mshaik 2 Posted October 22, 2021 Share Posted October 22, 2021 Hi I have a Emby Media Server running on Docker Container and Nginx reverse proxy on a Docker Container, Everything works well in my local network. But When I add the local Ip in nginx proxy server for forwarding my domain request to embyserver it gives a forbidden. In my Emby I disabled all remote connections as the remote connection is enable for nginx proxy and it connects to Emby. It only works If I enable Remote Connections. I saw a solution in previous post that network_mode host will resolve it but in my case even it's not working. Can you please help me with it? Here's the Emby Log: 2021-10-22 11:24:45.812 Info Server: http/1.1 Response 200 to 192.168.0.27. Time: 7ms. http://192.168.0 :8096/emby/Items/566/Images/Primary?maxHeight=235&maxWidth=418&tag=7571a8f0436153179f11f6dffd00539f&quality=90 2021-10-22 11:24:45.815 Info Server: http/1.1 Response 200 to 192.168.0.27. Time: 6ms. http://192.168.0 :8096/emby/Items/567/Images/Primary?maxHeight=235&maxWidth=418&tag=f86a7a1c8ec644d7956985d1a105304f&quality=90 2021-10-22 11:24:45.815 Info Server: http/1.1 Response 200 to 192.168.0.27. Time: 7ms. http://192.168.0 :8096/emby/Items/545/Images/Primary?maxHeight=235&maxWidth=418&tag=c10d588ffe01708b652c76f9e17c34b8&quality=90 2021-10-22 11:24:45.815 Info Server: http/1.1 Response 200 to 192.168.0.27. Time: 7ms. http://192.168.0 :8096/emby/Items/575/Images/Primary?maxHeight=235&maxWidth=418&tag=b847e5c8757390c6b7102c00c98c2f16&quality=90 2021-10-22 11:25:36.892 Info Server: http/1.1 GET http://192.168.0 :8096/emby/Users/c658af2f8c644387bcca55c4b50618e3?X-Emby-Client=Emby Web&X-Emby-Device-Name=Chrome&X-Emby-Device-Id=c392c892-3f98-4260-83ea-9e605c4fbd91&X-Emby-Client-Version=4.6.4.0. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:25:36.902 Info Server: http/1.1 Response 200 to 192.168.0.27. Time: 10ms. http://192.168.0 :8096/emby/Users/c658af2f8c644387bcca55c4b50618e3?X-Emby-Client=Emby Web&X-Emby-Device-Name=Chrome&X-Emby-Device-Id=c392c892-3f98-4260-83ea-9e605c4fbd91&X-Emby-Client-Version=4.6.4.0 2021-10-22 11:25:36.930 Info Server: http/1.1 GET http://192.168.0 :8096/emby/ScheduledTasks?X-Emby-Client=Emby Web&X-Emby-Device-Name=Chrome&X-Emby-Device-Id=c392c892-3f98-4260-83ea-9e605c4fbd91&X-Emby-Client-Version=4.6.4.0. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:25:36.931 Info Server: http/1.1 GET http://192.168.0 :8096/emby/Sessions?ActiveWithinSeconds=300&IncludeAllSessionsIfAdmin=true&X-Emby-Client=Emby Web&X-Emby-Device-Name=Chrome&X-Emby-Device-Id=c392c892-3f98-4260-83ea-9e605c4fbd91&X-Emby-Client-Version=4.6.4.0. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:25:36.938 Info Server: http/1.1 GET http://192.168.0 :8096/emby/System/Info?X-Emby-Client=Emby Web&X-Emby-Device-Name=Chrome&X-Emby-Device-Id=c392c892-3f98-4260-83ea-9e605c4fbd91&X-Emby-Client-Version=4.6.4.0. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:25:36.942 Info Server: http/1.1 Response 200 to 192.168.0.27. Time: 12ms. http://192.168.0 :8096/emby/Sessions?ActiveWithinSeconds=300&IncludeAllSessionsIfAdmin=true&X-Emby-Client=Emby Web&X-Emby-Device-Name=Chrome&X-Emby-Device-Id=c392c892-3f98-4260-83ea-9e605c4fbd91&X-Emby-Client-Version=4.6.4.0 2021-10-22 11:25:36.943 Info Server: http/1.1 GET http://192.168.0 :8096/emby/News/Product?StartIndex=0&Limit=4&X-Emby-Client=Emby Web&X-Emby-Device-Name=Chrome&X-Emby-Device-Id=c392c892-3f98-4260-83ea-9e605c4fbd91&X-Emby-Client-Version=4.6.4.0. