Jump to content

Search the Community

Showing results for tags 'Proxy'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • General
    • Announcements
    • Emby Premiere Purchase/Subscription Support
    • Feature Requests
    • Tutorials and Guides
  • Emby Server
    • General/Windows
    • Android Server
    • Asustor
    • FreeBSD
    • Linux
    • NetGear ReadyNAS
    • MacOS
    • QNAP
    • Synology
    • TerraMaster NAS
    • Thecus
    • Western Digital
    • DLNA
    • Live TV
  • Emby Apps
    • Amazon Alexa
    • Android Mobile
    • Android TV / Fire TV
    • Emby Theater
    • iOS
    • Apple TV
    • Kodi
    • Raspberry Pi
    • Roku
    • Samsung Smart TV
    • Sony PlayStation
    • LG Smart TV
    • Web App
    • Windows Media Center
    • Plugins
  • Language-specific support
    • Arabic
    • Dutch
    • French
    • German
    • Italian
    • Portuguese
    • Russian
    • Spanish
    • Swedish
  • Community Contributions
    • Ember for Emby
    • Fan Art & Videos
    • Tools and Utilities
    • Web App CSS
  • Other
    • Non-Emby General Discussion
    • Developer API
    • Hardware
    • Media Clubs
    • Legacy Support


  • Emby Blog


  • Community Calendar

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 23 results

  1. NGINX and emby Config Version 1.0.2 Last Update 9-23-2021 Update by Pir8Radio Why Use NGINX reverse proxy ahead of my application servers like emby? With NGINX or any reverse proxy ahead of an application server you have more control over your setup. You can do things the application servers were not built to handle, have better control over your security and logging, replace lines of code without editing the application server code, better control of caching, etc, etc.... One of the main reasons is so that you don't have to open a new port on your firewall for every application server you host, all you really need to open is 80 & 443 and the internet can reach all of your different servers through one entrance. Will NGINX work on my OS? Most likely, you can find various versions of NGINX for most OS's and they come in different flavors, with options baked in, or just the bare NGINX that you need to compile. See below for download links to get you started. Will NGINX break things on emby? Absolutely if you don't configure it correctly! I HIGHLY suggest when choosing a scheme to setup your domain URL you choose SUB-DOMAIN and NOT sub-directory, more below. Also if you come to the emby forum with things not working, or issues you have and you use a Reverse Proxy, PLEASE make sure that is one of the first things you mention in your forum post. ESPECIALLY if emby works on one platform or client, but not another. So many times people complain "but it works on chrome, so I didn't think it was the reverse proxy". Mention you have a Reverse Proxy please. If the reverse proxy is setup correctly it should be totally transparent to the user and the application server (emby). I'm not going to go into how to purchase and setup a domain name. Lots of how-to's on that out there. Once you have a domain name and its pointed to your IP address, you can go to that domain name and hit your server then continue on.... Sub-Domain vs Sub-Directory: Lets say your domain name is: domain.com there are two main ways you can direct traffic from the internet to your backend application servers like emby. One is sub-directory, something like domain.com/emby or domain.com/other-server This is doable in nginx, but there are some catches and you need to know how your reverse proxy and application server work in detail.. This often breaks different features in emby and other application servers.. To keep with our "Totally Transparent" goal sub-directory doesn't work well, it requires a lot of rewriting and work-arounds to make it work smoothly, if you choose sub-directory you will run into issues you will need to address. The other option is Sub-Domain, this is the cleanest, most transparent, easiest to setup and maintain, it's also what I highly suggest you setup. A sub-domain looks like: emby.domain.com or other-server.domain.com The below config is based on Sub-Domain I will include a sub-directory example as well. NGINX Downloads: Official nginx downloads(LINUX): nginx.org Official nginx downloads(Windows): nginx.org WINDOWS users I suggest this version: nginx-win.ecsds.eu download links are at the bottom of the page. This Windows version has lots of cool features compiled into it already, and is optimized for windows. They keep up with updates, its a FREE (for non-commercial) third party build that I highly recommend. Additional Links: Content Security Policy info (CSP) (For Advanced Users): A CSP WILL break your server if you don't know what you are doing, I suggest reading up, lots of googleing, and understand what a CSP's function is and is not prior to venturing into this area Example NGINX Reverse Proxy Config: 3-29-2020 - ADDED A LINE FOR CLOUDFLARE USERS SO THAT THE X-REAL-IP HEADER IS CORRECTED. THIS ONLY EFFECTS Cloudflare USERS. 4-11-2020 (V1.0.1) - MOVED proxy_buffering off; FROM LOCATION BLOCK TO SERVER BLOCK 12-18-2020 (V1.0.2) - ADDED 301 SERVER SECTION TO FORCE ALL TRAFFIC TO SSL. 9-23-2021 no nginx config change, but cloudflare changed how they cache video files, so emby users that use Cloudflare now need to add a rule like below to make sure video is seekable and playable. ** The below "Page Rules" are only needed for Cloudflare CDN users, otherwise ignore. worker_processes auto; error_log logs/error.log; events { worker_connections 8192; } http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 64; server_tokens off; ## The below will create a separate log file for your emby server which includes ## userId's and other emby specific info, handy for external log viewers. ## Cloudflare users will want to swap $remote_addr in first line below to $http_CF_Connecting_IP ## to log the real client IP address log_format emby '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port "$http_x_emby_authorization"'; log_format default '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port'; sendfile off; ## Sendfile not used in a proxy environment. gzip on; ## Compresses the content to the client, speeds up client browsing. gzip_disable "msie6"; gzip_comp_level 6; gzip_min_length 1100; gzip_buffers 16 8k; gzip_proxied any; gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/rss+xml image/svg+xml; proxy_connect_timeout 1h; proxy_send_timeout 1h; proxy_read_timeout 1h; tcp_nodelay on; ## Sends data as fast as it can not buffering large chunks, saves about 200ms per request. ## The below will force all nginx traffic to SSL, make sure all other server blocks only listen on 443 server { listen 80 default_server; server_name _; return 301 https://$host$request_uri; } ## Start of actual server blocks server { listen [::]:443 ssl http2; ## Listens on port 443 IPv6 with http2 and ssl enabled listen 443 ssl http2; ## Listens on port 443 IPv4 with http2 and ssl enabled proxy_buffering off; ## Sends data as fast as it can not buffering large chunks. server_name emby.domainname.com; ## enter your service name and domain name here example emby.domainname.com access_log logs/emby.log emby; ## Creates a log file with this name and the log info above. ## SSL SETTINGS ## ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate ssl/pub.pem; ## Location of your public PEM file. ssl_certificate_key ssl/pvt.pem; ## Location of your private PEM file. ssl_session_cache shared:SSL:10m; location ^~ /swagger { ## Disables access to swagger interface return 404; } location / { proxy_pass; ## Enter the IP and port of the backend emby server here. proxy_hide_header X-Powered-By; ## Hides nginx server version from bad guys. proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested. proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested. proxy_set_header X-Real-IP $remote_addr; ## Passes the real client IP to the backend server. #proxy_set_header X-Real-IP $http_CF_Connecting_IP; ## if you use cloudflare un-comment this line and comment out above line. proxy_set_header Host $host; ## Passes the requested domain name to the backend server. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server. ## ADDITIONAL SECURITY SETTINGS ## ## Optional settings to improve security ## ## add these after you have completed your testing and ssl setup ## ## NOTICE: For the Strict-Transport-Security setting below, I would recommend ramping up to this value ## ## See https://hstspreload.org/ read through the "Deployment Recommendations" section first! ## add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header Strict-Transport-Security "max-age=15552000; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client. proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } } }
  2. MK.Persia

