502 Bad Gateway - LetsEncrypt

So I’m trying to manage to switch to jellyfin but I’m having issues getting the nginx to work. Using letsencrypt the only real difference is that it’s using port 8097 instead of 8096 because I have emby going to the living room. Using linuxserver docker images for all three and nginx is giving me a 502.

Changed here and made the public https 443. It continues to work for Nextcloud and Emby.

# make sure that your dns has a cname set for jellyfin, if jellyfin is running in bridge mode, the below config should work as is, although,
# the container name is expected to be "jellyfin", if not, replace the lines "set $upstream_jellyfin jellyfin;" with "set $upstream_jellyfin <containername>;"
# for host mode, replace the lines "proxy_pass http://$upstream_jellyfin:8096;" with "proxy_pass http://HOSTIP:8096;" HOSTIP being the IP address of jellyfin
# in jellyfin settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url,
# and set the "Secure connection mode" to "Handled by reverse proxy"

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name jellyfin.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver valid=30s;
        set $upstream_jellyfin jellyfin;
        proxy_pass http://$upstream_jellyfin:8097;
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
    location ~ (/jellyfin)?/embywebsocket {
        include /config/nginx/proxy.conf;
        resolver valid=30s;
        set $upstream_jellyfin jellyfin;
        proxy_pass http://$upstream_jellyfin:8097;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;

Don’t change the port in the proxy conf

Well emby is already using port 8096 sooooooo…

They don’t have the same name, so you can use the same port. It’s just like having two different IPs

I thought these ports are what it was listening on, it’s listening on 8097, I’ve even gone so far as to put the port 8097 on the docker network so I re-applied the container with 8097:8097.

Also for the record I did change it to 8096 and got the same result.

You’re really confused about port mapping.

  1. Your mapping should be 8097:8096 to access the container through the host IP. Left side is host, right side is container. It literally forwards port 8097 on the host to port 8096 in the container, the port emby/jellyfin is listening on.

  2. With the above setting, you can connect through the host mapped port at http://HOST-IP:8097. But if you connect directly to the container (which is what letsencrypt is doing here), then you use port 8096 as that is still the container port.

Sooooo save yourself the trouble and take my advice. Don’t change the ports in the proxy conf and watch it work.

I did, it did not. I also opened the web gui and changed the port there, so 8097:8097 is valid. I’ve reverted the change since my last reply to your post and same result. I’ve even gone so far as to take down emby and use port 8096. Same result.

Now you messed with it too much. Never change ports in apps’ webguis for our containers unless the instructions tell you to do so.

If you follow the readme instructions and not do anything extra, it works.

Ok so
rm -rf apps/jellyfin
docker rm -f jellyfin
letsencrypt subdomain is default at 8096.
docker run with 8097:8096
change public https to 443 per the instructions.
set handled by reverse proxy per instructions.
I don’t see a field for external domain.

docker restart letsencrypt

Still 502.

Post your docker run for jellyfin

docker run \
    --name=jellyfin \
    -e PUID=1000 \
    -e PGID=1000 \
    -e TZ=America/Chicago \
    -p 8097:8096 \
    -p 8921:8920 \
    -v /home/administrator/apps/jellyfin/config:/config \
    -v /home/administrator/apps/jellyfin/transcode:/transcode \
    -v /home/administrator/apps/letsencrypt:/ssl \
    -v /mnt/media/tvshows:/tvshows \
    -v /mnt/media/movies:/movies \
    -v /mnt/media/music:/music \
    -v /mnt/media/nuggets:/nuggets \
    -v /mnt:/mnt \
    --restart unless-stopped \
    -d linuxserver/jellyfin:latest

You didn’t put it in the same user defined bridge network as letsencrypt

Well shit lol. Guess I could have led with that command.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.