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:25:36.944 Info Server: http/1.1 Response 200 to 192.168.0.27. Time: 6ms. http://192.168.0 :8096/emby/System/Info?X-Emby-Client=Emby Web&X-Emby-Device-Name=Chrome&X-Emby-Device-Id=c392c892-3f98-4260-83ea-9e605c4fbd91&X-Emby-Client-Version=4.6.4.0 2021-10-22 11:25:36.946 Info Server: http/1.1 GET http://192.168.0 :8096/emby/LiveTv/Recordings?UserId=c658af2f8c644387bcca55c4b50618e3&IsInProgress=true&Fields=CanDelete,PrimaryImageAspectRatio&EnableTotalRecordCount=false&EnableImageTypes=Primary,Thumb,Backdrop&X-Emby-Client=Emby Web&X-Emby-Device-Name=Chrome&X-Emby-Device-Id=c392c892-3f98-4260-83ea-9e605c4fbd91&X-Emby-Client-Version=4.6.4.0. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:25:36.953 Info Server: http/1.1 Response 200 to 192.168.0.27. Time: 8ms. http://192.168.0 :8096/emby/LiveTv/Recordings?UserId=c658af2f8c644387bcca55c4b50618e3&IsInProgress=true&Fields=CanDelete,PrimaryImageAspectRatio&EnableTotalRecordCount=false&EnableImageTypes=Primary,Thumb,Backdrop&X-Emby-Client=Emby Web&X-Emby-Device-Name=Chrome&X-Emby-Device-Id=c392c892-3f98-4260-83ea-9e605c4fbd91&X-Emby-Client-Version=4.6.4.0 2021-10-22 11:26:13.214 Info Server: http/1.1 Response 403 to 1 .34. Time: 1ms. http:// .duckdns.org/ 2021-10-22 11:26:13.364 Info Server: http/1.1 GET http:// .duckdns.org/favicon.ico. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:26:13.365 Info Server: http/1.1 Response 403 to 1 .34. Time: 0ms. http:// .duckdns.org/favicon.ico 2021-10-22 11:26:15.233 Info Server: http/1.1 GET http:// .duckdns.org/. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:26:15.233 Info Server: http/1.1 Response 403 to 1 .34. Time: 0ms. http:// .duckdns.org/ 2021-10-22 11:26:15.341 Info Server: http/1.1 GET http:// .duckdns.org/favicon.ico. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:26:15.341 Info Server: http/1.1 Response 403 to 1 .34. Time: 0ms. http:// .duckdns.org/favicon.ico 2021-10-22 11:26:15.492 Info Server: http/1.1 GET http:// .duckdns.org/. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:26:15.493 Info Server: http/1.1 Response 403 to 1 .34. Time: 0ms. http:// .duckdns.org/ 2021-10-22 11:26:15.601 Info Server: http/1.1 GET http:// .duckdns.org/favicon.ico. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:26:15.602 Info Server: http/1.1 Response 403 to 1 .34. Time: 1ms. http:// .duckdns.org/favicon.ico 2021-10-22 11:26:15.759 Info Server: http/1.1 GET http:// .duckdns.org/. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:26:15.760 Info Server: http/1.1 Response 403 to 1 .34. Time: 0ms. http:// .duckdns.org/ 2021-10-22 11:26:15.869 Info Server: http/1.1 GET http:// .duckdns.org/favicon.ico. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:26:15.870 Info Server: http/1.1 Response 403 to 1 .34. Time: 0ms. http:// .duckdns.org/favicon.ico 2021-10-22 11:27:36.069 Info Server: http/1.1 GET http:// .duckdns.org/. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:27:36.069 Info Server: http/1.1 Response 403 to 1 .34. Time: 0ms. http:// .duckdns.org/ 2021-10-22 11:27:36.197 Info Server: http/1.1 GET http:// .duckdns.org/favicon.ico. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:27:36.198 Info Server: http/1.1 Response 403 to 1 .34. Time: 1ms. http:// .duckdns.org/favicon.ico 2021-10-22 11:29:09.744 Info Server: http/1.1 GET http:// .duckdns.org/. