Jump to content

Nginx limit download speed


Guest plexman

Recommended Posts

Guest plexman

Emby has the amazing feature to allow users to download content. This is pretty cool but when an user downloads content it uses all available bandwith of your server. Adding this location block in your nginx config will limit the speed of the download and the number of simultaneous downloads per IP address.

# Add this outside of you server block
limit_conn_zone $binary_remote_addr zone=addr:10m;

# Bandwith limit (inside server block)
location ~ /emby/Items/(.*)/Download$ {
       # Send traffic to the backend
       proxy_pass http://localhost:8096;
       proxy_set_header Range $http_range;
       proxy_set_header If-Range $http_if_range;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

       # Send websocket data to the backend aswell
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";

       limit_rate 1700k; # Speed limit (here is on kb/s)
       limit_conn addr 3; # Number of simultaneous downloads per IP
       limit_conn_status 460;
       proxy_buffering on;
}

# Error page
error_page 460 http://your-page-telling-your-limit/;

So in this case 3 parallel downloads at 1,7 Mb/s (note that Nginx takes speed values, not bandwith) are allowed, the "460 error" (you can specify whatever error number you want) redirects the user to a custom page when he tries to download the 4th item. In my case I have a webpage telling something like "Ops... You are downloading too much... Wait until your current downloads are completed"

 

Hope it helps somebody!

 

References:

https://emby.media/community/index.php?/topic/47508-how-to-nginx-reverse-proxy/

https://www.nginx.com/blog/rate-limiting-nginx/

Edited by plexman
Link to comment
Share on other sites

  • 5 months later...
  • 7 months later...

Hi,

 

I'm following this community since almost one year. It's amazing and you can find many answers to almost every question.

But now I'm stuck.

 

Is this config still working with actual emby 4.1.0.26? i put it in my nginx, but does not seem to have any effect.

Thanks in advance

Link to comment
Share on other sites

  • 2 months later...
Justy

Hi @@plexman,

 

please see my configs below. I think I placed your code at the wrong places. Can you check/help?
FYI: I build my config by several post i.e. by Swynol's .

And I'm a newbie in nginx and linux.

My emby server is running on openmediavault 4; no docker;


nginx.conf

user www-data;
worker_processes 2;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;



events {
	worker_connections 1024;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

#timeout
    #proxy_connect_timeout 1h;
    #proxy_send_timeout 1h;
    #proxy_read_timeout 1h;
    #limit_conn_zone $binary_remote_addr zone=addr:10m;


	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}




sites-available

limit_conn_zone $binary_remote_addr zone=addr:10m;

server {
    
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate     /etc/ssl/certs/openmediavault.crt;
    ssl_certificate_key /etc/ssl/private/openmediavault.key;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    server_name emby.emby4ever.de;
    index index.html;
    access_log /var/log/nginx/1c5b4f27-66bb-4384-a5c0-access.log;
    error_log  /var/log/nginx/1c5b4f27-66bb-4384-a5c0-error.log;
    large_client_header_buffers 4 8k;
    server_tokens off;
    	
	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
	



location ^~ /swagger {   ## Disables access to swagger interface
        return 404;
}




location ~ /emby/Items/(.*)/Download$ {

proxy_pass http://192.168.178.24:8096; # Local emby ip and non SSL port
proxy_hide_header X-Powered-By;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


add_header 'Referrer-Policy' 'no-referrer';
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff"  always;
add_header X-Xss-Protection "1; mode=block" always;
add_header Content-Security-Policy "default-src 'none'; child-src 'self'; font-src 'self' data:; connect-src 'self' wss: ws: https://mb3admin.com https://github.com/MediaBrowser/; media-src 'self' blob: data: https://github.com/MediaBrowser/; manifest-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; worker-src 'self' blob:; script-src 'self' https://www.gstatic.com; img-src data: https: http: ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/css" always;



#Next three lines allow websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "";


limit_rate 1700k; # Speed limit (here is on kb/s)
limit_conn addr 3; # Number of simultaneous downloads per IP
limit_conn_status 460;
proxy_buffering on;

}

}

thanks in advance

 

Justy
 

Edited by Justy
Link to comment
Share on other sites

Guest plexman

I don't see any error in your config, what does the command "nginx -t" say?

 

The only thing I see, not relative to the download, limit is this line in websockets:

proxy_set_header Connection "";

Should it be?:

proxy_set_header Connection "upgrade";
Link to comment
Share on other sites

Justy

where did you find "nginx -t"?

Can't find it.

 

proxy_set_header Connection "";

I have it from here:

https://emby.media/community/index.php?/topic/48236-setting-up-emby-behind-a-reverse-proxy-nginx/

post #96

 

-------------------------

 

but I forgot something:
Shouldn' there be also a line like this

location / {
proxy_pass http://192.168.178.24:8096; # Local emby ip and non SSL port

before

location ~ /emby/Items/(.*)/Download$ {
 

or both locations???

Link to comment
Share on other sites

Justy

Ah, I checked it :

 

root@omv:~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
 

Edited by Justy
Link to comment
Share on other sites

Justy

Hi plexman,

I was thinking about the problem this evening. Maybe this is not correct for me:

location ~ /emby/Items/(.*)/Download$ {

nginx does not find anything here :unsure: ??

 

Link to comment
Share on other sites

  • 3 weeks later...

Hi @@plexman,

 

I figured it out!

I don't know why, but my path is

https://emby.mydomain.de/web/index.html#!/itemdetails.html?id=43802&serverId=xyz


it should be (If I add /emby/ between it already works)
 

https://emby.mydomain.de/emby/web/index.html#!/itemdetails.html?id=43802&serverId=xyz


So first option is to change/correct path here

location ~ /emby/Items/(.*)/Download$ {


or to correct

 

https://emby.mydomain.de/web/index.html#!/itemdetails.html?id=43802&serverId=xyz


But how can I achieve this? Can you help? why is the /emby missing???

