Manually set redirect URL

[PythonCoderAS]

Describe the bug
The Jellyfin instance thinks it has a different redirect URL than the actual redirect URL, so it redirects me to the wrong URL and I get an SSL error.

To Reproduce
Steps to reproduce the behavior:

1. Put your Docker container behind a reverse proxy
2. Try to auth

Expected behavior
It should redirect to the actual URL or let me specify it.

Screenshots
N/A

Configuration
I do not have access to the raw config files as it is on a Seedbox.

Versions (please complete the following information):

• OS: [e.g. Linux] Linux
• Browser: [e.g. chrome, safari] Chrome
• Jellyfin Version: [e.g. 10.8 Alpha 4] 10.8.13
• Plugin Version: [e.g. 2.0.1.0 or a Git tag] 3.5.2.3

Additional context
N/A

[9p4]

What is the expected URL and what is the URL that the plugin is redirecting to?

[PythonCoderAS]

The expected URL is a different domain because I am using CNAME aliasing to get to Jellyfin, so obviously the plugin cannot see that.

[9p4]

I am using CNAME aliasing for my Jellyfin instance, so the problem likely does not lie there. Could you please tell me what the plugin is redirecting you to? Screenshots of error messages may also be helpful in fixing this problem.

[PythonCoderAS]

My instance is at seedbox-jellyfin.mydomain.com, so in Authentik I have the redirect URL to https://seedbox-jellyfin.mydomain.com/sso/OID/redirect/Authentik. However, Authentik is reporting an invalid redirect URL.

[9p4]

On that error page, in the URL, there should be a redirect_uri parameter that shows what the plugin is trying to redirect to. What is that URL? It should look something like &redirect_uri=THISPARTHERE&....

[PythonCoderAS]

The URL in the bar shows &redirect_uri=https%3A%2F%2Fnl3572.dediseedbox.com%3A20259%2Fsso%2FOID%2Fredirect%2FAuthentik

[9p4]

Seems like the plugin is redirecting to https://nl3572.dediseedbox.com:20259/sso/OID/redirect/Authentik. How is this different from the expected redirect URI?

[9p4]

What are you using as a reverse proxy? It seems as if the reverse proxy is misconfigured.

[PythonCoderAS]

What are you using as a reverse proxy? It seems as if the reverse proxy is misconfigured.

The reverse proxy is not under my control and I am unable to modify the reverse proxy.

[9p4]

Can you add the IP address of the reverse proxy to Jellyfin's trusted proxy list? This may only be effective if the reverse proxy is contacting your Jellyfin server over the internet (ie not from a local IP)

[PythonCoderAS]

I have two layers of reverse proxying active, one is from Cloudflare and the other is from the seedbox's host, and I do not know what the IPs are of the seedbox's proxy since I do not have access to it.

[9p4]

Under "networking", you should be able to override the Jellyfin published URL.

[PythonCoderAS]

Under "networking", you should be able to override the Jellyfin published URL.

I tried this but it did not seem to help unfortunately.

[9p4]

Hmm, I'll have to take a look into the codepaths.

[PythonCoderAS]

For now I just bit the bullet and opened up an LDAP endpoint on Authentik.

[9p4]

I do think that this is a problem with your networking setup. However, as the reverse proxies are not under your control, I don't know what to do. I do want to avoid a custom "redirect URL override" option, but that seems like it would be warranted in this use case.

[wieluk]

I have the same problem behind cloudflare tunnel and nginx proxy manager.

Adding the nginxproxyip to trusted proxys fixes this. Sorry.