Hi, I’m adding Jellyfin (linuxserver.io Docker) to an Unraid server with SWAG, Nextcloud (linuxserver.io Dockers) and others working well, internally and externally through an OPNsense router/firewall. My domain and DDNS are hosted on Cloudflare.
So far, I can only access Jellyfin by IP on the LAN. I’ve missed something basic and I just can’t see it. I suspect a reverse proxy issue, although I guess it could be a router setting. Hopefully there’s a clue below that might give someone more experienced an idea where I need to look. I would appreciate any troubleshooting suggestions. Thanks!
[Edit: sorry if the obfuscation of my example URLs is confusing. This forum disallowed my post as containing links, which they are not.]
I followed the same setup steps as my other apps (creating a CNAME record, configuring SWAG in the same way, etc.).
SWAG successfully generates certificates for all my subdomains and completes without error.
DNS checker (WAN side) shows the URL “jellyfin-dot-[my_domain]” resolves correctly to my WAN address.
Port Reflection is turned on in Opnsense.
On the LAN:
Other subdomains resolve and work correctly. (eg “nextcloud-dot-[my_domain]”)
However I can only access Jellyfin by “Server-IP-Address:8096”
If I type “jellyfin-dot-[my_domain]” it gets resolved as “jellyfin-dot-[my_domain]:4443/”, and is flagged as a security risk. If I bypass the risk it says “A potential DNS Rebind attack has been detected”. (I should note that 4443 happens to be the TCP port I use for my Opnsense router)
On the WAN side:
My other subdomains can be accessed via their URLs.
“jellyfin-dot-[my_domain]” times out with a “502 Bad Gateway (nginx)” error.
I’m not sure if the issue is in the firewall or SWAG. Comparing configs with the working instances and running through Youtube tutorials again has not helped.
Again, I would appreciate any troubleshooting suggestions. Thanks!