Hello everyone,
I currently have Jellyfin running through Caddy and Cloudflare as reverse proxies.
I have tried everything and can’t seem to get Jellyfin to report anything but the Cloudflare IP for clients.
Does anyone have a similar setup and could help me troubleshoot this? I can share whatever configs I am using as required.
Thanks!
Be careful about using video over the cloudflare proxy, they will come after you if you are using a TON of bandwidth
Do you know of a way to have a global caddy setting to only allow Cloudflare IPs, but “exempt” Jellyfin?
(I posted my caddy cloudflare section down below which only works as a global setting)
Track the CF-Connecting-IP field instead of the IP address to get the client.
I have followed that guide which let me to a few GitHub issues.
Here is what I have put in my config:
servers {
trusted_proxies cloudflare {
interval 12h
timeout 15s
}
trusted_proxies static private_ranges
client_ip_headers Cf-Connecting-Ip X-Forwarded-For
}
}
I have also added all Cloudflare IPs in Jellyfin’s known proxies:
103.21.244.0/22, 103.22.200.0/22, 103.31.4.0/22, 104.16.0.0/13, 104.24.0.0/14, 108.162.192.0/18, 131.0.72.0/22, 141.101.64.0/18, 162.158.0.0/15, 172.64.0.0/13, 173.245.48.0/20, 188.114.96.0/20, 190.93.240.0/20, 197.234.240.0/22, 198.41.128.0/17
Yet, I’m still not seeing the real IPs.
Using a whitelist in this manner with cloudflare may be challenging as this list can potentially change. They do have means to query it though. https://developers.cloudflare.com/api/operations/cloudflare-i-ps-cloudflare-ip-details Additionally, have you considered ipv6 support?
if you haven’t solved the problem yet, I would consider switching to Apache for your reverse proxy and using mod_remoteip.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters | More Letters |
---|---|
CF | CloudFlare |
DNS | Domain Name Service/System |
IP | Internet Protocol |
3 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.
[Thread #802 for this sub, first seen 14th Jun 2024, 03:05] [FAQ] [Full list] [Contact] [Source code]
Authelia has a page on cloudflare, does this help at all? Note that I use traefik as my reverse proxy and am not using any of cloudflares advanced features.
https://www.authelia.com/integration/proxies/forwarded-headers/#cloudflare