    Emby behind FORWARD http proxy

    Hi, I have a native installation of Emby on Ubuntu 18.04 server My problem is that the machine has no direct access to the Internet. Usually this problem can be solved by "export http_proxy=..." either in console or "/etc/environment". Unfortunately Emby doesn't use this environment variable and therefore I can't download any metadata or subtitles... I haven't found any setting nighter in GUI Dashboard or "/var/lib/emby/config/system.xml" (I think <IsBehindProxy>true</IsBehindProxy> means is behind reverse proxy) but I think the trick is changing "MONO_ENV" in "/etc/emby-server.conf". Can anybody help me with this please?
  3. Continuing with this topic, I want to share my current working Apache reverse proxy setup. Before Nginx users kill me, let me say that I prefer Apache because i'm used to it (I know Nginx is better in reverse proxy scenarios), I find it simpler, I have a Nextcloud server running in the same machine and here they recommend using Apache instead of Nginx, even if i'm not using it for an enterprise deployment. At the moment, i'm having 0 issues with any App (Web, TV, Android, iOs, etc.), the chrome console is clean without any error when connecting through the Web App. My apache is redirecting all traffic including the websocket traffic. I use my server with a CNAME of my domain, so that's why I don't locate it in "/emby" location, I do it in "/". This is my apache .conf file for Emby reverse proxy (located at /etc/apache2/sites-available): <IfModule mod_ssl.c> <VirtualHost *:80> ServerName cname.domain.com ServerAdmin youremail@address.com RewriteEngine on RewriteCond %{SERVER_NAME} =cname.domain.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] </VirtualHost> <VirtualHost *:443> ServerName cname.domain.com ServerAdmin youremail@address.com <proxy *> AddDefaultCharset off Order Allow,Deny Allow from all </proxy> ProxyRequests Off ProxyPreserveHost On ProxyPass "/embywebsocket" "ws://" ProxyPassReverse "/embywebsocket" "ws://" ProxyPass "/" "" ProxyPassReverse "/" "" SSLCertificateFile /etc/letsencrypt/live/cname.domain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/cname.domain.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule> As you can see I'm using Let's Encrypt certificates. As @@curtisghanson said here, I also have an "A" in Qualy SSL Labs: Well I was scared of the performance but It's true that the maximum concurrent users I have are around 5-20, it's little. This is the server usage when 7 users are connected playing content at the same time (all my content is Direct Played): And that's all, hope you liked it and find it useful! Any improvement to the Apache conf file is welcome. Edit: Forgot to say thanks to @@fc7 who was the man that did all this possible .
  4. crusher11

