Skip Navigation
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)ED
eddie @fig.systems
Posts 0
Comments 9
cannot open port 443
  • I'd make sure you're forwarding http (port 80) to that same internal host too. I'm assuming thats your jellyfin server. Your browser might not be appending https to your domain and connecting to your router port 80. You can test this by going to both https://<your domain> and http://<your domain>.

    On your local network, does going to https://192.168.1.4 present you with what you actually want?

  • Want to run Jellyfin server. For only me and family. Want it to be remote accessible to listen to music or watch shit away from home.
  • That's where nginx security options and other tools like fail2ban come into play. I could've mentioned it better in my first sentence but a reverse proxy gives the capability to make it more secure than any options jellyfin will give you.

    I'd rather put nginx with modsecurity in front of jellyfin than not.

  • Want to run Jellyfin server. For only me and family. Want it to be remote accessible to listen to music or watch shit away from home.
  • So the reason you'd want a reverse proxy is because it handles security and would do a much better job of it than an exposed jellyfin port.

    Public FQDN -> your home IP -> your router allows 443/whatever to your reverse proxy -> it handles SSL and being hit by the internet (look into nginx security and even fail2ban) -> proxy serves up whatever insecure site/app you'd like.

  • Ansible, become: yes, and granting access to specific sudo commands without a password
  • We solved this with a local service account that has sudo permissions. You can try become_user and become just on the task as needed.

    become_user

    set to user with desired privileges — the user you become, NOT the user you login as. Does NOT imply become: true, to allow it to be set at host level. Default value is root.