Thanks in advance

 

justy

Edited by Justy
Link to comment
Share on other sites

  • 2 weeks later...

Hi,

 

so I finally got it. Just for information for everyone:

location  ~ /Items/(.*)/Download$ {


proxy_pass http://192.168.178.24:8096; # Local emby ip and non SSL port

proxy_hide_header X-Powered-By;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;


#Next three lines allow websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";



limit_rate 2500k; 			# Speed limit (here is on kb/s)
limit_conn addr 1;			# Number of simultaneous downloads per IP
limit_conn_status 460;                  # custom error page
proxy_buffering on;

}

error_page 460 /460.html;               # for a custom local hosted error page (named 460.html)
        location = /460.html {
          root /var/www/html;           # path to the local error page
           internal;
       }

and in  http {

 

limit_conn_zone $binary_remote_addr zone=addr:10m;

just one question for the pro's:

What do I have to change, because the error page does not show up after clicking for second download at once. it shows instead file not available 404. After a refresh it shows the custom error page?

 

Edited by Justy
Link to comment
Share on other sites

  • 1 year later...
  • 3 weeks later...
On 7/12/2021 at 3:59 PM, Alexwerilles said:

It doesn't seem to work anymore

Hi there, what exactly is the issue?

Link to comment
Share on other sites

  • 9 months later...
iBoss

This is amazing and working perfectly but only with emby web browser. how can I make it work with apps like emby iOS

Thanks

Link to comment
Share on other sites

1 hour ago, iBoss said:

This is amazing and working perfectly but only with emby web browser. how can I make it work with apps like emby iOS

Thanks

Hi there, can you please describe your issue in more detail? Thanks.

Link to comment
Share on other sites

iBoss

@Luke

 

When I add the nginx config that posted by "Guest plexman" or "Justy", it works and limit the IPs and the speed of the download .. but this only works when I use emby on the browser (like Chrome) ... but if I download the content from the emby app (like emby on iOS), it will use the full speed of internet without any limitation.

Thanks

Link to comment
Share on other sites

23 minutes ago, iBoss said:

@Luke

 

When I add the nginx config that posted by "Guest plexman" or "Justy", it works and limit the IPs and the speed of the download .. but this only works when I use emby on the browser (like Chrome) ... but if I download the content from the emby app (like emby on iOS), it will use the full speed of internet without any limitation.

Thanks

Yea looks like he only designed it for the manual one-off downloads in the web app.

Link to comment
Share on other sites

iBoss

@Luke

Thats why I'm asking if there is anyway to make it works with mobile app as well?

when I download manually from the web app it use: https://{my_emby_website}/emby/Items/{some_number}/Download?{api}

so we are using this location

~ /emby/Items/(.*)/Download$

So I think we need to change it to the url download link that is used in mobile app

Please anyone can help here?

Thanks

Link to comment
Share on other sites

iBoss

@Luke

please, can you provide the the format of the url download link for mobile app?

 

Thanks

Edited by iBoss
Link to comment
Share on other sites

5 hours ago, iBoss said:

@Luke

please, can you provide the the format of the url download link for mobile app?

 

Thanks

Try /Sync/JobItems/{Id}/File

  • Thanks 1
Link to comment
Share on other sites

  • 2 months later...
iBoss

please I need your support for two issues:

 

1)

I have already limit the download speed for both Desktop and mobile ... but this module:

limit_rate 2m;
limit_conn addr 3;

will limit the speed to 2MB per connection for one IP; so if there another connection for the same IP the speed of download will become 4MB.

how I can keep the number of limit connection 3 with the bandwidth of 2MB:

first connection: 2MB

second connection: still 2MB ... divide the speed with two download

I hope the first issue is clear 

--------------------------

 

2)

I want to exclude my IP from the limitation:

I have tried this but does not wotk with me

http{

	geo $whitelist {
         default 0;
         xxx.xxx.xxx.xxx 1; #my IP
	}

	map $whitelist $limit {
		0 $binary_remote_addr;
		1 "";
    }

	limit_conn_zone $limit zone=addr:10m;
}

---------

 

please any one can help? @pir8radio

Thank

Link to comment
Share on other sites

  • 2 months later...
Alexwerilles
On 7/30/2022 at 7:22 AM, iBoss said:

please I need your support for two issues:

 

1)

I have already limit the download speed for both Desktop and mobile ... but this module:

limit_rate 2m;
limit_conn addr 3;

will limit the speed to 2MB per connection for one IP; so if there another connection for the same IP the speed of download will become 4MB.

how I can keep the number of limit connection 3 with the bandwidth of 2MB:

first connection: 2MB

second connection: still 2MB ... divide the speed with two download

I hope the first issue is clear 

--------------------------

 

2)

I want to exclude my IP from the limitation:

I have tried this but does not wotk with me

http{

	geo $whitelist {
         default 0;
         xxx.xxx.xxx.xxx 1; #my IP
	}

	map $whitelist $limit {
		0 $binary_remote_addr;
		1 "";
    }

	limit_conn_zone $limit zone=addr:10m;
}

---------

 

please any one can help? @pir8radio

Thank

Can you share your nginx configuration privately? Until today I could never get this to work on my server

Link to comment
Share on other sites

On 10/20/2022 at 10:32 PM, Alexwerilles said:

Can you share your nginx configuration privately? Until today I could never get this to work on my server

I believe the guys here more experience than me in Nginx... and pasting my configuration will not help because it is exactly same as the first post.

I'll help you but first what are you using, Nginx (Docker or not) or Nginx Proxy Manager?

also please paste your configuration.

Thanks 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...