starred/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2026-03-01 11:20:59 +03:00
Code Issues 822 Packages Projects Releases 10 Wiki Activity

Unable to login to Jellyfin through NGINX #712

New Issue
Closed
opened 2026-02-06 20:02:05 +03:00 by OVERLORD · 5 comments
OVERLORD commented 2026-02-06 20:02:05 +03:00
Owner
Copy Link

Originally created by @Verequies on GitHub (May 26, 2019).

Describe the bug:
Unable to login to Jellyfin when connecting through NGINX, connecting directly to the IP works, however I would rather not expose that..

To Reproduce:
Try to login through NGINX.

Expected behavior:
You're successfully logged in.

Logs:
You receive this message when trying to login:
"Connection Failure - We're unable to connect to the selected server right now. Please ensure it is running and try again."

In the browser console this is reported:
/emby/Users/authenticatebyname:1 Failed to load resource: the server responded with a status of 400 ()

System:

  • OS: Arch Linux
  • Browser: All
  • Jellyfin Version: 10.3.3
  • Reverse proxy: NGINX
Originally created by @Verequies on GitHub (May 26, 2019). **Describe the bug:** Unable to login to Jellyfin when connecting through NGINX, connecting directly to the IP works, however I would rather not expose that.. **To Reproduce:** Try to login through NGINX. **Expected behavior:** You're successfully logged in. **Logs:** You receive this message when trying to login: `"Connection Failure - We're unable to connect to the selected server right now. Please ensure it is running and try again."` In the browser console this is reported: `/emby/Users/authenticatebyname:1 Failed to load resource: the server responded with a status of 400 ()` **System:** - OS: Arch Linux - Browser: All - Jellyfin Version: 10.3.3 - Reverse proxy: NGINX
OVERLORD added the bug label 2026-02-06 20:02:05 +03:00
OVERLORD commented 2026-02-06 20:02:06 +03:00
Author
Owner
Copy Link

@DrPandemic commented on GitHub (May 26, 2019):

Could you share your NGINX config please? This might help someone find the problem.

@DrPandemic commented on GitHub (May 26, 2019): Could you share your NGINX config please? This might help someone find the problem.
OVERLORD commented 2026-02-06 20:02:07 +03:00
Author
Owner
Copy Link

@Verequies commented on GitHub (May 26, 2019):

I was running 10.2.2 before this with the same config and all was well. Just been messing around a bunch with it and narrowed it down to my websocket parameters.

For some reason Jellyfin doesn't like:

#Main NGINX file
map $http_upgrade $connection_upgrade {

     default upgrade;
    ''      close;
}

# Socket parameters file
proxy_set_header       Upgrade $http_upgrade;
proxy_set_header       Connection "upgrade";

However its required for the websockets to work. If comment out those header lines, reload nginx, login, uncomment them, reload, and refresh. You can see the websockets connect without 404.

However I then notice another error:

apiclientcore.js?v=10.3.3:58 POST https://media.example.com/emby/Sessions/Capabilities/Full 400

This is my server block:

# Jellyfin
server {

        listen                  *:443 http2 ssl;

        ssl_certificate         /path/to/example.com/ssl/fullchain.pem;
        ssl_certificate_key     /path/to/example.com/ssl/privkey.pem;
        ssl_trusted_certificate /path/to/example.com/ssl/fullchain.pem;

        include                 /path/to/example.com/config/ssl_params;

        server_name             media.example.com;

        location / {

                proxy_pass      http://jellyfin;
                include         /path/to/example.com/config/socket_params;

        }
}

This is my ssl_params:

ssl_session_cache               shared:SSL:10m;
ssl_session_timeout             10m;
ssl_session_tickets             off;

ssl_protocols                   TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers       on;
ssl_ecdh_curve                  secp521r1:secp384r1;
ssl_ciphers                     "ECDHE+ECDSA+CHACHA20:ECDHE+ECDSA+AESGCM:!AES128";

ssl_stapling                    on;
ssl_stapling_verify             on;

resolver                        1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout                5s;

add_header                      Expect-CT "enforce; max-age=2592000; report-uri=\"https://report.example.com\"" always;
add_header                      Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

And this is my socket_params:

