Having issues with your DietPi installation or found a bug? Post it here.
TomEighty15
Posts: 6 Joined: Mon Jun 01, 2020 3:45 pm
Post
by TomEighty15 » Tue Jun 02, 2020 11:13 am
Hello,
I have dietpi 6.30 installed on my rpi4.
I have installed Nextloud from software optimised and jellyfin manually. I use nginx as webserver.
I have setup noip and lets encrypt. I am able to access nextcloud from the url
https://mydomain.net/nextcloud . But I can't acces jellyfin.
Following the jellyfin doc, I have to use a reverse proxy :
https://jellyfin.org/docs/general/networking/nginx.html . WIth that, I can access jellyfin over the internet but not Nextcloud.
Do you have any idea on how I can access both over the internet?
Thank you in advance
Joulinar
Posts: 4175 Joined: Sat Nov 16, 2019 12:49 am
Post
by Joulinar » Tue Jun 02, 2020 3:34 pm
Hi,
many thanks for your request. Would it be possible to share your revers proxy config file? I guess you would need to forward the subpath with Nginx only and not the entire traffic that is arriving on port 80.
Another option would be to connect directly to Jellyfin (http://YOUR_ADDRESS:8096/) without using a revers proxy
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
TomEighty15
Posts: 6 Joined: Mon Jun 01, 2020 3:45 pm
Post
by TomEighty15 » Tue Jun 02, 2020 10:27 pm
Hi,
My reverse config file is almost the same as the first one here :
https://jellyfin.org/docs/general/networking/nginx.html
Code: Select all
server {
listen 80;
server_name DOMAIN_NAME;
# Uncomment to redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
# Uncomment this section after you have acquired a SSL Certificate
server {
listen 443 ssl http2;
server_name DOMAIN_NAME;
ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN_NAME/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
# # Security / XSS Mitigation Headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# Content Security Policy
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# Enforces https content and restricts JS/CSS to origin
# External Javascript (such as cast_sender.js for Chromecast or YouTube embed JS for external trailers) must be whitelisted.
add_header Content-Security-Policy "default-src https: data: blob:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.youtube.com/iframe_api https://s.ytimg.com; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
location /jellyfin/ {
# Proxy main Jellyfin traffic
proxy_pass http://SERVER_IP_ADDRESS:8096/jellyfin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
location jellyfin/socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://SERVER_IP_ADDRESS:8096/jellyfin/socket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
If I use this file, I can access jellyfin through
www.mydomain.net/jellyfin with https. But I can't acess nextcloud anymore...
I have the idea to put jellyfin and nextcloud in two dockers, would it be better?
Joulinar
Posts: 4175 Joined: Sat Nov 16, 2019 12:49 am
Post
by Joulinar » Wed Jun 03, 2020 1:33 am
ok I found a working solution. It's quite simple. Forget about the Jellyfin docs as it will break DietPi configurations. Pls remove the
jellyfin.conf file you created.
We will create our own conf file like this
Code: Select all
nano /etc/nginx/sites-dietpi/jellyfin.conf
pls copy the following inside the file
Code: Select all
# Jellyfin
location /jellyfin {
return 302 $scheme://$host/jellyfin/;
}
location /jellyfin/ {
# Proxy main Jellyfin traffic
# The / at the end is significant.
# https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
proxy_pass http://localhost:8096/jellyfin/;
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
save the file and restart nginx
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
TomEighty15
Posts: 6 Joined: Mon Jun 01, 2020 3:45 pm
Post
by TomEighty15 » Wed Jun 10, 2020 5:54 pm
I just tried.
And it's working! Thank you