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:29:09.744 Info Server: http/1.1 Response 403 to 1 .34. Time: 0ms. http:// .duckdns.org/ 2021-10-22 11:29:09.890 Info Server: http/1.1 GET http:// .duckdns.org/favicon.ico. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:29:09.890 Info Server: http/1.1 Response 403 to 1 .34. Time: 0ms. http:// .duckdns.org/favicon.ico 2021-10-22 11:29:11.844 Info Server: http/1.1 GET http:// .duckdns.org/. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:29:11.845 Info Server: http/1.1 Response 403 to 1 .34. Time: 1ms. http:// .duckdns.org/ 2021-10-22 11:29:11.947 Info Server: http/1.1 GET http:// .duckdns.org/favicon.ico. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:29:11.947 Info Server: http/1.1 Response 403 to 1 .34. Time: 0ms. http:// .duckdns.org/favicon.ico 2021-10-22 11:29:12.086 Info Server: http/1.1 GET http:// .duckdns.org/. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:29:12.086 Info Server: http/1.1 Response 403 to 1 .34. Time: 0ms. http:// .duckdns.org/ 2021-10-22 11:29:12.191 Info Server: http/1.1 GET http:// .duckdns.org/favicon.ico. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:29:12.191 Info Server: http/1.1 Response 403 to 1 .34. Time: 0ms. http:// .duckdns.org/favicon.ico 2021-10-22 11:29:12.340 Info Server: http/1.1 GET http:// .duckdns.org/. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 2021-10-22 11:29:12.949 Info Server: http/1.1 Response 403. Time: 0ms. http:// .duckdns.org/favicon.ico Link to comment Share on other sites More sharing options...
Luke 37008 Posted October 22, 2021 Share Posted October 22, 2021 Hi there, I would suggest comparing your nginx configuration to that of @pir8radio. Please let us know if this helps. Thanks. Link to comment Share on other sites More sharing options...
CassTG 98 Posted October 22, 2021 Share Posted October 22, 2021 IS the proxy passing it through as a `SSL connection i.e do you have domains and certs? or are you going insecure? If Secure I dont use NGINX proxy manager myself as i use Linuxserver.io Swag proxy as it does proxy nginx and fail2ban with letsencrypt/zerossl Anyways not being familiar i will just describe how its setup in Swag as no doubt the process will be the similar Upstream port in emby proxy conf is set to 8096 and container set to emby Emby settings for secure connectioon as follows: Leave public ports as is Set Public https port to 443 add External Domain that you are using i.e emby.yourdomain.com Allow remote connections ticked Secure connection mode - set to Handles by Reverse Proxy If unsecure, i cannot help as not really tested it that way Do you have a copy of the proxy conf you are using so we can see if there is obvious issues or not (obs replace sensitive info like ips and domain names) Link to comment Share on other sites More sharing options...
mshaik 2 Posted October 22, 2021 Author Share Posted October 22, 2021 Hi @CassTG Thanks for the quick response. Yes it's a secure ssl with Let's Encrypt provided by the Nginx Proxy Manager. If I allow remote connection It's working as expected but my question is why do we need remote connections allowed here. Our Emby server sits in local and is connected by Nginx Proxy, the Remote connection is already enable for Nginx, the proxy connects to emby locally right? Hi @Luke, I don't find any config of @pir8radio, can you please point exactly where can I find it? Link to comment Share on other sites More sharing options...
