jon_ 23 Posted February 2, 2019 Share Posted February 2, 2019 (edited) Hi ( @@pir8radio ) I'm having some issues getting sync working via reverse proxy - everything else works fine, I can stream content with no issues, but sync results in a 'Download Unsuccessful' error on the client (which is android BTW - 3.0.33, which doesn't appear to generate any log files). I've tried via apache reverse proxy, and nginx with the same issue. Setup is fairly basic, nginx running in reverse proxy mode with letsencrypt certs. nginx proxy config (copied from somewhere on here): ##EMBY Server## server { listen [::]:47699 ssl; listen 47699 ssl; server_name <servername>; ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate /etc/letsencrypt/live/servername/cert.pem ; ssl_certificate_key /etc/letsencrypt/live/servername/privkey.pem; ssl_session_cache shared:SSL:10m; add_header X-Xss-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always; add_header X-Frame-Options "SAMEORIGIN" always; proxy_hide_header X-Powered-By; add_header 'Referrer-Policy' 'no-referrer'; add_header Content-Security-Policy "frame-ancestors <servername>;"; location / { proxy_pass http://<server IP>:8096; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Next three lines allow websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } Looking at the emby logs, nothing appears amiss - no 404 errors etc: 019-02-02 11:34:56.114 Info HttpServer: HTTP GET http://<servername>:8096/emby/DisplayPreferences/usersettings?userId=17499719474942f4b1b6f1afd058edea&client=emby. UserAgent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930F Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/72.0.3626.76 Mobile Safari/537.36 2019-02-02 11:34:56.116 Info HttpServer: HTTP Response 200 to <client IP>. Time: 1ms. http://<servername>:8096/emby/DisplayPreferences/usersettings?userId=17499719474942f4b1b6f1afd058edea&client=emby 2019-02-02 11:34:57.414 Info HttpServer: HTTP GET http://<servername>:8096/emby/Sync/Items/Ready?TargetId=e8eb333805ca3f37. UserAgent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930F Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/72.0.3626.76 Mobile Safari/537.36 2019-02-02 11:34:57.423 Debug App: Returning 2 ready sync items for targetId e8eb333805ca3f37 2019-02-02 11:34:57.423 Info HttpServer: HTTP Response 200 to <client IP>. Time: 9ms. http://<servername>:8096/emby/Sync/Items/Ready?TargetId=e8eb333805ca3f37 2019-02-02 11:34:58.105 Info HttpServer: HTTP GET http://<servername>:8096/emby/Users/17499719474942f4b1b6f1afd058edea/Items/304511. UserAgent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930F Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/72.0.3626.76 Mobile Safari/537.36 2019-02-02 11:34:58.111 Info HttpServer: HTTP Response 200 to <client IP>. Time: 6ms. http://<servername>:8096/emby/Users/17499719474942f4b1b6f1afd058edea/Items/304511 2019-02-02 11:34:58.794 Info HttpServer: HTTP POST http://<servername>:8096/emby/Sync/Data. UserAgent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930F Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/72.0.3626.76 Mobile Safari/537.36 2019-02-02 11:34:58.804 Info HttpServer: HTTP Response 200 to <client IP>. Time: 10ms. http://<servername>:8096/emby/Sync/Data 2019-02-02 11:35:01.394 Info HttpServer: HTTP GET http://<servername>:8096/emby/system/info/public. UserAgent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930F Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/72.0.3626.76 Mobile Safari/537.36 2019-02-02 11:35:01.395 Info HttpServer: HTTP Response 200 to <client IP>. Time: 1ms. http://<servername>:8096/emby/system/info/public 2019-02-02 11:35:01.515 Info HttpServer: HTTP GET http://<servername>:8096/emby/web/manifest.json. UserAgent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930F Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/72.0.3626.76 Mobile Safari/537.36 2019-02-02 11:35:01.516 Debug HttpResultFactory: Transmit file /opt/emby-server/system/dashboard-ui/manifest.json 2019-02-02 11:35:01.516 Info HttpServer: HTTP Response 200 to <client IP>. Time: 1ms. http://<servername>:8096/emby/web/manifest.json 2019-02-02 11:35:01.614 Info HttpServer: HTTP GET http://<servername>:8096/emby/web/strings/en-US.json. UserAgent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930F Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/72.0.3626.76 Mobile Safari/537.36 2019-02-02 11:35:01.615 Debug HttpResultFactory: Transmit file /opt/emby-server/system/dashboard-ui/strings/en-US.json 2019-02-02 11:35:01.615 Info HttpServer: HTTP Response 200 to <client IP>. Time: 1ms. http://<servername>:8096/emby/web/strings/en-US.json 2019-02-02 11:35:01.854 Info HttpServer: HTTP GET http://<servername>:8096/emby/System/Info. UserAgent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930F Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/72.0.3626.76 Mobile Safari/537.36 2019-02-02 11:35:01.856 Info HttpServer: HTTP Response 200 to <client IP>. Time: 1ms. http://<servername>:8096/emby/System/Info 2019-02-02 11:35:01.995 Info HttpServer: HTTP GET