    NGINX - troubleshooting

    I just got a new router, which means my server has moved from local IP 10.0.x.x to 192.168.x.x. I added exactly the same port-forwarding rules to the new router that I had in the old router, changed the local IP address in the NGINX config, restarted NGINX and...it doesn't connect. The domain gets a CloudFlare 524 error. My IP address followed by ports 80, 443, 4343, 8920 and 7241 fails. My IP address followed by port 8096 succeeds. This doesn't make any sense. I have Emby's ports in the network config set to 4343 for secure and 7241 for non-secure. CanYouSeeMe.org can only see me on port 8096. NGINX isn't jumping in front of any of the attempts at direct-IP access, which from memory it's supposed to.
  5. Hi there, I've installed Emby server on my QNAP TS-231P2, it worked well. However, recently due to the internet blockage, when Emby tried to pull metadata from TMDB, it always got a time-out. So I'm thinking of using a proxy to solve the problem. Unfortunately, I didn't find any HTTP proxy settings in Emby control panel. Therefore I decided to install shadowsocks and privoxy to turn Socks5 proxy into a HTTP one. Too bad the privoxy rules just didn't work. Even after I added HTTP_proxy and HTTPS_proxy into the environment variables, and the command like curl or wget worked fine for api.themoviedb.org, the traffic from Emby seemed not to pass through the proxy and got time-out again. I wonder if there is any other means to solve the problem, either from a system level or software level. Also, I'd like to know if you are adding proxy settings in the future versions of Emby. Thanks for your help in advance. Any suggestions are welcome. A piece of log is attached to show the typical situation. 2020-04-20 19:58:13.506 Info HttpClient: GET https://api.themoviedb.org/3/movie/342588?api_key=f6bd687ffa63cd282b6ff2c6877f2669&append_to_response=casts,releases,images,keywords,trailers&language=zh-CN&include_image_language=zh-CN,zh,null,en 2020-04-20 19:58:33.521 Error HttpClient: Connection to https://api.themoviedb.org/3/movie/342588?api_key=f6bd687ffa63cd282b6ff2c6877f2669&append_to_response=casts,releases,images,keywords,trailers&language=zh-CN&include_image_language=zh-CN,zh,null,en timed out 2020-04-20 19:58:33.590 Error ProviderManager: Error searching *** Error Report *** Version: Command line: /share/CACHEDEV1_DATA/.qpkg/EmbyServer/system/EmbyServer.dll -programdata /share/CACHEDEV1_DATA/.qpkg/EmbyServer/programdata -ffdetect /share/CACHEDEV1_DATA/.qpkg/EmbyServer/bin/ffdetect -ffmpeg /share/CACHEDEV1_DATA/.qpkg/EmbyServer/bin/ffmpeg -ffprobe /share/CACHEDEV1_DATA/.qpkg/EmbyServer/bin/ffprobe -defaultdirectory /share/CACHEDEV1_DATA -updatepackage emby-server-qnap_{version}_arm-x41.qpkg -noautorunwebapp Operating system: Unix 64-Bit OS: False 64-Bit Process: False User Interactive: True Runtime: file:///share/CACHEDEV1_DATA/.qpkg/EmbyServer/system/System.Private.CoreLib.dll Processor count: 4 Program data path: /share/CACHEDEV1_DATA/.qpkg/EmbyServer/programdata Application directory: /share/CACHEDEV1_DATA/.qpkg/EmbyServer/system MediaBrowser.Model.Net.HttpException: MediaBrowser.Model.Net.HttpException: Connection to https://api.themoviedb.org/3/movie/342588?api_key=f6bd687ffa63cd282b6ff2c6877f2669&append_to_response=casts,releases,images,keywords,trailers&language=zh-CN&include_image_language=zh-CN,zh,null,en timed out ---> System.OperationCanceledException: The operation was canceled. at System.Net.Http.HttpClient.HandleFinishSendAsyncError(Exception e, CancellationTokenSource cts) at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod) --- End of inner exception stack trace --- at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod) at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsync(HttpRequestOptions options, String httpMethod) at MovieDb.MovieDbProvider.GetMovieDbResponse(HttpRequestOptions options) at MovieDb.MovieDbProvider.FetchMainResult(String id, Boolean isTmdbId, String language, String country, CancellationToken cancellationToken) at MovieDb.MovieDbProvider.DownloadMovieInfo(String id, String preferredMetadataLanguage, String preferredMetadataCountry, CancellationToken cancellationToken) at MovieDb.MovieDbProvider.GetMovieSearchResults(ItemLookupInfo searchInfo, CancellationToken cancellationToken) at MediaBrowser.Providers.Manager.ProviderManager.GetSearchResults[TLookupType](IRemoteSearchProvider`1 provider, TLookupType searchInfo, CancellationToken cancellationToken) at MediaBrowser.Providers.Manager.ProviderManager.GetRemoteSearchResults[TItemType,TLookupType](RemoteSearchQuery`1 searchInfo, BaseItem referenceItem, CancellationToken cancellationToken) Source: Emby.Server.Implementations TargetSite: Void MoveNext() InnerException: System.OperationCanceledException: The operation was canceled. Source: System.Net.Http TargetSite: Void HandleFinishSendAsyncError(System.Exception, System.Threading.CancellationTokenSource) at System.Net.Http.HttpClient.HandleFinishSendAsyncError(Exception e, CancellationTokenSource cts) at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
  6. centuryx476

