Hi, I recently moved to a new machine, and switched from nginx to swag. When I or any of my users try to log into Jellyseerr via the reverse proxy (subdomain), after the Plex login window pops up and we log in, it takes us back to the login screen instead of the Jellyseerr main page. If I go via IP:port, it works fine.

The logs (debug level) do not seem to be logging anything surrounding a login attempt.

This was working perfectly well in nginx, and I'm using the swag template for Jellyseerr.

Is there anything I can change to get this working? My Swag subdomain config is here: https://gist.github.com/PearsonFlyer/7cf91569cb583a4ae07a534a49d27f80

I'm on Unraid 7.2.3, using the Seerr docker container from Hotio, running Seerr version 2.7.3 Stable.

Thanks!

Do you have a link to this swag template ?

Here's the sample configuration template included in Swag's setup. https://gist.github.com/PearsonFlyer/83186b484299d3316faefe1a855314b4

I'm running this on request.mydomain.com in this case.

Do you know if there's any CSP headers involved ?

If it matters, I'm running several other subdomain sites, and those work fine, it's just this. I do not know about CSP headers. 🙁

I haven't set anything up specifically for that. It's just a really basic swag reverse proxy.

that config looks wrong. are you using the template provided by swag?

this is all you need ```## Version 2025/07/18

make sure that your jellyseerr container is named jellyseerr

make sure that your dns has a cname set for jellyseerr

server {
listen 443 ssl;

listen 443 quic;

listen [::]:443 ssl;

listen [::]:443 quic;

server_name jellyseerr.*;

include /config/nginx/ssl.conf;

client_max_body_size 0;

# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;

# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;

# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;

# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;

location / {
    # enable the next two lines for http auth
    #auth_basic "Restricted";
    #auth_basic_user_file /config/nginx/.htpasswd;

    # enable for ldap auth (requires ldap-server.conf in the server block)
    #include /config/nginx/ldap-location.conf;

    # enable for Authelia (requires authelia-server.conf in the server block)
    #include /config/nginx/authelia-location.conf;

    # enable for Authentik (requires authentik-server.conf in the server block)
    #include /config/nginx/authentik-location.conf;

    # enable for Tinyauth (requires tinyauth-server.conf in the server block)
    #include /config/nginx/tinyauth-location.conf;

    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_app jellyseerr;
    set $upstream_port 5055;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

}

}

Thanks, trying that now.

ofc if you use authentik or authellia uncomment those and make sure if your container isnt named jellyseerr to change it

I do not use either of those. But this is doing the same behavior. I made 2 changes - server name request.* and set $upstream_app 192.168.1.243 instead of jellyseerr.

is swag on the same network as jellyseerr?

It is, yes.

then you can use the name just fine. so you hit login and it just takes you back to the login page?

Correct.

try in a incog window

assuming your using chrome

I'm using firefox, trying a private window, though all of my users are having the same behavior happen.

if private window doesnt work try enabling proxy support under settings>network

also check your swag access/error log to see if theres anything useful

No luck. Access log shows just a normal request, no error entries.

enabled the proxy support?

Doing that next.

is this cloudflare based?

Ah, yes, I neglected to mention that. This is using a CF front end.

with proxy on?

Sorry about that, I meant to include it in my initial post and forgot about that.

I just turned proxy on, going to try that as soon as it comes back up.

Seems like it takes about 5 minutes after a restart of the container, even though the log says it's listening.

thats odd.

The IP:port immediately responds, but the domain doesn't.

also with swag i recommend using the docker mods such linuxserver/mods:swag-auto-reload

that way you dont have to restart swag after every change

what repo are you using for seerr?

is it ghcr.io/seerr-team/seerr:develop

I have swag watching for conf changes and reloading automatically so it doesn't need a restart every time.

Using ⁨ghcr.io/hotio/seerr:latest⁩

I can switch if you think that's better for me.

hmm id try switching, this could be something on hotio image.

On it.

because im using the same setup with the config above and dont have this issue

Having some trouble getting it to come back up. Looks like hotio uses /config and the seerr container uses /app/config. Working on it.

yeah just need to change the container path

Same behavior. Works great on ip:port, never gets off login screen on rp subdomain.

After doing the plex login, the plex login button text changes though.

Do you see anything in your browser dev console when connecting ?

Let me check that.

idk if this will help but make sure your ssl is set to strict on CF

I'll check that too.

did you make sure enable plex sign-in is enabled?

the above looks like the local sign in screen

also did you import the users?

