Jump to content

Search the Community

Showing results for tags 'reverse'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • General
    • Announcements
    • Emby Premiere Purchase/Subscription Support
    • Feature Requests
    • Tutorials and Guides
  • Emby Server
    • General/Windows
    • Android Server
    • Asustor
    • FreeBSD
    • Linux
    • NetGear ReadyNAS
    • MacOS
    • QNAP
    • Synology
    • TerraMaster NAS
    • Thecus
    • Western Digital
    • DLNA
    • Live TV
  • Emby Apps
    • Amazon Alexa
    • Android Mobile
    • Android TV / Fire TV
    • Emby Theater
    • iOS
    • Apple TV
    • Kodi
    • Raspberry Pi
    • Roku
    • Samsung Smart TV
    • Sony PlayStation
    • LG Smart TV
    • Web App
    • Windows Media Center
    • Plugins
  • Language-specific support
    • Arabic
    • Dutch
    • French
    • German
    • Italian
    • Portuguese
    • Russian
    • Spanish
    • Swedish
  • Community Contributions
    • Ember for Emby
    • Fan Art & Videos
    • Tools and Utilities
    • Web App CSS
  • Other
    • General Discussion
    • Developer API
    • Hardware
    • Media Clubs
    • Legacy Support


  • Emby Blog

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 7 results

  1. NGINX and emby Config Version 1.0.2 Last Update 9-23-2021 Update by Pir8Radio Why Use NGINX reverse proxy ahead of my application servers like emby? With NGINX or any reverse proxy ahead of an application server you have more control over your setup. You can do things the application servers were not built to handle, have better control over your security and logging, replace lines of code without editing the application server code, better control of caching, etc, etc.... One of the main reasons is so that you don't have to open a new port on your firewall for every application server you host, all you really need to open is 80 & 443 and the internet can reach all of your different servers through one entrance. Will NGINX work on my OS? Most likely, you can find various versions of NGINX for most OS's and they come in different flavors, with options baked in, or just the bare NGINX that you need to compile. See below for download links to get you started. Will NGINX break things on emby? Absolutely if you don't configure it correctly! I HIGHLY suggest when choosing a scheme to setup your domain URL you choose SUB-DOMAIN and NOT sub-directory, more below. Also if you come to the emby forum with things not working, or issues you have and you use a Reverse Proxy, PLEASE make sure that is one of the first things you mention in your forum post. ESPECIALLY if emby works on one platform or client, but not another. So many times people complain "but it works on chrome, so I didn't think it was the reverse proxy". Mention you have a Reverse Proxy please. If the reverse proxy is setup correctly it should be totally transparent to the user and the application server (emby). I'm not going to go into how to purchase and setup a domain name. Lots of how-to's on that out there. Once you have a domain name and its pointed to your IP address, you can go to that domain name and hit your server then continue on.... Sub-Domain vs Sub-Directory: Lets say your domain name is: domain.com there are two main ways you can direct traffic from the internet to your backend application servers like emby. One is sub-directory, something like domain.com/emby or domain.com/other-server This is doable in nginx, but there are some catches and you need to know how your reverse proxy and application server work in detail.. This often breaks different features in emby and other application servers.. To keep with our "Totally Transparent" goal sub-directory doesn't work well, it requires a lot of rewriting and work-arounds to make it work smoothly, if you choose sub-directory you will run into issues you will need to address. The other option is Sub-Domain, this is the cleanest, most transparent, easiest to setup and maintain, it's also what I highly suggest you setup. A sub-domain looks like: emby.domain.com or other-server.domain.com The below config is based on Sub-Domain I will include a sub-directory example as well. NGINX Downloads: Official nginx downloads(LINUX): nginx.org Official nginx downloads(Windows): nginx.org WINDOWS users I suggest this version: nginx-win.ecsds.eu download links are at the bottom of the page. This Windows version has lots of cool features compiled into it already, and is optimized for windows. They keep up with updates, its a FREE (for non-commercial) third party build that I highly recommend. Additional Links: Content Security Policy info (CSP) (For Advanced Users): A CSP WILL break your server if you don't know what you are doing, I suggest reading up, lots of googleing, and understand what a CSP's function is and is not prior to venturing into this area Example NGINX Reverse Proxy Config: 3-29-2020 - ADDED A LINE FOR CLOUDFLARE USERS SO THAT THE X-REAL-IP HEADER IS CORRECTED. THIS ONLY EFFECTS Cloudflare USERS. 