Wrong URL being generated & sent to auth provider

[somerandomguy17]

Hi all,

How does this plugin generate the redirect_uri that is sent to the auth provider? Specifically, I'm trying to understand how it sets the server name that jellyfin is runningg on to use as the base of the redirect URI?

I'm trying to integrate with keycloak and am using nginx as my reverse proxy. The problem I'm running into is that the URL that's being sent to keycloak includes the non-proxied server name from nginx instead of the server name, causing cert errors when redirecting back to jellyfin after successfully logging into keycloak. I'm trying to understand how that URL is generated so I can try to pass the correct server name to keycloak and redirect properly without the invalid cert errors.

Proxy info:
I'm running jellyfin at jellyfin.domain.tld. In my nginx confix, I've defined the IP/port that jellyfin is running on as jellyfin-upstream and am doing a proxy_pass to https://jellyfin-upstream/. Nginx also handles the SSL termination and this works properly for all my other services and sites.

Keycloak is set up to integrate via OIDC running at keycloak.domain.tld. The root URL for the jellyfin client is specified as https://jellyfin.domain.tld/

However when the SSO plugin generates the link to keycloak it is
https://keycloak.domain.tld/realms//protocol/openid-connect/auth?response_type=code&state=**&code_challenge=code_challenge_method=S256&client_id=jellyfin&scope=openid%20profile&redirect_uri=https%3A%2F%2Fjellyfin-upstream%2Fsso%2FOID%2Fredirect%2Fkeycloak

Th issue is highlighted in bold. When generating the redirect_uri, I'm getting jellyfin-upstream instead of teh expected jellyfin.domain.tld, so after I successfully login to keycloak, it attempts to redirect to https://jellyfin-upstream/sso/OID/redirect/keycloak instead of https://jellyfin.domain.tld/sso/OID/redirect/keycloak, causing a cert error and then a 404 (if I accept the error).

I'm trying to figure out how I can get the generated url to have the correct location for jellyfin (jellyfin.domain.tld) in the redirect_uri. I'm guessing this may require some changes to my nginx config but so far I haven't been able to figure out how to make this work. Any advice would be appreciated

Thanks!

[9p4]

Are you setting the X-Forwarded-For headers in Nginx? Can I see the configuration for Nginx?

Specifically, I'm looking to see if you have the following lines:

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;

From the Jellyfin Docs

[somerandomguy17]

I actually figured this out - I had those listed but were in the wrong location block... I'll close the thread

Thanks for the quick response!