proxy_http_version      1.1;
proxy_set_header        Upgrade $http_upgrade;
proxy_set_header        Connection "upgrade";
proxy_read_timeout      10s;
proxy_redirect          off;
proxy_set_header        Host $host;
proxy_set_header        X-Real-IP $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header        X-Forwarded-Proto $scheme;
@Verequies commented on GitHub (May 26, 2019): I was running 10.2.2 before this with the same config and all was well. Just been messing around a bunch with it and narrowed it down to my websocket parameters. For some reason Jellyfin doesn't like: ``` #Main NGINX file map $http_upgrade $connection_upgrade { default upgrade; '' close; } # Socket parameters file proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; ``` However its required for the websockets to work. If comment out those header lines, reload nginx, login, uncomment them, reload, and refresh. You can see the websockets connect without 404. However I then notice another error: ``` apiclientcore.js?v=10.3.3:58 POST https://media.example.com/emby/Sessions/Capabilities/Full 400 ``` This is my server block: ``` # Jellyfin server { listen *:443 http2 ssl; ssl_certificate /path/to/example.com/ssl/fullchain.pem; ssl_certificate_key /path/to/example.com/ssl/privkey.pem; ssl_trusted_certificate /path/to/example.com/ssl/fullchain.pem; include /path/to/example.com/config/ssl_params; server_name media.example.com; location / { proxy_pass http://jellyfin; include /path/to/example.com/config/socket_params; } } ``` This is my `ssl_params`: ``` ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ecdh_curve secp521r1:secp384r1; ssl_ciphers "ECDHE+ECDSA+CHACHA20:ECDHE+ECDSA+AESGCM:!AES128"; ssl_stapling on; ssl_stapling_verify on; resolver 1.1.1.1 1.0.0.1 valid=300s; resolver_timeout 5s; add_header Expect-CT "enforce; max-age=2592000; report-uri=\"https://report.example.com\"" always; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; ``` And this is my `socket_params`: ``` proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 10s; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; ```
OVERLORD commented 2026-02-06 20:02:09 +03:00
Author
Owner
Copy Link

@speedfreak01 commented on GitHub (May 29, 2019):

Do you have location /embywebsocket { } configured?

Make sure your config is the same as the docs, https://jellyfin.readthedocs.io/en/latest/administrator-docs/reverse-proxy/#nginx
That worked for me.

@speedfreak01 commented on GitHub (May 29, 2019): Do you have `location /embywebsocket { } ` configured? Make sure your config is the same as the docs, https://jellyfin.readthedocs.io/en/latest/administrator-docs/reverse-proxy/#nginx That worked for me.
OVERLORD commented 2026-02-06 20:02:09 +03:00
Author
Owner
Copy Link

@Verequies commented on GitHub (May 30, 2019):

@speedfreak01 Thanks heaps! I did not realise there was updated documentation. I had assumed it was a bug since everything was fine with 10.2.2.

@Verequies commented on GitHub (May 30, 2019): @speedfreak01 Thanks heaps! I did not realise there was updated documentation. I had assumed it was a bug since everything was fine with 10.2.2.
OVERLORD commented 2026-02-06 20:02:10 +03:00
Author
Owner
Copy Link

@zuosc commented on GitHub (Aug 6, 2019):

I have the same problem. My Jellyfin version is 10.3.7

this is my Nginx config

server {
        listen 443 ssl ;
        listen  [::]:443  ssl ;

        server_name  jellyfin.xxxxxxx.cn;
        client_max_body_size 1024000M;
	add_header Strict-Transport-Security "max-age=31536000" always;

        ssl_certificate     /etc/nginx/cer/*.xxxx.cn.cer;
        ssl_certificate_key  /etc/nginx/cer/*.xxxxx.cn.key;

        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;



        location / {
                # WebScoket Support
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                proxy_set_header   X-Real-IP $remote_addr;
                proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header   X-Forwarded-Proto $scheme;
		proxy_set_header   X-Forwarded-Protocol $scheme;
		proxy_set_header   X-Forwarded-Host $http_host;
                proxy_set_header   Host $http_host;
                proxy_pass         http://192.168.100.100:8096;
    	}


	location /embywebsocket {
		# Proxy Jellyfin Websockets traffic
		proxy_pass http://192.168.100.100:8096;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Forwarded-Protocol $scheme;
		proxy_set_header X-Forwarded-Host $http_host;
	}
}

@DrPandemic

OK, I find this:
https://github.com/jellyfin/jellyfin/issues/1266

remove

 # WebScoket Support
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

Everything is ok

@zuosc commented on GitHub (Aug 6, 2019): I have the same problem. My Jellyfin version is 10.3.7 this is my Nginx config ``` server { listen 443 ssl ; listen [::]:443 ssl ; server_name jellyfin.xxxxxxx.cn; client_max_body_size 1024000M; add_header Strict-Transport-Security "max-age=31536000" always; ssl_certificate /etc/nginx/cer/*.xxxx.cn.cer; ssl_certificate_key /etc/nginx/cer/*.xxxxx.cn.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { # WebScoket Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header Host $http_host; proxy_pass http://192.168.100.100:8096; } location /embywebsocket { # Proxy Jellyfin Websockets traffic proxy_pass http://192.168.100.100:8096; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; } } ``` @DrPandemic ------------------------------------------------- OK, I find this: https://github.com/jellyfin/jellyfin/issues/1266 remove ``` # WebScoket Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; ``` Everything is ok
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
EFjellyfin.db
area:database
awaiting-feedback
backend
blocked
breaking change: web api
bug
build
ci
confirmed
discussion needed
dotnet future
downstream
duplicate
enhancement
feature
future
github-actions
good first issue
hdr
help wanted
invalid
investigation
librarydb
live-tv
lyrics
media playback
music
needs testing
nuget
performance
platform
pull-request
Mirrored from GitHub Pull Request
 question
regression
release critical
requires-web
roadmap
security
security
stale
support
syncplay
ui & ux
upstream
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/jellyfin#712
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?