    IIS Reverse Proxy

    Hello, I was able to successfully configure windows IIS as a reverse proxy using URL re-write and AAR. I also enabled SSL offloading so I can put my Let's Encrypt cert in IIS and manage it through there as well as control the level of SSL Ciphers that IIS can use. Emby comes up perfectly and works.. Right up until you click play on a movie. The playback seems to take forever to load, it eventually does but then another issue comes up. The CPU on the server jumps to 99% and it never stops. From what I can tell of the logs it is doing a Remux of the file and then playing it which is causing the CPU to run hot. I was playing "The Fifth Element" as a test and when I viewed the stats for nerds it states that the "media bitrate exceeds limit" which I find odd as the movies overall bitrate is just 12/Mb. As a test I then disabled the reverse proxy and used the built in emby way of encrypting the server. I passed the .pfx12 file and its password and changed the port to 443 and did another test with the same movie and it played perfectly. It loaded instantly and the CPU stayed at around 1% usage. Could it be the SSL offloading that is causing this ? Could it be IIS itself ? Is there specific things I need to change within IIS in order for this to work correctly ? Has anyone here been able to successfully get an IIS reverse proxy with SSL offloading to work with emby ? Let me know Thank You
  7. riothamus

    Apache Proxy Frontend for Emby

    I have had a few people ask me to explain how I set up my Apache server to forward to my Emby server. Here is a breakdown of how mine is set up should anyone else wish to try this. This is just my way of doing this (yeah, I know, Nginx exists but I have always been an Apache user). Note that I use RPM based distributions, and my frontend Apache server is running on Fedora Server Edition (so that I can have the http/2 goodness). My instructions will emphasize this type of Linux distribution, so you will need to read up on how your particular flavor of Linux handles Apache installations. First off, here is an overview of my network. Everyone's network is different, but this is what I have set up: edge firewall -> wireless ap/firewall -> apache server -> media server (where the media files are actually stored) On my firewalls, I only have ports 80 and 443 tcp opened up, and they forward to my Apache server. No other ports are exposed to the Internet. My Emby server is not configured with SSL. All SSL is terminated at my Apache server. This way, I can use one SSL certificate to encrypt any web services that I run on my network, without trying to get a certificate for each individual server installation. Anything that comes in on port 80 automatically gets forced over to port 443 (this is done by my Apache server itself). I am also using HTTP/2 which has helped with the various web services that my Apache frontend is exposing to the web. Also, all of my internal servers are running host-based firewalls. There is nothing wrong with security in depth here, and I have personally not heard a valid reason to not run a host-based firewall for your networking services. I use https://letsencrypt.org/ for my SSL certificate. It's free, and their tools are awesome. If you use their services, please donate to them as they are providing a valuable service to practically every community. I also have my own domain name set up and registered, with a dynamic IP from my ISP. There are a plethora of services that will let you register your dynamic IP for a domain name, so search around for the one that suits you best. Personally, I am using Google Domains for mine. My firewall assists in keeping my latest IP registered for my domain. This is extremely handy for mobile devices and family members who wish to use my Emby server remotely. Here are the general steps I would recommend to someone setting this up for themselves: Use an edge firewall. The extra protection is worth it. Use your edge firewall to keep track of your public IP, and use whatever agent that your dynamic DNS provider provides to keep your latest IP registered for your domain. I do not recommend doing this from your Apache server, as your Apache server should be further into your network and protected by your other firewall(s). Set up an SSL certificate for your domain. Again, LetsEncrypt is pretty awesome. Install Apache on a server that can handle a fair amount of network traffic. If you are using LetsEncrypt, set up the agent to keep up with your SSL certificate on this server. dnf groupinstall "Web Server" dnf install mod_http2 Configure your Apache server. On a Fedora, CentOS, RHEL system create a file called /etc/httpd/conf.d/00_yourdomain.conf (the two zeroes are there to make sure that your domain file is loaded first). Here are snippets of my configuration (cleaned up a bit