Hi everyone.
I’m being trying to get subdomains working for the various services I’m planning on using (AdGuard, nextcloud and jellyfin mostly) so I can access them outside the network. I’ve read various posts here and it seems reverse proxy is the way to go. Though I can’t seem to get any of the conf files for nginx working. They all redirect to the nginx page. Is there something I’m doing wrong?
You could start sharing the configuration files you are using. And do you have activated the configuration?
This is for adguard
location /aghome/ {
proxy_pass http://127.0.0.1:8083/;
proxy_redirect / /aghome/;
proxy_cookie_path / /aghome/;
}
And this is for jellyfin
# Uncomment the commented sections after you have acquired a SSL Certificate
server {
listen 80;
listen [::]:80;
# server_name sub.domain.com;
# Uncomment to redirect HTTP to HTTPS
# return 301 https://$host$request_uri;
#}
#server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
server_name sub.domain.com;
## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
client_max_body_size 20M;
# use a variable to store the upstream proxy
# in this example we are using a hostname which is resolved via DNS
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g `set $jellyfin 127.0.0.1`)
set $jellyfin jellyfin;
resolver 127.0.0.1 valid=30;
#ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/sub.domain.comprivkey.pem;
#include /etc/letsencrypt/options-ssl-nginx.conf;
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
#add_header Strict-Transport-Security "max-age=31536000" always;
#ssl_trusted_certificate /etc/letsencrypt/live/sub.domain.com/chain.pem;
#ssl_stapling on;
#ssl_stapling_verify on;
# Security / XSS Mitigation Headers
# NOTE: X-Frame-Options may cause issues with the webOS app
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# Content Security Policy
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# Enforces https content and restricts JS/CSS to origin
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
# NOTE: The default CSP headers may cause issues with the webOS app
#add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
location = / {
return 302 http://$host/web/;
#return 302 https://$host/web/;
}
location / {
# Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
# location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
location = /web/ {
# Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://$jellyfin:8096;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
for AGH, following was working to me. I did some testing on another topic. Maybe, it could be reused One IP versus several services, how? - #15 by Joulinar
For Jellyfin some configuration to be done according to the config file. Did you have done this?
# use a variable to store the upstream proxy
# in this example we are using a hostname which is resolved via DNS
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g `set $jellyfin 127.0.0.1`)
set $jellyfin jellyfin;
resolver 127.0.0.1 valid=30;
I tried the one you linked and I got AdGuard working on domain.com/aghome but not sub.domain.com
I had to change the for https from 443 to 4443 to stop getting the error so I don’t know if the reverse proxy is working?
Yes I have the same lines in the jellyfin config but no dice.
Did you setup your sub domain as DDNS? Does it have correct IP address assigned?
Where did you change this setting? In which configuration file?
That’s exactly the point. You need to adjust this section to fit to your system as written on the comments within the code section.
LightTPD can’t do this can it?
The OP is running Nginx, therefore lighttpd is not an option as it would be a conflicting web server 
Personally, I find it more complex to configure lighttpd as proxy compared to Nginx and/or Apache