From eb79e937246c4bcff6db3df0914f0bcb88e1eb77 Mon Sep 17 00:00:00 2001 From: Ingmar Stein <490610+IngmarStein@users.noreply.github.com> Date: Sat, 26 Jul 2025 21:57:39 +0200 Subject: [PATCH] Add support for HTTPS over Unix socket This is useful - when listening on both TCP and Unix sockets with `RequireHttps` enabled - to use HTTP/2 between a reverse proxy and Jellyfin --- .../Extensions/WebHostBuilderExtensions.cs | 74 ++++++++++--------- 1 file changed, 40 insertions(+), 34 deletions(-) diff --git a/Jellyfin.Server/Extensions/WebHostBuilderExtensions.cs b/Jellyfin.Server/Extensions/WebHostBuilderExtensions.cs index be9cf0f154..e372a1b108 100644 --- a/Jellyfin.Server/Extensions/WebHostBuilderExtensions.cs +++ b/Jellyfin.Server/Extensions/WebHostBuilderExtensions.cs @@ -77,44 +77,49 @@ public static class WebHostBuilderExtensions WebHostBuilderContext builderContext, KestrelServerOptions options) { - bool flagged = false; + var flagged = false; + + void ConfigureHttps(ListenOptions listenOptions) + { + if (!httpsPort.HasValue) + { + return; + } + + if (builderContext.HostingEnvironment.IsDevelopment()) + { + try + { + listenOptions.UseHttps(); + } + catch (InvalidOperationException) + { + if (!flagged) + { + logger.LogWarning("Failed to listen to HTTPS using the ASP.NET Core HTTPS development certificate. Please ensure it has been installed and set as trusted"); + flagged = true; + } + } + } + else + { + if (certificate is null) + { + throw new InvalidOperationException("Cannot run jellyfin with https without setting a valid certificate."); + } + + listenOptions.UseHttps(certificate); + } + } + foreach (var netAdd in addresses) { var address = netAdd.Address; logger.LogInformation("Kestrel is listening on {Address}", address.Equals(IPAddress.IPv6Any) ? "all interfaces" : address); - options.Listen(netAdd.Address, httpPort); + options.Listen(address, httpPort); if (httpsPort.HasValue) { - if (builderContext.HostingEnvironment.IsDevelopment()) - { - try - { - options.Listen( - address, - httpsPort.Value, - listenOptions => listenOptions.UseHttps()); - } - catch (InvalidOperationException) - { - if (!flagged) - { - logger.LogWarning("Failed to listen to HTTPS using the ASP.NET Core HTTPS development certificate. Please ensure it has been installed and set as trusted"); - flagged = true; - } - } - } - else - { - if (certificate is null) - { - throw new InvalidOperationException("Cannot run jellyfin with https without setting a valid certificate."); - } - - options.Listen( - address, - httpsPort.Value, - listenOptions => listenOptions.UseHttps(certificate)); - } + options.Listen(address, httpsPort.Value, ConfigureHttps); } } @@ -129,8 +134,9 @@ public static class WebHostBuilderExtensions File.Delete(socketPath); } - options.ListenUnixSocket(socketPath); - logger.LogInformation("Kestrel listening to unix socket {SocketPath}", socketPath); + options.ListenUnixSocket(socketPath, ConfigureHttps); + + logger.LogInformation("Kestrel listening on unix socket {SocketPath}", socketPath); } } }