for, you know, security): <VirtualHost *:80> Protocols h2c http/1.1 # Send everything over to https instead, best practice over mod_rewrite ServerName example.com Redirect / https://example.com/ </VirtualHost> <VirtualHost _default_:443> # Enable http/2 Protocols h2 http/1.1 <IfModule http2_module> LogLevel http2:info </IfModule> SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DH-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 SSLHonorCipherOrder On SSLCompression off Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains" Header always set X-Frame-Options SAMEORIGIN Header always set X-Content-Type-Options nosniff SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 ServerName example.com ServerAlias example.com ErrorLog logs/example-error_log RewriteEngine on RewriteRule ^/emby(.*)$1 [proxy] RewriteRule ^/emby [proxy] RewriteRule ^/embywebsocket(.*)$1 [proxy] RewriteRule ^/embywebsocket [proxy] <location /emby> ProxyPass ProxyPassReverse </location> <location /embywebsocket> ProxyPass ProxyPassReverse </location> </VirtualHost> So what this does for me is let Apache handle all incoming port 80 requests, and turns them into encrypted traffic. All connections to and from the server (that can support it) are encapsulated in HTTP/2 packets. All of my SSL encrypted web traffic is handled by one certificate, so I can have multiple URL paths served by the same domain name, with only the https port used, and it just plain looks cleaner. For example, you can have: https://example.com/emby https://example.com/nextcloud https://example.com/hello_kitty_island_adventure Or whatever suits your needs. My Emby server doesn't have to worry about any proxy configurations or SSL, as Apache takes care of all of that. My example is using the localhost IP address to direct all incoming and outgoing Emby requests, but if you are using a separate host that runs Emby, just make sure to use the IP of that system instaed and that you have port 8096 open and available. I hope that others may find this helpful.
  8. Last night I updated both Emby and mono to versions 3.1.0 and Since then I'm not able to access Emby from the internet, through an Apache reverse proxy, anymore. I can access the webclient without any issues within the LAN but if I try the same from the internet via the proxy I get this: 0 0 HTTP/1.1 200 OK X-UA-Compatible: IE=Edge Access-Control-Allow-Headers: Content-Type, Authorization, Range, X-MediaBrowser-Token, X-Emby-Authorization Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS Access-Control-Allow-Origin: * Vary: Accept-Encoding ETag: "4a131dd81c597e10d17c1a65ab8851f4" Cache-Control: public Content-Encoding: deflate Expires: -1 Server: Mono-HTTPAPI/1.1, UPnP/1.0 DLNADOC/1.50 Content-Type: text/html; charset=UTF-8 Date: Tue, 20 Dec 2016 17:41:38 GMT Content-Length: 789 VMs0WsR(=NYĢd$9iڂgKVU,\-I*9?phy*nlD$Uk?< HMyY@<Q~5bGBW5uRZ9P..!gR[JVOUA ZiSQsp*@B]jCRei]KgĎq)֥CF&4Ll~S"pNTt' 2n2 q1tE҂=aT$..x awJ^i)֏a6<s'|l 7O47F0i N*p̈ ZƐwCӨq#>sxfv:z7gGA!GtX0o\_ZaXt6&ɿkv>Ё'XiXT|f֦?{I@-XH{\My.6{Rr=C+BϦ3J%ݢR&ɧ8%P*F '*fS?KIv]$+4o0.6wݹc.*0ь׏#F7?p[0WTz(R "vB~Wr0"{} V}-:W>'h?YW[lzp{"bj}{ h݉r65N5~wb/V`Ǖcv- And that's all. Trying to refresh the page, it will keep loading forever. Before the upgrade I took a VM snapshot so I went ahead and roll back and everything went back to normal. I will provide the server log as soon as possible. Thanks.
  9. Hi, I bought a Google mini to play around with, but I can't seem to get Emby to connect. The things I did: My server (v is behind a reverse proxy on port 443 (https://emby.website.com) I created a Emby Connect user and I can log in with my browser at https://app.emby.media/ I link Emby Home in Google Home. I fill out the credentials and get to choose which of my servers (only have 1) I want to connect with. Then I get this message: Which seems weird to me because the app knows the name of my server. How can I fix this? Thanks, Jelle
  10. ShadowKindjal

    Emby WAN URL

    I seem to be having issues accessing my server from the internet in certain situations. Currently, my SSL connections is handled by a reverse proxy, apache. This URL is (for example) https://emby.server.com/ but the URL listed on my dashboard is listed as https://emby.server.com:8920/. When connecting to my server with the reverse proxy URL I never have any issues establishing a connection but the URL posted in the dashboard seems to go down randomly. This is an issue because users connecting to my server with emby connect accounts are usually trying to access the server via dashboard URL. My question is can I drop the port number from the WAN access URL on my dashboard and set it to just https://emby.server.com/ or can we troubleshoot why the dashboard URL is not connecting to my server? Please let me know if I need to provide any logs.
  11. mclp_de

    LiveTV M3U with socks5 proxy?