Luke 37008 Posted October 22, 2021 Share Posted October 22, 2021 2 hours ago, mshaik said: Hi @CassTG Thanks for the quick response. Yes it's a secure ssl with Let's Encrypt provided by the Nginx Proxy Manager. If I allow remote connection It's working as expected but my question is why do we need remote connections allowed here. Our Emby server sits in local and is connected by Nginx Proxy, the Remote connection is already enable for Nginx, the proxy connects to emby locally right? Hi @Luke, I don't find any config of @pir8radio, can you please point exactly where can I find it? Link to comment Share on other sites More sharing options...
mshaik 2 Posted October 22, 2021 Author Share Posted October 22, 2021 Thanks @Luke will check it. Link to comment Share on other sites More sharing options...
Lenders57 15 Posted October 23, 2021 Share Posted October 23, 2021 Hi, I host my own emby server to my home on debian 10, nginx and emby (i don't use docker). I have my domain, and I don't have the "remote connection" enable to the settings from the app. I have a let's encrypt ssl certificate to. Is it possible to see your nginx conf ? Ithink your proxy pass is not correct, that's why you've got a 403 Link to comment Share on other sites More sharing options...
Luke 37008 Posted October 23, 2021 Share Posted October 23, 2021 Let us know how you get on. Thanks. Link to comment Share on other sites More sharing options...
mshaik 2 Posted October 23, 2021 Author Share Posted October 23, 2021 Hi @Lenders57, thanks for you response. It's Nginx Proxy Manager I am using. Here's the Proxy Pass Conf: server { set $forward_scheme http; set $server "192.xx.0.xx"; set $port 8096; listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name xxxxxxxxx.duckdns.org; # Let's Encrypt SSL include xxxxxxx/letsencrypt-acme-challenge.conf; include xxxxxxxxxxxxx/ssl-ciphers.conf; ssl_certificate xxxxxxxxxxx/fullchain.pem; ssl_certificate_key xxxxxxxxxxx/privkey.pem; Link to comment Share on other sites More sharing options...
Solution pir8radio 1292 Posted October 24, 2021 Solution Share Posted October 24, 2021 On 10/22/2021 at 1:00 PM, mshaik said: Hi @CassTG Thanks for the quick response. Yes it's a secure ssl with Let's Encrypt provided by the Nginx Proxy Manager. If I allow remote connection It's working as expected but my question is why do we need remote connections allowed here. Our Emby server sits in local and is connected by Nginx Proxy, the Remote connection is already enable for Nginx, the proxy connects to emby locally right? Hi @Luke, I don't find any config of @pir8radio, can you please point exactly where can I find it? you have to enable remote connections because if the reverse proxy is setup correctly the server and the users shouldn't know its there. the proxy passes the remote addresses to the backend server.. you CAN force it to strip those if you want, but then emby server has no clue who is doing what, its logs and all of that good stuff will show one ip. 1 Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted October 24, 2021 Share Posted October 24, 2021 @mshaik if you need to know how to make it look like its local let us know.. Link to comment Share on other sites More sharing options...
