Jump to content

Emby behind ngnix reverse proxy?


chudak

Recommended Posts

Hello all

 

I setup emby behind ngnix reverse proxy by adding to  /etc/nginx/sites-enabled/default:

 

 

        ## Emby ##

        location /emby {

             rewrite /emby/(.*) /$1 break;

             proxy_pass http://127.0.0.1:8096;

             proxy_redirect off;

             proxy_set_header Host $host;

             proxy_set_header X-Real-IP $remote_addr;

             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

             #auth_basic "Restricted";

             #auth_basic_user_file "/etc/nginx/.htpasswd";

        }

     }

 

 

Now I can open Emby by hitting URL as - <hostname>/emby

 

Wonder if I want to modify URL somehow say emby.<hostname> how do so ?

 

Thx
Edited by chudak
Link to comment
Share on other sites


## Emby ##
server {
listen 80;
server_name emby.(domain_here);

location / {
proxy_pass http://127.0.0.1:8096;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#auth_basic "Restricted";
#auth_basic_user_file "/etc/nginx/.htpasswd";
}
}
  • Like 1
Link to comment
Share on other sites

## Emby ##
server {
   listen 80;
   server_name emby.(domain_here);
   
        location / {
             proxy_pass http://127.0.0.1:8096;
             proxy_redirect off;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             #auth_basic "Restricted";
             #auth_basic_user_file "/etc/nginx/.htpasswd";
        }
     }

 

 

Thanks

 

Something I am still missing

If I have several servers in /etc/nginx/sites-enabled/default should I have separate clauses ?

E.g.:

 

## Emby ##

server {

listen 80;

server_name emby.(domain_here);

 

location / {

proxy_pass http://127.0.0.1:8096;

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#auth_basic "Restricted";

#auth_basic_user_file "/etc/nginx/.htpasswd";

}

}

 

 

## Sonarr ##

server {

listen 80;

server_name sonarr.(domain_here);

 

location / {

proxy_pass http://127.0.0.1:9191;

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#auth_basic "Restricted";

#auth_basic_user_file "/etc/nginx/.htpasswd";

}

}

 

etc?

Edited by chudak
Link to comment
Share on other sites

Exactly. Each subdomain (emby.domain, sonarr.domain, ... ) needs it's own server block. (server{})

 

@Cedeh

 

Still no love :(

# SONARR
#
server {
listen 80 default_server;
listen [::]:80 default_server;
 
root /var/www/html;
 
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
 
server_name sonarr.wawona.lan;
 
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
 
 
        ## Sonarr ##
        location /sonarr {
             proxy_pass http://127.0.0.1:8989;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}
 
# EMBY
#
server {
listen 80 default_server;
listen [::]:80 default_server;
 
root /var/www/html;
 
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
 
server_name emby.wawona.lan;
 
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
 
        location /emby {
             rewrite /emby/(.*) /$1 break;
             proxy_pass http://127.0.0.1:8096;
             proxy_redirect off;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             #auth_basic "Restricted";
             #auth_basic_user_file "/etc/nginx/.htpasswd";
        }
}
Link to comment
Share on other sites


# SONARR #
server {
listen 80;
listen [::]:80;
server_name sonarr.wawona.lan;

location /{
  proxy_pass http://127.0.0.1:8989;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}


# EMBY #
server {
listen 80;
listen [::]:80;

server_name emby.wawona.lan;
  location /{
proxy_pass http://127.0.0.1:8096;
proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #auth_basic "Restricted";
    #auth_basic_user_file "/etc/nginx/.htpasswd";
  }
}
Link to comment
Share on other sites

# SONARR #
server {
  listen 80;
  listen [::]:80;
  server_name sonarr.wawona.lan;

  location /{
    proxy_pass http://127.0.0.1:8989;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}


# EMBY #
server {
  listen 80;
  listen [::]:80;

  server_name emby.wawona.lan;
  location /{
    proxy_pass http://127.0.0.1:8096;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #auth_basic "Restricted";
    #auth_basic_user_file "/etc/nginx/.htpasswd";
  }
}

 

 

Are you sure this is correct?

Don't we need to listen on port 80 and have multiple locations ?

 

If you agree with that then back to square root 

 

This is works https://pastebin.com/30kA1qQs if request looks like:

<domain>/emby

<domain>/sabnzbn

<domain>/sonarr

 

But any try to overwrite final URL are failing 

 

WTH ?

Link to comment
Share on other sites

pir8radio

Are you sure this is correct?

Don't we need to listen on port 80 and have multiple locations ?

 

If you agree with that then back to square root 

 

This is works https://pastebin.com/30kA1qQs if request looks like:

<domain>/emby

<domain>/sabnzbn

<domain>/sonarr

 

But any try to overwrite final URL are failing 

 

WTH ?