    Hello Community, I wanna ask, is there any way, to ONLY tunnel the M3U Connections through a Socks proxy witch is running? I don't want to proxy all Connections on this Server, only the Connections to the Stream-Servers! Thanks, Nice to Hear from you Guys. And BTW: I Use Emby on Debian!
  12. Okeur75

    [Solved] Emby apach vhost

    Hello guys, Yes another apache reverse proxy tuto but I'm a bit stuck ! I found a vhost config that works in my case : <VirtualHost *:80> ServerName my.website Redirect permanent /emby https://my.website/emby </VirtualHost> <VirtualHost *:443> ServerName my.website ErrorLog ${APACHE_LOG_DIR}/emby-error_log LogFormat "%t \"%r\" %>s" common CustomLog ${APACHE_LOG_DIR}/emby-access_log common RewriteEngine on RewriteRule ^/emby$ /emby/ [R] <proxy *> AddDefaultCharset off Order Allow,Deny Allow from all </proxy> ProxyRequests Off ProxyPreserveHost On <Location /emby> ProxyPass http://localhost:8096 ProxyPassReverse http://localhost:8096 </Location> <Location /emby/emby> ProxyPass ws://localhost:8096/emby ProxyPassReverse ws://localhost:8096/emby </Location> </VirtualHost> If I only enable this vhost it's working. But ! I also have transmission running with the following configuration: <VirtualHost *:443> ServerName my.website ServerAlias www.my.website Redirect permanent /transmission https://my.website/transmission RewriteEngine on RewriteRule /transmission[/]?$ /transmission/web/ [R=permanent] ProxyRequests On ProxyPreserveHost Off <Proxy *> Order allow,deny Allow from all </Proxy> ProxyPass /transmission ProxyPassReverse /transmission </Virtualhost> <VirtualHost *:80> ServerName my.website ServerAlias www.my.website Redirect permanent /transmission https://my.website/transmission </Virtualhost> If I enable emby first (by renaming the file 01-emby and 03-transmission) : emby is working but transmission is not. If I enable transmission first (01-transmission and 03-emby) : transmission is working and emby is not with the following error message : You don't have permission to access /emby on this server. So I guess there is some issue with the rewrite rule. In emby dashboard I selected the "Secure connection mode" parameter to "Handled by reverse proxy". For info https://my.website:8920/emby is working. I'm not really familiar with Apache so I may have missed something obvious. Thanks for your help guys !
  13. n00b_extrodinaire

    Fetching metadata via system proxy

    Hi all Literally just finished a docker install of Emby, and at the moment everything seems to be working nicely, BUT, I cannot retrieve metadata. I am behind a proxy, and have no VPN/other way of connecting to the internet. I have a system proxy configured, but it seems Emby is not taking it into account. It may be that it is because Emby is not aware of it via Docker container, and I am not sure if adding it via an environment variable will help? In the past, with Java based products, I was able to add "-Dhttp.proxy" option to the launching parameters, and it would also help. Is there some similar way in doing it with Emby? I will install Emby as a "raw" server on my Fedora machine, if the Metadata will be pulled via proxy. I just used Docker to see whether or not the product works, and it looks nice. Any ideas would be greatly appreciated!
  14. Hi, I've set up my Emby-server with "HTTPS using reverse proxy" using the "Setting up SSL for Emby (WIP)" guide. My question is: How can I switch between my LAN IP-address if I'm at home and my https: // emby.domainname.com:443 address if I'm on the road (using the Android-app)? Manually adding the other address for the same server doesn't seem to work? Thanks!
  15. I am running a Kodi instance with Emby plugin remotely. The access is proxied via Apache to provide secure SSL. This works perfectly in almost all regards. I can stream FullHD video and all (200/25 connection). The only thing that does not work is the automatic library update. I have to make a manual update each time anything changes. I know the server is ok: - There are local instances that are not proxied, which pick up the changes fine. - Also the remote machine does pick up the changes when I connect to the server via the site-to-site VPN, but that is too slow for actual streaming. So I am pretty sure the problem is in the Apache proxy system. What do I have to make available to allow instantaneous library updates? This is quite a bummer for me right now, because the update already takes a few minutes, and I haven't even integrated the Music library.
  16. I am experiencing the problem precisely as described in this topic, except only in Chrome and only when requesting the actual stream file (https://myserver/emby/videos/id/stream.webm?morestuf). All other pages (logging in, navigating, cover art, ...) work fine in all browsers. I am running Emby 3.0.5821 and use Nginx as the reverse proxy. Firefox and Microsoft Edge work fine but Chrome does not. Using the exact same setup, Firefox sends the Authorization header on all pages while Chrome does not send the Authentication header on its request to the stream file (https://myserver/emby/videos/id/stream.mkv?morestuf). One difference that I can see is that Chrome is asking for a stream.mkv file, while Firefox is asking for a stream.webm file. The result is that instead of my video, I get a popup that sais "Video Error There was an error playing the video.". The popup appears to be a recent addition to Emby, because I updated Emby before making this topic and before the update the popup was not there . Screenshots of the requests made by Firefox and Chrome are attached.
  17. ghost00


    how can i route my emby traffic over a proxy like tor? i would like all requests for movie posters or server updates proxied.
  18. TopSideControl