Before I try to use Plex login, the bottom button says "Sign in with Plex", but after I do that it changes to what you see, where the text is "Seerr Seerr".

The users are all there.

Here is network console when connecting.

thats strange, plex login should redirect you to plex

try disabling local login

It did pop up a Plex login box. I clicked log in on that, and it brought me back to the login screen, as shown.

Initial login screen:

When I click Login with Plex, it pops up the box and I log in. It brings me back to this, but the text in the box changes to Seerr Seerr.

yeah its redirecting to the local login screen for some reason, did you disable local login?

I did, you can see that in the initial login screen before doing the plex login.

thats odd. is this a fresh install?

It is not a fresh install, I've been running it for at least a year. But I recently moved my setup over from a Windows box using nginx to an Unraid box using Swag.

Luckily most of my users had been logged in, so their watchlist adds still work for requests.

is pihole or anything on the network blocking requests?

No pihole, no adguard, nothing like that in play.

I recently added fail2ban to swag, but it was behaving this way prior to that.

above you said you changed it to a ip address. are you using a custom docker network? or host

I'm using a custom docker network, all media-related apps are in it (including swag and seerr).

this is tedious but try stopping your container and adding a second fresh one and see if it works. i suspect its something with your setup

All this stuff is connectable and good using container names.

and all other apps are working via swag?

I'll try a brand new seerr install and see if that does the trick. That might take a bit, I'll be back to report either way. Thank you again for all the help and suggestions.

Yep. I have a mix of subdomain and baseurl, and all work fine.

yeah thats the only thing i can think of. you dont have this enabled do you i dont think it would affect just logging in via rp tho

I'm a mod for the arrs, so I'm generally fairly knowledgeable about this stuff, which is why it's killing me that I can't make this work 🙂

i know you've helped me quite a bit on the arr side. thought i was gonna be able to return the favor 🙁

I have very little experience with Swag, which is what's confounding me. But I'll try a new install, it's likely something I messed up somewhere along the line and didn't notice until this.

shouldnt be to bad to throw another container up just for testing. but thats really the last thing i can think of tho im sure a dev would have more testing to try. sorry i couldnt get this resolved..

np. thank you. I'll be back either way to let you know if it worked or not. If it works, I'll just start fresh.

I had Seerr open in another window sitting at the login screen, and it worked. I'm entirely flummoxed now 🙂 But also not looking a gift horse in the mouth. I think that, eventually, the unchecking the local login option worked.

I'm now unable to connect it to Plex, but I'll figure that one out. ⁨{ "errorMessage": "EACCES: permission denied, rename '/app/config/settings.json.tmp' -> '/app/config/settings.json'" }⁩ but I don't have a settings.json.tmp file.

(I do have a settings.old.json file though)

Do you have a settings.json? If so I’d delete the others

I do, will do.

After see if that error is gone

Also try logging in via your phone or something else

Now it crashes on startup with ⁨{ "errorMessage": "EACCES: permission denied, rename '/app/config/settings.json.tmp' -> '/app/config/settings.json'" }⁩

Oops, wrong thing. Hang on.

⁨2026-02-08T22:17:16.227Z [info]: Commit Tag: dbee2fdf9f1a476e730b5bb000cc53d1875ee29b 2026-02-08T22:17:16.467Z [info]: Starting Seerr version develop-dbee2fdf9f1a476e730b5bb000cc53d1875ee29b 2026-02-08T22:17:16.723Z [error][Settings Migrator]: Something went wrong while running settings migrations: EACCES: permission denied, open '/app/config/settings.old.json' 2026-02-08T22:17:16.723Z [error][Settings Migrator]: A common cause for this issue is a permission error of your configuration folder. ⁩

Should I copy settings.json to settings.old.json?

What’s owner and permissions of the files?

99:100 (nobody:users), typical unraid stuff. That's also the pgid and puid running the container.

Nope doesn’t work with seerr

No? What should they be then?

Do you have these set in the template?

That was my holdover from hotio, where it works.

I do, but I can remove them and chown the app/config folder.

Seerr runs as root now

Got it, will fix that right now.

Sorry not root 🤦🏼‍♂️

so chown -R 1000:1000 /mnt/user/appdata/seerr

Tho if hotio supports user:nobody that is more inline with unraid.

That fixed the Plex issue, and I can log in now, so I think that all fixed me up.

Nice! The errors gone for settings.json?

Looks like it, yes.

Good deal glad we got it sorted