diff --git a/Password-Resets-outside-local-network.md b/Password-Resets-outside-local-network.md index 74cc29d..ddb0fc1 100644 --- a/Password-Resets-outside-local-network.md +++ b/Password-Resets-outside-local-network.md @@ -1,16 +1,19 @@ -If you have Jellyfin set up to recognize connections from the LAN network, it will complain when a user tries to do a password reset remotely. If you're using a reverse proxy, Jellyfin knows the real IP of a user through the `X-Real-IP`/`Host` HTTP headers, which common proxy configs include. If you want to allow password resets for remote users, you can selectively not add this header to the specific routes necessary, which are `http:///Users/ForgotPassword` and `http:///Users/ForgotPassword/Pin`. This way Jellyfin will see the IP of the reverse proxy, which should be on your local network. If the proxy isn't on the same network, you could maybe hardcode `X-Real-IP`/`Host` to a local address. +If you have Jellyfin set up to recognize connections from the LAN network, it will complain when a user tries to do a password reset remotely. If you're using a reverse proxy, Jellyfin knows the real IP of a user through the `X-Forwarded-For` HTTP header, which common proxy configs include. If you want to allow password resets for remote users, you can selectively override this with an IP address the Jellyfin sees as local for the necessary routes, which are `http:///Users/ForgotPassword` and `http:///Users/ForgotPassword/Pin`. ***Example NGINX config*** -``` +```nginx # add to your \`server {\` section + + # rest of jellyfin config + location /Users/ForgotPassword { proxy_pass http:///Users/ForgotPassword; - proxy_set_header Host $host; + proxy_set_header X-Forwarded-For ; } location /Users/ForgotPassword/Pin { proxy_pass http:///Users/ForgotPassword/Pin; - proxy_set_header Host $host; + proxy_set_header X-Forwarded-For ; } ```