    Theater - Proxy Settings

    Following on from my thread here, http://emby.media/community/index.php?/topic/33153-proxy-settings/ I'd like to see the ability to configure proxy settings within the theater application itself.
  19. After updating to latest Emby stable version 3.0.5781.8, I can no longer login to the server while connecting from the Internet through an Apache SSL reverse-proxy, as I was before the update. The login screen doesn't finish to load and any attempt to manually login will result in a "Invalid username or password error". My setup is very specific so I would like to detail it in case it helps to narrow down the actual issue: Webclient ==> Internet (SSL) ==> Apache Reverse-Proxy (SSL Termination) ==> LAN (no SSL) ==> Emby Server On top of it I'm also authenticating clients using basic auth against the proxy. This means, that before anything gets to Emby, the proxy will request a username and password to the client. Until last update this worked flawlessly. The client will connect, the proxy will request for a username and password and once provided the connection will go on as normal. After yesterday's upgrade, this is not the case anymore. The client will connect, the proxy will request for a username and password and once provided the connection will go on and parts of the web will load as normal but other parts, will fail with a 401 response from the proxy server (unauthorize request). My default browser is Firefox (v43) but I also tried with a different browser, Midori, based on webkit. With Midori I'm able to connect and login as usual. I'm a little bit lost. I don't know if the problem is the browser, the new version of Emby and the changes in the webclient or something else. As I said before, this setup was working flawlessly until I upgraded Emby.
  20. Cerothen