 

 

yes that is correct, you listen on port 80 multiple times.    Remove the default server section when you try that config though... or at least comment it out. 

 

the default server is whats messing with you...

 

also you are not posting your whole config...  i think you have another config somewhere that has an "include" to include the config you have posted...   the other config should have an http {} section...   attached is a basic emby config for nginx, i commented out the https stuff.  you can give it a try. then we can work on adding sonar and what not.      I have a feeling you are using that hokey version of nginx someone tried to "make easy" that has a different config for each site in a sites folder.   its horrible...  you should only need one config on a small system.

nginx config EXAMPLE.txt

Edited by pir8radio
Link to comment
Share on other sites

SkyBehind

Hate to ask such a simple question, but did you configure DNS to point each subdomain to the correct IP address?  You can also use a wildcard so that every subdomain goes to the IP of the domain and the reverse proxy will direct it to the correct place.

Link to comment
Share on other sites

First Question...
Did you have have any 301 redirects in your file previously whereby your emby.<yourdomain> was redirected to <yourdomain>/emby ?

I've had this problem.

To validate this, open a private browsing session in your browser (or a competely different browser), and try accessing your site again.
If it works the way you intend, then it means you have cached DNS records and you'll need to clear those before trying again.

If this still doesn't resolve the issue .. let me know... and I'll share my configurations (as I've done very much the same as you .... multiple subdomains ... one for each app I want to expose).

Link to comment
Share on other sites

I finally made it work ! (did I need it or not? that's another question  :D )

 

Here is the summary for the group benefits,

 

I had several issues - mostly nginx skill ignorance , and DNS resolution that I realized 5 min before reading @@SkyBehind 's reply was on the list (embarrassing :ph34r:)

 

So at the end:

 

- created separate files in /etc/nginx/sites-enabled for every services, e.g. "emby<domain>", "sonarr<domain>", "sabnzbd<domain>"

 

server {
    listen         80;
    server_name    emby.<domain>;
 
    location /emby {
         rewrite /emby/(.*) /$1 break;
         proxy_pass http://127.0.0.1:8096;
         proxy_redirect off;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         #auth_basic "Restricted";
         #auth_basic_user_file "/etc/nginx/.htpasswd";
    }
    access_log /var/log/nginx/emby;
}

=========

server {
    listen         80;
    server_name    sonarr.<domain>;
 
    location / {
        proxy_pass        http://127.0.0.1:8989;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_redirect off;
        proxy_buffering off;
    }
    access_log /var/log/nginx/sonarr;

=========

server {
    listen         80;
    server_name    sabnzbd.<domain>;
 
    location /sabnzbd {
         proxy_redirect off;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_pass http://localhost:9090;
    }
    access_log /var/log/nginx/sabnzbd;
}

=========

 

-- make sure to resolve all names for "emby<domain>", "sonarr<domain>", "sabnzbd<domain>" via DNS, in my case I used pfSense router, added Host Overrides in DNS Resolver

 

And after restating ngnix it works (`sudo service nginx restart` or `sudo nginx -s reload`)!

 

Services can be accessed by URLs like 

 

http://emby.<domain>/emby

 

I still don't know how to make it work without typing /emby at the end ?

 

Thank you all for helping !

Edited by chudak
Link to comment
Share on other sites

Looks like our configurations are very similar ... but mine doesn't require the /emby at the end...
Only real difference is that externally, my reverse proxy will only present emby over HTTPS (on 443) and not over HTTP (on port 80)
The Reverse Proxy is handling the certificates (as noted below) and it works with the various phone/ipad apps both inside and outside my network, as well as browsers, both inside and outside my network.

My next step is to tighten up the SSL to remove/disable TLS protocols that are considered weak (disable TLS1.0 and TLS1.1 and enable TLS 1.3)


In any case, for comparison:

server {

    listen 443 http2 ssl;
    listen [::]:443 http2 ssl;
    server_name emby.<domain>;
    ssl_certificate <removed to protect the innocent>;
    ssl_certificate_key <removed to protect the innocent>;
    ssl_dhparam <removed to protect the innocent>;




    ########################################################################
    # from https://cipherli.st/                                            #
    # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html #
    ########################################################################


    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;
    # Disable preloading HSTS for now.  You can use the commented out header line that includes
    # the "preload" directive if you understand the implications.
    #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;


    ##################################
    # END https://cipherli.st/ BLOCK #
    ##################################


    location / {
        access_log /var/log/nginx/emby.access.log;
                error_log  /var/log/nginx/emby.error.log;


        proxy_pass http://<internal_host>:8096/ ;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-FOrwarded-Proto http;
        proxy_redirect off;
    }


}
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...