http://<servername>:8096/emby/DisplayPreferences/usersettings?userId=17499719474942f4b1b6f1afd058edea&client=emby. UserAgent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930F Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/72.0.3626.76 Mobile Safari/537.36 2019-02-02 11:35:01.996 Info HttpServer: HTTP Response 200 to <client IP>. Time: 1ms. http://<servername>:8096/emby/DisplayPreferences/usersettings?userId=17499719474942f4b1b6f1afd058edea&client=emby 2019-02-02 11:35:02.724 Info HttpServer: HTTP GET http://<servername>:8096/emby/Sync/Items/Ready?TargetId=e8eb333805ca3f37. UserAgent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930F Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/72.0.3626.76 Mobile Safari/537.36 2019-02-02 11:35:02.733 Debug App: Returning 2 ready sync items for targetId e8eb333805ca3f37 2019-02-02 11:35:02.734 Info HttpServer: HTTP Response 200 to <client IP>. Time: 10ms. http://<servername>:8096/emby/Sync/Items/Ready?TargetId=e8eb333805ca3f37 2019-02-02 11:35:03.094 Info HttpServer: HTTP GET http://<servername>:8096/emby/Users/17499719474942f4b1b6f1afd058edea/Items/304511. UserAgent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930F Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/72.0.3626.76 Mobile Safari/537.36 2019-02-02 11:35:03.100 Info HttpServer: HTTP Response 200 to <client IP>. Time: 6ms. http://<servername>:8096/emby/Users/17499719474942f4b1b6f1afd058edea/Items/304511 The nginx logs don't show anything amiss either. Any suggestions? Edited February 2, 2019 by jon_ Link to comment Share on other sites More sharing options...
Luke 37487 Posted February 3, 2019 Share Posted February 3, 2019 Perhaps the proxy is not preserving all response headers, or is configured in some way that is affecting support for range requests? Link to comment Share on other sites More sharing options...
jon_ 23 Posted February 4, 2019 Author Share Posted February 4, 2019 Not sure - it seems to be the same setup that everyone else uses, and it does exactly the same via apache or nginx. It's weird that streaming works with no issues, but sync fails immediately... Link to comment Share on other sites More sharing options...
pir8radio 1294 Posted February 4, 2019 Share Posted February 4, 2019 Not sure - it seems to be the same setup that everyone else uses, and it does exactly the same via apache or nginx. It's weird that streaming works with no issues, but sync fails immediately... What settings do you have set in emby for domain name and ports? Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
jon_ 23 Posted February 4, 2019 Author Share Posted February 4, 2019 (edited) Public HTTPS port in emby is set as 47699 (same as nginx external HTTPS port). External domain is set to the publicly resolvable hostname for the nginx server. Secure connection mode is set to handled by reverse proxy. Everything else (streaming, web UI, config etc) works perfectly, apart from syncing HTTP isn't currently proxied - I've tried temporarily enabling it but nothing changes... If I bypass nginx and port forward to the HTTPS port on emby direct then sync jumps into life... Edited February 4, 2019 by jon_ Link to comment Share on other sites More sharing options...
Luke 37487 Posted February 4, 2019 Share Posted February 4, 2019 What kind of SSL cert? Link to comment Share on other sites More sharing options...
jon_ 23 Posted February 4, 2019 Author Share Posted February 4, 2019 (edited) Letsencrypt. The browser (either on laptop or android) doesn't prompt me to accept anything when I browse to the web console, so the cert chain should be good. The emby android app prompted me on the first connection (?) to verify that the cert was as expected, but doesn't prompt since. Other android apps connect to other services secured with the same certificate so I think it's trusted by the underlying OS. When connecting to emby on https directly (ie. not a proxied connection) it's using the same cert but converted to .pfx with openssl and sync then works... Edited February 4, 2019 by jon_ Link to comment Share on other sites More sharing options...
Luke 37487 Posted February 5, 2019 Share Posted February 5, 2019 Great glad you got it working ! Link to comment Share on other sites More sharing options...
pir8radio 1294 Posted February 5, 2019 Share Posted February 5, 2019 Letsencrypt. The browser (either on laptop or android) doesn't prompt me to accept anything when I browse to the web console, so the cert chain should be good. The emby android app prompted me on the first connection (?) to verify that the cert was as expected, but doesn't prompt since. Other android apps connect to other services secured with the same certificate so I think it's trusted by the underlying OS. When connecting to emby on https directly (ie. not a proxied connection) it's using the same cert but converted to .pfx with openssl and sync then works... Great glad you got it working ! So.... Did you get it working? Sounds like no, unless you bypass the proxy? Link to comment Share on other sites More sharing options...