4-11-2020 (V1.0.1) - MOVED proxy_buffering off; FROM LOCATION BLOCK TO SERVER BLOCK 12-18-2020 (V1.0.2) - ADDED 301 SERVER SECTION TO FORCE ALL TRAFFIC TO SSL. 9-23-2021 no nginx config change, but cloudflare changed how they cache video files, so emby users that use Cloudflare now need to add a rule like below to make sure video is seekable and playable. ** The below "Page Rules" are only needed for Cloudflare CDN users, otherwise ignore. worker_processes auto; error_log logs/error.log; events { worker_connections 8192; } http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 64; server_tokens off; ## The below will create a separate log file for your emby server which includes ## userId's and other emby specific info, handy for external log viewers. ## Cloudflare users will want to swap $remote_addr in first line below to $http_CF_Connecting_IP ## to log the real client IP address log_format emby '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port "$http_x_emby_authorization"'; log_format default '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port'; sendfile off; ## Sendfile not used in a proxy environment. gzip on; ## Compresses the content to the client, speeds up client browsing. gzip_disable "msie6"; gzip_comp_level 6; gzip_min_length 1100; gzip_buffers 16 8k; gzip_proxied any; gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/rss+xml image/svg+xml; proxy_connect_timeout 1h; proxy_send_timeout 1h; proxy_read_timeout 1h; tcp_nodelay on; ## Sends data as fast as it can not buffering large chunks, saves about 200ms per request. ## The below will force all nginx traffic to SSL, make sure all other server blocks only listen on 443 server { listen 80 default_server; server_name _; return 301 https://$host$request_uri; } ## Start of actual server blocks server { listen [::]:443 ssl http2; ## Listens on port 443 IPv6 with http2 and ssl enabled listen 443 ssl http2; ## Listens on port 443 IPv4 with http2 and ssl enabled proxy_buffering off; ## Sends data as fast as it can not buffering large chunks. server_name emby.domainname.com; ## enter your service name and domain name here example emby.domainname.com access_log logs/emby.log emby; ## Creates a log file with this name and the log info above. ## SSL SETTINGS ## ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate ssl/pub.pem; ## Location of your public PEM file. ssl_certificate_key ssl/pvt.pem; ## Location of your private PEM file. ssl_session_cache shared:SSL:10m; location ^~ /swagger { ## Disables access to swagger interface return 404; } location / { proxy_pass; ## Enter the IP and port of the backend emby server here. proxy_hide_header X-Powered-By; ## Hides nginx server version from bad guys. proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested. proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested. proxy_set_header X-Real-IP $remote_addr; ## Passes the real client IP to the backend server. #proxy_set_header X-Real-IP $http_CF_Connecting_IP; ## if you use cloudflare un-comment this line and comment out above line. proxy_set_header Host $host; ## Passes the requested domain name to the backend server. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server. ## ADDITIONAL SECURITY SETTINGS ## ## Optional settings to improve security ## ## add these after you have completed your testing and ssl setup ## ## NOTICE: For the Strict-Transport-Security setting below, I would recommend ramping up to this value ## ## See https://hstspreload.org/ read through the "Deployment Recommendations" section first! ## add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header Strict-Transport-Security "max-age=15552000; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client. proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } } }
  2. Continuing with this topic, I want to share my current working Apache reverse proxy setup. Before Nginx users kill me, let me say that I prefer Apache because i'm used to it (I know Nginx is better in reverse proxy scenarios), I find it simpler, I have a Nextcloud server running in the same machine and here they recommend using Apache instead of Nginx, even if i'm not using it for an enterprise deployment. At the moment, i'm having 0 issues with any App (Web, TV, Android, iOs, etc.), the chrome console is clean without any error when connecting through the Web App. My apache is redirecting all traffic including the websocket traffic. I use my server with a CNAME of my domain, so that's why I don't locate it in "/emby" location, I do it in "/". This is my apache .conf file for Emby reverse proxy (located at /etc/apache2/sites-available): <IfModule mod_ssl.c> <VirtualHost *:80> ServerName cname.domain.com ServerAdmin youremail@address.com RewriteEngine on RewriteCond %{SERVER_NAME} =cname.domain.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] </VirtualHost> <VirtualHost *:443> ServerName cname.domain.com ServerAdmin youremail@address.com <proxy *> AddDefaultCharset off Order Allow,Deny Allow from all </proxy> ProxyRequests Off ProxyPreserveHost On ProxyPass "/embywebsocket" "ws://" ProxyPassReverse "/embywebsocket" "ws://" ProxyPass "/" "" ProxyPassReverse "/" "" SSLCertificateFile /etc/letsencrypt/live/cname.domain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/cname.domain.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule> As you can see I'm using Let's Encrypt certificates. As @@curtisghanson said here, I also have an "A" in Qualy SSL Labs: Well I was scared of the performance but It's true that the maximum concurrent users I have are around 5-20, it's little. This is the server usage when 7 users are connected playing content at the same time (all my content is Direct Played): And that's all, hope you liked it and find it useful! Any improvement to the Apache conf file is welcome. Edit: Forgot to say thanks to @@fc7 who was the man that did all this possible .
  3. crusher11