mshaik 2 Posted October 24, 2021 Author Share Posted October 24, 2021 (edited) Thank you so much @pir8radio for the explanation. So when using reverse proxy it will sure send the incoming IP address to the emby server and doesn't use the Local IP. Also Can you please let me know how to force it to strip to local IP of NGINX to pass to emby instead of the incoming IP as I have Fail2Ban set for my nginx , I can track all incoming IP's there. Also Can you please let me know how secure it is if I have NGINX reverse proxy with SSL domain using let's encrypt with remote connection on for Emby vs off for Emby, also I have fail2ban set for my Nginx proxy manager Edited October 24, 2021 by mshaik Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted October 24, 2021 Share Posted October 24, 2021 Just now, mshaik said: Thank you so much @pir8radio for the explanation. So when using reverse proxy it will sure send the incoming IP address to the emby server and doesn't use the Local IP. Also Can you please let me know how to force it to strip to local IP of NGINX to pass to emby instead of the incoming IP as I have Fail2Ban set for my nginx , I can track all incoming IP's there. yes just be careful.. emby server treats local connections differently.. with transcoding, and security.. but if you want to stop the remote address you can. proxy_set_header X-Real-IP ""; ## Passes the real client IP to the backend server. proxy_set_header X-Forwarded-For ""; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server. will strip those headers, or you can change " " to a local ip... or 127.0.0.1 " " should strip them out though. Link to comment Share on other sites More sharing options...
mshaik 2 Posted October 24, 2021 Author Share Posted October 24, 2021 @pir8radio Where should I make these changes, can you please let me know? Also Can you also let me know how secure it is with removing the IP address from the incoming requests of Emby as I have NPM monitoring them? Link to comment Share on other sites More sharing options...
Lenders57 15 Posted October 24, 2021 Share Posted October 24, 2021 9 hours ago, mshaik said: Hi @Lenders57, thanks for you response. It's Nginx Proxy Manager I am using. Here's the Proxy Pass Conf: server { set $forward_scheme http; set $server "192.xx.0.xx"; set $port 8096; listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name xxxxxxxxx.duckdns.org; # Let's Encrypt SSL include xxxxxxx/letsencrypt-acme-challenge.conf; include xxxxxxxxxxxxx/ssl-ciphers.conf; ssl_certificate xxxxxxxxxxx/fullchain.pem; ssl_certificate_key xxxxxxxxxxx/privkey.pem; Ahh ok, i don't know NPM with nginx stock, you add a proxy_pass and you don't need to enable remote connections Link to comment Share on other sites More sharing options...
mshaik 2 Posted October 24, 2021 Author Share Posted October 24, 2021 @Lenders57 can you please share your proxy pass, are you having the xforwaded commands in the proxy pass as mentioned by @pir8radio. Link to comment Share on other sites More sharing options...
Lenders57 15 Posted October 24, 2021 Share Posted October 24, 2021 44 minutes ago, mshaik said: @Lenders57 can you please share your proxy pass, are you having the xforwaded commands in the proxy pass as mentioned by @pir8radio. Sure I have it server { listen 80; server_name my_tld.fr; location ~ /.well-known { root /home/sites/my_tld.fr; } return 301 https://my_tld.fr$request_uri; } server { listen 443 ssl http2; server_name my_tld.fr; error_log /var/log/nginx/my_tld.fr_error.log error; access_log /var/log/nginx/my_tld.fr_access.log combined; ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate /link/to/certificate/my_tld.fr/fullchain.pem; ssl_certificate_key /link/to/certificate/my_tld.fr/privkey.pem; ssl_session_cache shared:SSL:10m; add_header Content-Security-Policy "frame-ancestors my_tld.fr;"; location /.well-known { alias /home/sites/my_tld.fr/.well-known; } location / { proxy_pass http://127.0.0.1:8096; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Next three lines allow websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } Link to comment Share on other sites More sharing options...
mshaik 2 Posted October 24, 2021 Author Share Posted October 24, 2021 @Lenders57 Thank you so much. @pir8radio The Conf I have is not named as proxy_pass.conf but it's 6.conf. Also I don't see any Proxy_pass included it shows as follow: # ------------------------------------------------------------ # mydomain # ------------------------------------------------------------ server { set $forward_scheme http; set $server "xxx.xx.xx.xxx"; #My IP set $port 8096; listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name myservername; # Let's Encrypt SSL include myssl.conf; include mysslciphers.conf; ssl_certificate mysslfull.pem; ssl_certificate_key mysslprivate.pem; # Block Exploits include conf.d/include/block-exploits.conf; # Force SSL include conf.d/include/force-ssl.conf; access_log _access.log proxy; error_log _error.log warn; location / { # Proxy! include conf.d/include/proxy.conf; } # Custom include /data/nginx/custom/server_proxy[.]conf; } I am unable to find conf.d folder anywhere in docker or the mount I have set. Can I use the conf which @Lenders57 added and add my own proxy pass, will it work? Link to comment Share on other sites More sharing options...
