X-Forwarded-* Header Assistance #144
Unanswered
ZacharyACoon
asked this question in
Q&A
Replies: 3 comments 4 replies
-
I am testing to see if I can work around this by manually setting the $host variable sent to jellyfin...
|
Beta Was this translation helpful? Give feedback.
0 replies
-
This isn't a plugin issue. This is a configuration issue. Jellyfin/ASP manages the population of the forwarded host variables. It seems like you have two layers of reverse proxies? Does your second proxy trust incoming X-Forwarded headers? By default (for security reasons) they don't. |
Beta Was this translation helpful? Give feedback.
2 replies
-
I believe so?
```
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
```
…On Thu, Sep 28, 2023 at 8:10 AM 9p4 ***@***.***> wrote:
Does your second proxy trust incoming X-Forwarded headers?
—
Reply to this email directly, view it on GitHub
<#144 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AQVQTH2JBPTJVU2FHFMXMELX4WHOVANCNFSM6AAAAAA5G55Z3Y>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Services are often reverse proxied behind 1 or multiple load balancers that handle TLS termination and such.
https://media.example.com/
v (X-Forwarded-Proto: https, X-Forwarded-Host: media.example.com)
http://media.services.example.com/
v
jellyfin
Problem
SSO-Auth only sees the $host variable, so when it forwards the user to for example, keycloak, the request is
ohRSwp0Zdl_NwmevGafEks&code_challenge_method=S256&client_id=media.example.com&scope=openid%20profile&redirect_uri=http%3A%2F%2Fmedia.services.location.example.com%2Fjellyfin%2Fsso%2FOID%2Fredirect%2Fexample.com
Host: http://media.services.example.com
But that's not what the user needs to be redirected too...
:) Thanks in advance.
Beta Was this translation helpful? Give feedback.
All reactions