Jump to content

Search the Community

Showing results for tags 'caddy'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Announcements
    • Emby Premiere Purchase/Subscription Support
    • Feature Requests
    • Tutorials and Guides
  • Emby Server
    • General/Windows
    • Android Server
    • Asustor
    • FreeBSD
    • Linux
    • NetGear ReadyNAS
    • MacOS
    • QNAP
    • Synology
    • TerraMaster NAS
    • Thecus
    • Western Digital
    • DLNA
    • Live TV
  • Emby Apps
    • Amazon Alexa
    • Android Mobile
    • Android TV / Fire TV
    • Emby Theater
    • iOS
    • Apple TV
    • Kodi
    • Raspberry Pi
    • Roku
    • Samsung Smart TV
    • Sony PlayStation
    • LG Smart TV
    • Web App
    • Windows Media Center
    • Plugins
  • Language-specific support
    • Arabic
    • Dutch
    • French
    • German
    • Italian
    • Portuguese
    • Russian
    • Spanish
    • Swedish
  • Community Contributions
    • Ember for Emby
    • Fan Art & Videos
    • Tools and Utilities
    • Web App CSS
  • Other
    • General Discussion
    • Developer API
    • Hardware
    • Media Clubs
    • Legacy Support

Blogs

  • Emby Blog

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 1 result

  1. It took me a while to get Caddy v2 setup and working by itself. Then there were some struggles with getting it to work with Cloudflare. I thought I would share a guide to assist those who want to go that route. Prerequisites: Have your own domain Have the DNS of your domain setup with Cloudflare Have your Cloudflare API key/token "For this checkout my other article on setting up DNS updates via API" Have your Emby server set with a static internal IP Step 1: Download Caddy Visit https://caddyserver.com/download to download your binary. You will need to add a couple plugins for this to work. You will want to select 'caddy-dns/cloudflare' and 'kirsch33/realip' Review at the top that it shows "Extra features = 2' and select 'Download' Step 2: Download NSSM from https://nssm.cc/download "We will use this to run Caddy as a service" Step 3: Create folders for NSSM and Caddy on the root of the C:\ drive Step 4: Rename the caddy binary to just caddy.exe and put it in C:\Caddy\. Extract NSSM so you just have the nssm.exe and put that in your NSSM folder. Step 5: Create your caddyfile The caddyfile has no extension. You can open this with your favorite text editor. I use Notepad++. Below is the a sample caddyfile. The first email is the email address that you want to use to receive notifications if there are issues with the cert Adjust your domain to what you are using for Emby. Either 'domain.com', 'login.domain.com' or 'emby.domain.com' etc. The second email address is your email address for your Cloudflare account This also sets up logging for the reverse proxy which is really handy I choose to use the actual IP address of the server instead of localhost. Either will work. { email email@gmail.com } yourdomain.com { tls email@gmail.com { dns cloudflare 'Your Cloudflare API Key No Quotes' } log { output file C:\caddy\logs\emby_access.log { roll true # Rotate logs, enabled by default roll_size_mb 10 # Set max size X MB roll_gzip true # Whether to compress rolled files roll_local_time true # Use localhost time roll_keep 3 # Keep at most X log files roll_keep_days 7 # Keep log files for X days } } encode gzip reverse_proxy http://10.0.0.5:8096 { header_up X-Real-IP {remote_host} } } If you wanted to run any of the arr's as subsites to your main reverse proxy you can add the following to your caddyfile If you are running it on the same box instead of using the full domain name you would just use http://yourip:port You need to login to each of the arr applications and setup the base URL Login go to settings/general/base url Add the correct subsite. So for Radarr you would add /movies save and restart. { email email@gmail.com } yourdomain.com { tls email@gmail.com { dns cloudflare 'Your Cloudflare API Key No Quotes' } log { output file C:\caddy\logs\emby_access.log { roll true # Rotate logs, enabled by default roll_size_mb 10 # Set max size X MB roll_gzip true # Whether to compress rolled files roll_local_time true # Use localhost time roll_keep 3 # Keep at most X log files roll_keep_days 7 # Keep log files for X days } } encode gzip reverse_proxy http://10.0.0.5:8096 { header_up X-Real-IP {remote_host} } reverse_proxy /movies/* https://radarr.domain.com { header_up Host {upstream_hostport} header_up X-Forwarded-Host {host} } redir /movies /movies/ reverse_proxy /tv/* https://sonarr.domain.com { header_up Host {upstream_hostport} header_up X-Forwarded-Host {host} } redir /tv /tv/ reverse_proxy /music/* https://lidarr.domain.com { header_up Host {upstream_hostport} header_up X-Forwarded-Host {host} } redir /music /music/ reverse_proxy /audiobooks/* https://readarr.domain.com { header_up Host {upstream_hostport} header_up X-Forwarded-Host {host} } redir /audiobooks /audiobooks/ } Step 6: Create a user for caddy to run as and set password. You will need this password later down when we setup the service. I'm going to use srvcaddy. Step 7: Allow srvcaddy user to run as service You want to open up Local Security Policy Go to 'Local Policies/User Rights Assignment/Log on as a service' and add our new user srvcaddy Step 8: Add your domain under Emby network settings Login go to settings/network/external domain and add your domain name Step 9 : Launch cmd prompt as administrator Step 10: Install Caddy as a service We will need to type cd "C:\NSSM" in cmd prompt. Then you will need to type nssm install Caddy We will want to edit Log on to our service account Then select 'Install service' Now you can open up services and start caddy The first time this runs it will take a few minutes to generate your certificate on the computer. Step 11: Adjust firewall rules You now only want the local computer to talk on Emby's port 8096. All other devices you will want to have it connect via ports 80,443. Open up windows firewall Make sure all of Emby's rules are disabled Create a new rule Step 12: Create a port forward in your router/firewall from external port 443 to your server port 443. Do to the differences in every router/firewall you will need to refer to manual or Google on this step. For even more security you can lock down only Cloudflare's IP addresses to be able to route to your server. Since we are updating the cert via API you only need port 443 open to Cloudflare. No need for port 80 to be open external. Step 13: Create a DNS entry in your router/firewall for your server. Again do to to many differences you will need to consult your device's manual or google on how to accomplish this. You will want to create an internal record that takes your domain name for your Emby server and points it to the local IP. This way you can take advantage of local login with pin. Step 14: Set Cloudflare's SSL/TLS Encryption Login to Cloudflare, select your domain, and go to SSL/TLS You want to set this to Full/Strict That's it... you should now have a fully encrypted connection to your Emby server internal and external. You will now be connecting to your server via port 443 instead of 8096. Hope this helps anyone struggling with setting this up.
×
×
  • Create New...