Luke 37487 Posted February 5, 2019 Share Posted February 5, 2019 Sorry, my mistake. I misread. Link to comment Share on other sites More sharing options...
jon_ 23 Posted February 5, 2019 Author Share Posted February 5, 2019 Nope - still not working via the proxy. Has anyone else got sync working via apache / nginx? There was another problem reported a while back where streaming worked but sync didn't, but it doesn't look like it was ever resolved... Link to comment Share on other sites More sharing options...
pir8radio 1294 Posted February 5, 2019 Share Posted February 5, 2019 Nope - still not working via the proxy. Has anyone else got sync working via apache / nginx? There was another problem reported a while back where streaming worked but sync didn't, but it doesn't look like it was ever resolved... works for me.. any specifics i can test? Link to comment Share on other sites More sharing options...
jon_ 23 Posted February 5, 2019 Author Share Posted February 5, 2019 Which clients are you using? There's nothing massively different between my config and anyone elses, I'm wondering if it's an android issue.. Link to comment Share on other sites More sharing options...
pir8radio 1294 Posted February 6, 2019 Share Posted February 6, 2019 (edited) apple devices... you are more than welcome to test it on my guest account.. let me know when you are done, so I can turn off sync/download.. <removed> Edited February 6, 2019 by pir8radio Link to comment Share on other sites More sharing options...
pir8radio 1294 Posted February 6, 2019 Share Posted February 6, 2019 (edited) So for others, he tested and it worked on my server... @@jon_ for your reference here is what my config looks like: https://emby.media/community/index.php?/topic/48236-setting-up-emby-behind-a-reverse-proxy-nginx/?p=457670 Guessing its either the timeouts, or tcp nodelay in the http {} section Edited February 6, 2019 by pir8radio Link to comment Share on other sites More sharing options...
jon_ 23 Posted February 6, 2019 Author Share Posted February 6, 2019 (edited) I've basically duplicated your config (although I'm running on linux, so it's slightly different as theres 2 config files).. and..... It's still not working - downloads immediately fail Edited February 6, 2019 by jon_ Link to comment Share on other sites More sharing options...
pir8radio 1294 Posted February 6, 2019 Share Posted February 6, 2019 I've basically duplicated your config (although I'm running on linux, so it's slightly different as theres 2 config files).. and..... It's still not working - downloads immediately fail can you create a temp account and pm me the info? Link to comment Share on other sites More sharing options...
jon_ 23 Posted February 6, 2019 Author Share Posted February 6, 2019 PM'd. Have also tried syncing against a windows server not linux, just to see if anything changed. It didn't Also updated nginx to mainline from stable... Link to comment Share on other sites More sharing options...
Luke 37487 Posted February 6, 2019 Share Posted February 6, 2019 When you initially installed the android app, did you have to confirm a dialog box to accept your SSL cert? Link to comment Share on other sites More sharing options...
pir8radio 1294 Posted February 6, 2019 Share Posted February 6, 2019 When you initially installed the android app, did you have to confirm a dialog box to accept your SSL cert? That’s a good point I have a legit cert on my server. Widely accepted. Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Luke 37487 Posted February 6, 2019 Share Posted February 6, 2019 I'm guessing he's going to answer yes, and this is the problem. I think there are network requests made by the sync process that don't incorporate that override. So as a result, the server certificate ends up getting rejected. Link to comment Share on other sites More sharing options...
jon_ 23 Posted February 6, 2019 Author Share Posted February 6, 2019 When you initially installed the android app, did you have to confirm a dialog box to accept your SSL cert? In the app, yes, on the first connection. Chrome / other android apps accept the cert without prompting though.. It's a valid letsencrypt cert so should be widely trusted... Link to comment Share on other sites More sharing options...
jon_ 23 Posted February 6, 2019 Author Share Posted February 6, 2019 I'm guessing he's going to answer yes, and this is the problem. I think there are network requests made by the sync process that don't incorporate that override. So as a result, the server certificate ends up getting rejected. I did wonder if that was the case, but if so why if I convert the cert to a .pfx and import to emby, connect directly does sync work? Link to comment Share on other sites More sharing options...
Luke 37487 Posted February 6, 2019 Share Posted February 6, 2019 But it's not trusted by your device out of the box, otherwise you would have never seen that prompt. Link to comment Share on other sites More sharing options...
Luke 37487 Posted February 6, 2019 Share Posted February 6, 2019 I did wonder if that was the case, but if so why if I convert the cert to a .pfx and import to emby, connect directly does sync work? I'm not sure I can answer that for you as with the proxy, SSL is not handled by Emby. But clearly something is causing it to be presented differently. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now