    NGINX - troubleshooting

    I just got a new router, which means my server has moved from local IP 10.0.x.x to 192.168.x.x. I added exactly the same port-forwarding rules to the new router that I had in the old router, changed the local IP address in the NGINX config, restarted NGINX and...it doesn't connect. The domain gets a CloudFlare 524 error. My IP address followed by ports 80, 443, 4343, 8920 and 7241 fails. My IP address followed by port 8096 succeeds. This doesn't make any sense. I have Emby's ports in the network config set to 4343 for secure and 7241 for non-secure. CanYouSeeMe.org can only see me on port 8096. NGINX isn't jumping in front of any of the attempts at direct-IP access, which from memory it's supposed to.
  4. Super Friends

    Fast forward support

    OK, why is the Fast Forward and Rewind missing on the Fire TV, Android, etc. app? Netflix has it, Kodi has it, Hulu has it, Amazon has it..... I could go on and on. I know I can skip, etc. but as a user I do not want to tell my wife, my kids every flipping time how to do it. These are media playing standards fellas.
  5. Last night I updated both Emby and mono to versions 3.1.0 and Since then I'm not able to access Emby from the internet, through an Apache reverse proxy, anymore. I can access the webclient without any issues within the LAN but if I try the same from the internet via the proxy I get this: 0 0 HTTP/1.1 200 OK X-UA-Compatible: IE=Edge Access-Control-Allow-Headers: Content-Type, Authorization, Range, X-MediaBrowser-Token, X-Emby-Authorization Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS Access-Control-Allow-Origin: * Vary: Accept-Encoding ETag: "4a131dd81c597e10d17c1a65ab8851f4" Cache-Control: public Content-Encoding: deflate Expires: -1 Server: Mono-HTTPAPI/1.1, UPnP/1.0 DLNADOC/1.50 Content-Type: text/html; charset=UTF-8 Date: Tue, 20 Dec 2016 17:41:38 GMT Content-Length: 789 VMs0WsR(=NYĢd$9iڂgKVU,\-I*9?phy*nlD$Uk?< HMyY@<Q~5bGBW5uRZ9P..!gR[JVOUA ZiSQsp*@B]jCRei]KgĎq)֥CF&4Ll~S"pNTt' 2n2 q1tE҂=aT$..x awJ^i)֏a6<s'|l 7O47F0i N*p̈ ZƐwCӨq#>sxfv:z7gGA!GtX0o\_ZaXt6&ɿkv>Ё'XiXT|f֦?{I@-XH{\My.6{Rr=C+BϦ3J%ݢR&ɧ8%P*F '*fS?KIv]$+4o0.6wݹc.*0ь׏#F7?p[0WTz(R "vB~Wr0"{} V}-:W>'h?YW[lzp{"bj}{ h݉r65N5~wb/V`Ǖcv- And that's all. Trying to refresh the page, it will keep loading forever. Before the upgrade I took a VM snapshot so I went ahead and roll back and everything went back to normal. I will provide the server log as soon as possible. Thanks.
  6. Hi, I've set up my Emby-server with "HTTPS using reverse proxy" using the "Setting up SSL for Emby (WIP)" guide. My question is: How can I switch between my LAN IP-address if I'm at home and my https: // emby.domainname.com:443 address if I'm on the road (using the Android-app)? Manually adding the other address for the same server doesn't seem to work? Thanks!
  7. After updating to latest Emby stable version 3.0.5781.8, I can no longer login to the server while connecting from the Internet through an Apache SSL reverse-proxy, as I was before the update. The login screen doesn't finish to load and any attempt to manually login will result in a "Invalid username or password error". My setup is very specific so I would like to detail it in case it helps to narrow down the actual issue: Webclient ==> Internet (SSL) ==> Apache Reverse-Proxy (SSL Termination) ==> LAN (no SSL) ==> Emby Server On top of it I'm also authenticating clients using basic auth against the proxy. This means, that before anything gets to Emby, the proxy will request a username and password to the client. Until last update this worked flawlessly. The client will connect, the proxy will request for a username and password and once provided the connection will go on as normal. After yesterday's upgrade, this is not the case anymore. The client will connect, the proxy will request for a username and password and once provided the connection will go on and parts of the web will load as normal but other parts, will fail with a 401 response from the proxy server (unauthorize request). My default browser is Firefox (v43) but I also tried with a different browser, Midori, based on webkit. With Midori I'm able to connect and login as usual. I'm a little bit lost. I don't know if the problem is the browser, the new version of Emby and the changes in the webclient or something else. As I said before, this setup was working flawlessly until I upgraded Emby.
  • Create New...