Jump to content

HOW TO: Recommended Cloudflare Settings


pir8radio

Recommended Posts

pir8radio

Cloudflare and emby   cfemby.png.d790f6f093c32d10633103d6c9cb7097.png.4258c0fcd5367d6bda717937d64a26cb.png

Config Version                                     1.0.0
Last Update 02-25-2022
Update by Pir8Radio                                                                  

 

** UPDATE:  I AM HEARING OF EMBY USERS GETTING VIDEO FILES BLOCKED WHEN USING CLOUDFLARE (FREE TIER).  IF THIS IS THE CASE, I NO LONGER RECOMMEND USING CLOUDFLARE.   

Even with the cache bypass rules, your video still passes through their system and is technically against their TOS.   Use CloudFlare at your own risk if you choose to continue.   I'll update if I get more info.  Please post in this thread if you find you have video loading/playing/downloading issues while using cloudflare or have received an email from them about this.  

 

MESSAGE FROM CLOUDFLARE:  Free, Pro, and Business Plans serving videos or a disproportionate amount of non-HTML content can be in violation of Section 2.8 of the Self-Serve Subscription Agreement (TOS).

 

This will turn into a full Cloudflare how-to.  Others are welcome to edit this or PM me with suggestions..   However right now I'm just going to post some recommended settings for people who already have Cloudflare setup.

 

There are a few cloudflare settings that break emby, some break it in obvious ways, some only certain apps in certain situations..   These are the settings I found that work well as of today. I'll try to maintain this post and update the header info should new features come out, or the community discovers better settings than these. 

As of today, these are the settings available to us in Cloudflare FREE account:

image.png.c62d4117da5424a9fe8fa0d14cbc4033.png

 

First disable the two main things that will break emby,  go to the "Speed" tab then "Optimization" sub-tab.

DISABLE Auto Minify and Rocket Loader!  (screen shots are in the recommended state)

image.png.e4ea1085bafb5508cde296c4245feb27.png

image.png.1d50d37296be1903752adccd7fe3b9ba.png

 

 

Other options on this settings page are optional to enable, I suggest enabling Brotli compression.   It's a good thing. 

image.png.fa6dfe5a3ff63db7900acbfc1c5fb49d.png

 

Now head over to the "Caching" tab and select the "Configuration" sub-tab.

Set your Caching settings as shown below. 

image.png.48117436370ea49b18fb614d8bfcc1df.png

 

THIS IS OPTIONAL:

image.png.1ea56c5f2ceb3d5072ff0b29a651ac6c.png

Other settings in this settings tab are optional to whatever you like..   I have "Always Online" enabled, its kind of a neat feature that caches as much of your emby server as it can in case your server is down, users will at least see an emby splash screen, that's usually about it..  but its something...     kind of useless otherwise..   Handy if you have other websites, it will totally cache normal html websites and users can continue to use your cached site when you have a web server outage. 

 

Next head over to the "Rules" tab.

Create these two rules:

Rule #2 here we will bypass caching 99% of all video.   Caching the video will actually slow down the client experience.  It screws with the chunks and often times has to fully cache 1 chunk before cloudflare sends it to the client, causing playback delays. 

Rule #3 here will cache all images on the edge servers for 30 days.   We need this rule, because cloudflare only caches known file urls, like    picture.jpg or poster.png  emby serves up webp images with NO EXTENSION so cloudflare doesn't know to cache these items.   But 99% of emby images come from the /items/XXXXXX/images directory so we will just force cache everything that comes from this URL,  it should be only images.        Keep in mind when you enable this it can take some time to build up cache..   emby serves up different sized images based on browser screen size, apps, etc..   so if you load a page that is minimized to a small window on your desktop emby will serve smaller sized images, if you make your browser full screen, now emby will serve up larger images and those images may load slow the first few times until they get cached too.        Go below this screenshot and I'll show you how to check if caching is working.  

image.png.37471cae6cb19fad22ae590d2824652d.png

 