Lenders57 15 Posted October 24, 2021 Share Posted October 24, 2021 @mshaik https://nginxproxymanager.com/advanced-config/#custom-nginx-configurations You find anything on this link ? You can add custom conf, I think you vae to add proxy pass Link to comment Share on other sites More sharing options...
mshaik 2 Posted October 24, 2021 Author Share Posted October 24, 2021 @Lenders57 Thank you so much, Can I set Proxy_Pass.conf in the custom folder, I don't see the naming anywhere mentioned in the custom one or Can I use the same conf file I have and replace content with my custom one. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted October 25, 2021 Share Posted October 25, 2021 Sorry i'm not much help here. I don't use a proxy manager.. they tend to overwrite and write things in the configs that they think is needed or not needed. They also spread the configs out all over the place and use include in the configs chaining them together, it gets messy and easy to mess up with a proxy manager. Link to comment Share on other sites More sharing options...
CassTG 98 Posted October 25, 2021 Share Posted October 25, 2021 To be fair i agree in apart, i watched a tutorial on NPM and thought that looks nice, good UI, and then as the video went on all i could see was hell thats a lot of faffing around. However i Use Swag Proxy server from Linuxserver.io and sure its command line only, but they do all the hard work you hardly have to touch it after the dockers deployed, and they have pre written tested configs for tonnes of services, you just go in and change the subdomain part and thats it. Never taken longer than 2 minutes to add a new service and always works a treat Link to comment Share on other sites More sharing options...
mshaik 2 Posted October 26, 2021 Author Share Posted October 26, 2021 @CassTG Can you please provide Swag Proxy server Docker compose , I will try and see because the fail2ban bans the ip inside the docker but for somehow allows the IP, so just wanted to test other Proxy Options, Also does it have free ssl let's Encrypt? Link to comment Share on other sites More sharing options...
CassTG 98 Posted October 26, 2021 Share Posted October 26, 2021 Hi First take a look at a post on Fail2Ban guide i did Friday for someone else, especially the section at the bottom if you are using UFW on host machine F2B Guide And then here is my Swag Docker setup (i use command line but you can work out whats what) Swag Proxy Yes Swag uses one of two providers LetsEncrypt or ZEROSSL You will see in my example i use ZeroSSL, which i advise you to use instead of LE. Reason being due to the expiration of LE Intermediate cert a lot of devices fail 2 work such as LG and Samsung TV's which aren't getting updates. ZeroSSL is free and all you do is register an account (you manage certs online) and enter the email address you used into the Docker setup variable. Requests made from the Swag Docker via Zerossl Acme are unlimited, so ignore the zerossl premium features as they are not relevant here, you can do as many subdomains via acme as you wish. However if you wish to see the LE setup you can see LinuxServer.io Docker Compose here Linuxserver Swag Section 8 of the swag guide shows you what you need to do to setup your proxy files, its dead simple and takes a few seconds in Nano editor. But as Summary So make sure you have all your domain/subdomains ready for docker compose Start container up, if you have done it right it will get the zero ssl cert Enter Swag Container shell Make the changes to the proxy's you need Reboot swag and win win The beauty with Swag is in each proxy template if there are special steps you need to do, it lists them at the top for you, Emby proxy.conf is an example as within the config file it explains how to setup Emby Network settings. Anyways any issues feel free to dm me 1 Link to comment Share on other sites More sharing options...
mshaik 2 Posted October 26, 2021 Author Share Posted October 26, 2021 Thank you so much @CassTG, will try it for sure. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now