About a month ago, I was no longer to access my media library through Jellyfin over Tailscale. I have my home network advertised as a subnet through Tailscale and the other services I am hosting from the same machine are accessible as expected. From anywhere other than my home network, if I enter the Jellyfin IP into a web browser (local or Tailnet, same result), I can reach the server select page but can’t actually connect. I want to believe this doesn’t require any remote access configuration in Jellyfin since that’s the whole point of Tailscale subnet routing. Both services are hosted as apps on the same TrueNAS Scale installation.
It look like a number of other folks have had similar issues around the same time but none of their fixes worked for me, hoping for a quick solution to a month-long battle.
I don’t recall there being a server select page when directly accessing a jellyfin instance. In my setup, I just get a sign in page. But if you enter the jellyfin IP into the browser and you get a page then that does mean that you did connect.
If you are in a browser, create a new tab, press F12 and go to network. Then open the jellyfin page. Check for any connection errors. Especially what ip/port/protocol are used in the failed connections. Also check jellyfin logs.
I don’t think you have to configure external access in jellyfin, but make sure that LAN networks is correct for your network:
It used to be that mine went directly to the login page as well (and still does when I’m on my local network), but over Tailscale I am taken to the screen below. Like you said, some part of the connection is working because otherwise I wouldn’t even see this, but entering the same IP and port here gives a general error that it couldn’t find the server.
Up to this point, I have intentionally left the LAN networks field blank since Tailscale subnet routing SNAT should cause all traffic to look as though it originated from the server itself, but maybe there is some trickery there since both services are hosted on the same machine. I will try specifically adding both my my home network and Tailnet as LAN networks. Was this a recently added feature? Before now, everything just worked.
If that fails, I’ll get into the logs and see if I can decipher what is happening. Should be able to test everything this evening.
Don’t know if there have been any relevant jellyfin changes. I guess static files work in your setup, but the API connection (websocket?) is probably failing. You should get some more details on the client with F12 or in the server logs.
Routing can be difficult. You have the docker network (by default 172.17.0.0/12), your LAN network (probably somewhere in 192.168.0.0/16), your tailscale network (100.64.0.0/10 something). All together there is a lot of NAT going on to make all the translations possible.
I don’t have a tailscale setup, so I don’t know all its quirks and can’t be that helpful.
Realized I can still remote into TrueNAS and check logs even if I can’t get into Jellyfin yet to change settings. Sure enough, it’s clearly spelled out in the log that it’s denying access from my phone’s Tailnet IP with remote access disabled. I’m willing to bet it would work fine as is if I was using a different device as a subnet router, but since they’re on the same system, it doesn’t actually get NAT’d and traverse my 192.168.xxx.xxx network like Jellyfin is expecting. Might never know which application changed what to break it, but it looks like adding the two relevant LAN networks should be the fix.
