2023 20:29

I created the “jellyfin.conf” file pasting what you put here. I believe that the port there is 8097.

However, all of a sudden it works. I have no idea how I made it work but it now works. Still, thanks for all the help! You’re amazing.

Joulinar · 4 April 2023 20:41

I adjusted my post yesterday as the port was incorrect. It was port 8096 before. Now it is port 8097.

We changed port a year ago to resolve some conflicts DietPi-Software | Jellyfin: Change default port to 8097 to resolve conflict with Emby by Joulinar · Pull Request #5220 · MichaIng/DietPi · GitHub
But the config code above was 3 years old. Therefore, it was not up-to-date. Anyway, it’s changed now above.

brotherelric · 4 April 2023 20:44

Ohhhhhh I might have copied and pasted it again and I didn’t realize you had edited your comment.
Thanks for everything.