In NPM I set a proxy host 192.168.box.IP to forward to 100.jellyfin.tailscale.IP:8096. I tested it by going to box.IP and jellyfin works.
I’m not surprised this worked, numbers are allowed in FQDNs, but an IP address is not entirely equivalent.
I tried “box.IP:8096” as a domain name and NPM rejected it. I tried “box.IP/jellyfin” and NPM rejected that too (I’ll try Locations in a bit)
I would strongly suggest you to read up on the OSI model.
Nginx only understands HTTP and HTTPS requests at Layer 7 (implicitly and strictly ports :80 and :443), and forwards or redirects them to Layer 4 destinations. (Nginx can technically handle other protocol requests via plugins, but that isn’t what you are looking for.)
In NPM, the proxy host name should at least contain the Raspberry Pi’s hostname, e.g. jellyfin.your-rpi-name
. Or you could use the path location option, e.g. your-rpi-name
with location /jellyfin
. (I think the second option might work with network hostname auto-discovery, in which case pihole as a DNS may not be strictly necessary.)
Regarding access tokens, there’s a third party credential helper for Linux that uses OAuth. I recently found it and started using it a month ago. Works pretty much the same as Git + Windows Credential Manager. In case you are running headless, there is a device mode flag that will allow you to login with the GitHub app on your phone.
https://github.com/hickford/git-credential-oauth
(And if you layer a timed cache helper before the OAuth helper… well you shouldn’t have to reauthenticate every time!)
Otherwise, the Git manual lists some other credential helpers that interface with some password managers.
https://git-scm.com/doc/credential-helpers