davidpenn2001 0 Posted September 30, 2021 Share Posted September 30, 2021 Hi, I can't login my emby server from LAN in IOS app. My server name/port is like: https://emby.example.com:8443. My traefik2 container will forward it to emby docker at port 8096. Quote emby: image: emby/embyserver restart: unless-stopped container_name: emby environment: - TZ=Asia/Shanghai - UID=1000 - GID=984 volumes: - ./emby:/config - /ndisk1/media/:/data ports: - 8096:8096 labels: - "traefik.enable=true" ## HTTP Routers - "traefik.http.routers.emby-rtr.entrypoints=https" - "traefik.http.routers.emby-rtr.rule=Host(`emby.$DOMAINNAME`)" - "traefik.http.routers.emby-rtr.tls=true" ## Middlewares - "traefik.http.routers.emby-rtr.middlewares=chain-no-auth@file" # No Authentication ## HTTP Services - "traefik.http.routers.emby-rtr.service=emby-svc" - "traefik.http.services.emby-svc.loadbalancer.server.port=8096" networks: - t2_proxy If I use local port and ip address (192.168.1.3:8096) in emby app, I can login. If I use domain name and https port (https://emby.example.com:8443) in safari, I can login. But if I use domain name and https port in emby app, I can't login. Any suggestion? Thanks in advance, David Link to comment Share on other sites More sharing options...
Q-Droid 670 Posted September 30, 2021 Share Posted September 30, 2021 Does the Emby dashboard show https://emby.example.com:8443 as the Remote (WAN) access URL? Link to comment Share on other sites More sharing options...
GWTPqZp6b 41 Posted October 1, 2021 Share Posted October 1, 2021 (edited) I have this issue too! I think its something CORS related, I just haven't had time to debug yet. The same Traefik config works fine on Mac OSX both web and app, but not iOS web or app. Its on my list to look at. EDIT: Actually your issue may be different to mine, I have a stricter CORS policy applied where yours is pretty bare bones. Edited October 1, 2021 by GWTPqZp6b hmm Link to comment Share on other sites More sharing options...
davidpenn2001 0 Posted October 1, 2021 Author Share Posted October 1, 2021 14 hours ago, Q-Droid said: Does the Emby dashboard show https://emby.example.com:8443 as the Remote (WAN) access URL? No. The emby dashboard show ip address. http://<my wan ip>:8096. Link to comment Share on other sites More sharing options...
davidpenn2001 0 Posted October 1, 2021 Author Share Posted October 1, 2021 13 hours ago, GWTPqZp6b said: I have this issue too! I think its something CORS related, I just haven't had time to debug yet. The same Traefik config works fine on Mac OSX both web and app, but not iOS web or app. Its on my list to look at. EDIT: Actually your issue may be different to mine, I have a stricter CORS policy applied where yours is pretty bare bones. Mine seems different. iOS web works but app fails. Link to comment Share on other sites More sharing options...
davidpenn2001 0 Posted October 1, 2021 Author Share Posted October 1, 2021 Previously I am using Traefik 1.7 and no problem at all. It seems header forwarding issue for ios app. Do I need any special setting for Traefik 2 or emby? Link to comment Share on other sites More sharing options...
Q-Droid 670 Posted October 1, 2021 Share Posted October 1, 2021 Apps and browsers interact differently with Emby. In your Emby network setup and even behind a proxy you want to enable remote access, fill in the external details and set Secure Connection Mode to handled by reverse proxy. Link to comment Share on other sites More sharing options...
GWTPqZp6b 41 Posted October 2, 2021 Share Posted October 2, 2021 These headers work on OSX web & application, and iOS Web & app, BUT uncommenting the four lines breaks the applications on both platforms. Will spend some time debugging. @pir8radio for vis as they are the header-pro round these parts I think. semi-secure-headers-emby: headers: frameDeny: true stsIncludeSubdomains: true stsPreload: true stsSeconds: 15552000 contentTypeNosniff: true # addVaryheader: true # accessControlAllowMethods: ["GET", "OPTIONS", "POST"] # accessControlAllowHeaders: ["Origin", "Accept", "Authorization", "Accept-Encoding", "Accept-Language", "Content-Type", "Content-Length", "Cache-Control"] # accessControlMaxAge: 100 customFrameOptionsValue: "SAMEORIGIN" browserXssFilter: true referrerPolicy: origin-when-cross-origin contentSecurityPolicy: "default-src 'none'; font-src 'self'; connect-src 'self' wss: ws: https://mb3admin.com; media-src 'self' blob: data:; manifest-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; worker-src 'self' blob:; script-src 'self' https://www.gstatic.com; img-src data: https: http: ; style-src 'unsafe-inline' 'self'" 1 Link to comment Share on other sites More sharing options...
Luke 37214 Posted October 3, 2021 Share Posted October 3, 2021 The server already sets some of those headers, so if you're overwriting that with your own values, then yes it's going to break things. Link to comment Share on other sites More sharing options...
GWTPqZp6b 41 Posted October 4, 2021 Share Posted October 4, 2021 Thanks Luke. Is there any docs or references that might help me understand which & how the headers Im setting are causing issues with app but not web? Im keen to learn more and understand why theres a delta between web and app. Link to comment Share on other sites More sharing options...
Luke 37214 Posted October 4, 2021 Share Posted October 4, 2021 Having not tried Traefik myself, I can't really be sure why you're getting lucky with the web app. Best guess though is that none of them are being used in the web app because the browser is not sending any cors preflight requests. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now