Please use this template for troubleshooting questions.

My issue: Can’t access proxy host URL (proxy reports as online and certificate reports as in use and green status)

How I encountered the problem: I followed a video on how to configure nginx and duck dns to make a reverse proxy for my truenas system. I want to access Jellyfin externally.

Solutions I’ve tried: Confirming ports 80,81,443 are forwarded on my router. Confirmed the domain is looking at my internal IP, deleted certificates and proxy hosts to start the same process but got the same result. When clicking the URL the page fails to load. I’m not sure what is being blocked or what setting I have not configured correctly.

Version of NGINX or NGINX adjacent software (e.g. NGINX Gateway Fabric): lc21 image via docker compose

Deployment environment: Dockge

Minimal NGINX config to reproduce your issue (preferably running on https://tech-playground.com/playgrounds/nginx for ease of debugging, and if not as a code block): *(Tip → Run nginx -T to print your entire NGINX config to your terminal.)
*
run nginx in foreground

daemon off;
pid /run/nginx/nginx.pid;
user npm;

Set number of worker processes automatically based on number of CPU cores.

worker_processes auto;

Enables the use of JIT for regular expressions to speed-up their processing.

pcre_jit on;

error_log /data/logs/fallback_error.log warn;

Includes files with directives to load dynamic modules.

include /etc/nginx/modules/*.conf;

Custom

include /data/nginx/custom/root_top[.]conf;

events {
include /data/nginx/custom/events[.]conf;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
server_tokens off;
tcp_nopush on;
tcp_nodelay on;
client_body_temp_path /tmp/nginx/body 1 2;
keepalive_timeout 90s;
proxy_connect_timeout 90s;
proxy_send_timeout 90s;
proxy_read_timeout 90s;
ssl_prefer_server_ciphers on;
gzip on;
proxy_ignore_client_abort off;
client_max_body_size 2000m;
server_names_hash_bucket_size 1024;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding “”;
proxy_cache off;
proxy_cache_path /var/lib/nginx/cache/public levels=1:2 keys_zone=public-cache:30m max_size=192m;
proxy_cache_path /var/lib/nginx/cache/private levels=1:2 keys_zone=private-cache:5m max_size=1024m;

    # Log format and fallback log file
    include /etc/nginx/conf.d/include/log-proxy.conf;

    # Dynamically generated resolvers file
    include /etc/nginx/conf.d/include/resolvers.conf;

    # Default upstream scheme
    map $host $forward_scheme {
            default http;
    }

    # Real IP Determination

    # Local subnets:
    set_real_ip_from 10.0.0.0/8;
    set_real_ip_from 172.16.0.0/12; # Includes Docker subnet
    set_real_ip_from 192.168.0.0/16;
    # NPM generated CDN ip ranges:
    include conf.d/include/ip_ranges.conf;
    # always put the following 2 lines after ip subnets:
    real_ip_header X-Real-IP;
    real_ip_recursive on;

    # Custom
    include /data/nginx/custom/http_top[.]conf;

    # Files generated by NPM
    include /etc/nginx/conf.d/*.conf;
    include /data/nginx/default_host/*.conf;
    include /data/nginx/proxy_host/*.conf;
    include /data/nginx/redirection_host/*.conf;
    include /data/nginx/dead_host/*.conf;
    include /data/nginx/temp/*.conf;

    # Custom
    include /data/nginx/custom/http[.]conf;

}

stream {

Log format and fallback log file

include /etc/nginx/conf.d/include/log-stream.conf;

    # Files generated by NPM
    include /data/nginx/stream/*.conf;

    # Custom
    include /data/nginx/custom/stream[.]conf;

}

Custom

include /data/nginx/custom/root[.]conf;

NGINX access/error log: (Tip → You can usually find the logs in the /var/log/nginx directory.)

I did want to note something: I’m on the same network as my truenas server so when i enter in jellyfin.mydomain.duckdns.org on my main Windows PC it doesn’t work. When i use tailscale on my phone over LTE that same domain URL will work.

Hi @scrigface!

Can you clarify which version of the NGINX image you are using? Could you also try to cleanup your entire NGINX config into a code block? I could edit the various configs into a single code block but I don’t want to accidentally misrepresent something.

Thanks!

Hi Alessandro,

I apologize. I’m pretty new to this stuff. I do see where some of it’s in a code block but I can’t figure out to get the entire config pasted back in as a code block. I can paste it into the playgrounds link but I can’t share it anywhere from there. At least not that I see.

My Nginx version is v2.13.6

To paste the entire config as a code block, you should be able to use the code block icon on the top of your editor view within the forum. It looks very similar to </>.

Based on the NGINX version you shared, I think you might be using NGINX Proxy Manager, an OSS solution that is not developed/maintained/supported by us, even though it is based on NGINX. There is only so much assistance I can try to offer since NPM does do some tweaks behind the scenes and I am not familiar with it at all! I would suggest starting a discussion over on their GitHub repo too

That being said, I would suggest starting by setting up NGINX with the default config. This should (in theory, NPM might have changed the defaults) set up a simple “Welcome to NGINX” page on port 80. You can then query your domain via Duck DNS and ensure Duck DNS is working.

Once that’s done, and assuming things work, you should hopefully be able to reach Jellyfin through NGINX by setting a simple reverse proxy. If using vanilla NGINX, this should be as easy as using the proxy_pass directive, at a very simple level. NPM adds a ton more features and layers on top of vanilla NGINX so it is quite hard for me to understand where the issue might lie.

Ok I will look at your GitHub link and snoop around on the Reddit sub as well. Thank you for getting back to me!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.