    IIS Reverse Proxy HLS

    I have been using the reverse proxy setup for a while now using IIS with ARR and its been working pretty well. I have however been having a heck of a time using the chromecast with this particular setup. The issue that I have is whenever I do anything (browse around the web client or try to play a video to it) there is a popup indicating that the URI scheme is not valid. In my internet travels it appears that this could be relating to the host header that is sent to the mediabrowser client from IIS when it writes the HLS list for the client (chromecast) however I am not certain. I have tried to do a few things that I saw in hopes it would solve the issue including: Turn on preserve host in IIS: http://stackoverflow.com/questions/14841986/iis-aar-url-rewrite-for-reverse-proxy-how-to-send-http-host I have tried using ARR helper: http://forums.iis.net/t/1214989.aspx?ARR+Helper+for+IIS8+ And tried setting a server variable: http://tiku.io/questions/2950025/does-iis-with-arr-support-fully-transparent-reverse-proxy This is the rewrite rules that are applied: <rule name="Redirect to HTTPS" enabled="true" stopProcessing="true"> <match url="(.*)" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="false"> <add input="{HTTPS}" pattern="^OFF$" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" /> </rule> <rule name="RewriteRemoteAddr"> <match url="(.*)" /> <conditions> <add input="{HTTP_X_FORWARDED_FOR}" pattern="([_0-9a-zA-Z]+)" /> </conditions> <serverVariables> <set name="{REMOTE_ADDR}" value="{HTTP_X_FORWARDED_FOR}" /> </serverVariables> <action type="None" /> </rule> <rule name="Mediabrowser 1" enabled="true" stopProcessing="true"> <match url="mediabrowser(.*)" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="false" /> <action type="Rewrite" url="http://localhost:8096/{R:0}" /> </rule> The typical error in mediabrowser: 2015-02-13 13:14:49.0142 Error - HttpServer: Error processing request for /mediabrowser/System/Endpoint *** Error Report *** Version: 3.0.5518.3 Command line: C:\Users\Administrator\AppData\Roaming\MediaBrowser-Server\system\MediaBrowser.ServerApplication.exe -service Operating system: Microsoft Windows NT 6.2.9200.0 Processor count: 8 64-Bit OS: True 64-Bit Process: False Program data path: C:\Users\Administrator\AppData\Roaming\MediaBrowser-Server Application Path: C:\Users\Administrator\AppData\Roaming\MediaBrowser-Server\system\MediaBrowser.ServerApplication.exe Invalid URI: The URI scheme is not valid. ServiceStack.HttpError No Stack Trace Available 2015-02-13 13:14:49.0142 Error - DtoUtils: ServiceBase<TRequest>::Service Exception *** Error Report *** Version: 3.0.5518.3 Command line: C:\Users\Administrator\AppData\Roaming\MediaBrowser-Server\system\MediaBrowser.ServerApplication.exe -service Operating system: Microsoft Windows NT 6.2.9200.0 Processor count: 8 64-Bit OS: True 64-Bit Process: False Program data path: C:\Users\Administrator\AppData\Roaming\MediaBrowser-Server Application Path: C:\Users\Administrator\AppData\Roaming\MediaBrowser-Server\system\MediaBrowser.ServerApplication.exe Invalid URI: The URI scheme is not valid. System.UriFormatException at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind) at System.Uri..ctor(String uriString) at MediaBrowser.Common.Implementations.Networking.BaseNetworkManager.IsInLocalNetworkInternal(String endpoint, Boolean resolveHost) at MediaBrowser.ServerApplication.Networking.NetworkManager.MediaBrowser.Common.Net.INetworkManager.IsInLocalNetwork(String ) at MediaBrowser.Api.System.SystemService.Get(GetEndpointInfo request) at lambda_method(Closure , Object , Object ) at ServiceStack.Host.ServiceRunner`1.Execute(IRequest request, Object instance, TRequest requestDto) I am trying to stick with IIS since I am using the remote desktop gateway feature and Apache doesn't support it. Any advise that experienced users can bestow unto me would be much appreciated. Thanks!
  21. I though I would share this in case someone is attempting to do something similar and starts pulling their hair because videos from web aren't playing (e.g. Trailers) My Mediabrowser server is behind a proxy server, as long as I have my proxy settings configured on I.E. mediabrowser respects that and uses it for grabbing data from the internet, but when it came to playing web videos it always failed, and I noticed it was because ffmpeg would not respect the I.E proxy settings. After a few hours of searching finally come across a post that shows how to configure ffmpeg to use a proxy server, the best part is that it doesn't require anything to be changed at the code level. from a command prompt just type; SET http_proxy=http://<proxyserver>:<port> e.g. SET http_proxy= That's it now web videos work as well and go through the proxy server, there might be other ways out there but so far this is the only way that I found.
  22. I use an http proxy in Chrome for most of my browsing and noticed that I was unable to log into the server recently. I was able to find this log which appears to show an error (possibly by design). I am able to log into the server from IE that does not use a proxy without issues. I am also able to log into the server if I use a VPN in Chrome. I do see that I am creating a valid token on the server when I attempt to log in but it just kicks me out after that. Is there anything I can do to allow access while using the proxy? 2014-09-15 21:30:13.4881 Debug - HttpServer: HTTP Response 401 to XX.XX.XX.XX. Response time: 1.0001 ms. Url: http://XXX.XXX.XXX.XXX:8096/mediabrowser/System/Info 2014-09-15 21:30:13.4881 Debug - HttpServer: HTTP GET http://XXX.XXX.XXX.XXX:8096/mediabrowser/Users/ed277362b33ae798afb4b5e928c02d65/Items?SortBy=IsFavoriteOrLiked%2CRandom&Limit=50&Recursive=true&IncludeItemTypes=movie%2Cseries%2Cgame%2Cbook&ImageTypes=Backdrop&ParentId= Ip: XX.XX.XX.XX:34514. Headers: Host=XXX.XXX.XXX.XXX:8096,Accept=application/json, text/javascript, */*; q=0.01,User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36,Authorization=MediaBrowser Client="Dashboard", Device="Chrome 37.0.2062.120", DeviceId="cc7d4d33e4a7d6f89debf8988ff27173323da9eb", Version="3.0.5366.22005", UserId="ed277362b33ae798afb4b5e928c02d65",Accept-Encoding=gzip,deflate,sdch,Accept-Language=en-US,en;q=0.8,Cache-Control=max-age=0,Connection=keep-alive 2014-09-15 21:30:13.4881 Error - HttpAsyncTaskHandler: Error occured while Processing Request: Exception of type 'MediaBrowser.Server.Implementations.Security.AuthenticationException' was thrown. Exception of type 'MediaBrowser.Server.Implementations.Security.AuthenticationException' was thrown. MediaBrowser.Server.Implementations.Security.AuthenticationException at MediaBrowser.Server.Implementations.Session.SessionManager.ValidateSecurityToken(String token) at MediaBrowser.Server.Implementations.HttpServer.Security.AuthService.ValidateUser(IRequest req, Boolean allowLocal) at MediaBrowser.Server.Implementations.HttpServer.Security.AuthService.Authenticate(IRequest req, IResponse res, Object requestDto, Boolean allowLocal) at MediaBrowser.Controller.Net.AuthenticatedAttribute.RequestFilter(IRequest request, IResponse response, Object requestDto) at ServiceStack.ServiceStackHost.ApplyRequestFilters(IRequest req, IResponse res, Object requestDto) at ServiceStack.Host.RestHandler.ProcessRequestAsync(IRequest httpReq, IResponse httpRes, String operationName)
  23. I currently use MB2 at home on a couple of PC's. I want to test MB3 first before replacing what I have, I therefore decided to use Hyper-V at work and try it out first. Only problem is that we have a proxy server that requires authentication. I've managed to download the 2 bits of software that MB3 needs and install them both manually, however it still fails when I run the setup program. Is there any way I can have a stand-alone installer for Client and server? or is there a work-around for proxy locations? An error occurred trying to download 'http://www.mb3admin.com/downloads/beta/server/MediaBrowser.Server.Installer.application'. See the setup log file located at 'C:\Users\ADMINI~1\AppData\Local\Temp\VSDAC52.tmp\install.log' for more information.
  • Create New...