Check to see if Cloudflare Caching is working

Well, how do you know Cloudflare is doing its thang'?    Use a browser like chrome,  or the new Microsoft edge (which is just a rebranded chrome).  Open the browser, right click in the browser window and go down to "Inspect" (there is an F key for this too I forget what it is, I should add that here lol).  Once the dev window pops up adjust it so you have a good view on the right, click the "Network" tab,  hit the reload button on whatever page you are on so some info populates on the right dev screen.  You should see something similar to this:

image.thumb.png.7bd3101b12ff7aa244ac2e3f8b711bd6.png

Right click on the table header (Name, Method, Status, Protocol)   anywhere, just right click the "Name" one.   Go down to "Response Headers"  then "Manage Header Columns".   A little window will pop up hit "Add custom header..."  and then add this header:   cf-cache-status 

Now select the little sub tab that says "all" 

 image.png.41e14a920605bc5b188080be6959ee9c.png

 

now surf your way to your emby server,    and you should see something like the below screenshot.   

Hit is well..... a hit!   this image came from cloudflare and was never requested from your emby server, saving you from sending this image to the client, saving time and bandwidth. 

MISS is also kind of obvious,  it was a miss, either due to never being cached yet (first time Cloudflare has seen this image or document) if you hit refresh a few times, cloudflare will then cache it and it will turn to HIT. 

BYPASS I'm actually not sure why my server is returning server 500 errors below, this image is being called for by emby clients but the server has no image to serve, but usually you should only see BYPASS on playing video's if your rules above are correct.   Or in my case, a server error will not be cached. 

DYNAMIC this is also a NO HIT response..  this is usually due to Cloudflare knowing this resource changes a lot and doesn't want to cache it so your clients don't get served stale data, or its a video, websocket, or some other format Cloudfare's great automated intelligence deems it should not be cached. 

Capture.thumb.PNG.4672292e3b00c2c1be660222f7205c86.PNG

That is the basics that will save you a lot of headache and blaming emby for things not working..    There are lots of cool options to enable outside of these basic settings above, ask questions here, send ideas that maybe I have missed that work great for you..    I just wanted to throw this up due to a lot more of you guys using Cloudflare. 

 

In the end you should start to see more "HIT" responses...   and a noticeably faster loading time for the clients, less bandwidth usage for your emby server,  and everyone is happy..   Well.....  within reason....

image.thumb.png.cfed30d81032e87d44285b463029cbf3.png

 

 

 

 

 

 

 

 

 

Edited by pir8radio
update
  • Like 8
  • Thanks 4
Link to comment
Share on other sites

38 minutes ago, redrobot2121 said:

Thank you for the post

Any network tab change suggestion? Also any pro user setting change suggestion???

Suggestions to do what?

Link to comment
Share on other sites

pir8radio
6 hours ago, redrobot2121 said:

to optimize and for better performance 

This is my config..

image.png.378c281165ac1441490dfdf3bdb5f70b.png

 

Link to comment
Share on other sites

pir8radio
On 11/8/2021 at 9:11 AM, redrobot2121 said:

doesn't onion routing decrease performance?

good question, i have not noticed any performance issues. but i also have not tested with it on vs off..   I'll do that. 

Link to comment
Share on other sites

@pir8radio just curious but why not have Pseudo IPv4 turned on?

BTW, I believe you need a rule setup in CF to bypass audio streams as well as video.

Any reason you are only caching "items" but not the css and js for a month?

 

Link to comment
Share on other sites

pir8radio
2 hours ago, cayars said:

@pir8radio just curious but why not have Pseudo IPv4 turned on?

BTW, I believe you need a rule setup in CF to bypass audio streams as well as video.

Any reason you are only caching "items" but not the css and js for a month?

 

those get cached without needing a rule.. by default CF caches html, css, and JS..    Im on the free tier so i don't have a third rule to cache everything on the edge for a month.. ..  I don't have Pseudo IPv4 on because emby supports ipv6 ip addresses..     With pseudo ipv4  cloudflare makes up an ip address for the ipv6 user connecting..    so its not real one,  and not needed because emby supports ipv6 addresses.

 

Link to comment
Share on other sites

Right but if Cloudflare can deliver IP6 to you they will.  That will only come into play for people who don't support IP6. A lot of IPS still don't give you IP6 but only IP4.
Without that setting turn on the user won't make it to you site unless it retries using IP4.

To me I look at a few columns to get a picture of what's going on. One column won't give you a full picture. Size, Cache Control and Cache Policy all go hand in hand and need to be looked at together as a whole to see what's going on. The cache control column can show you exactly how the object will be cached and by what and for how long. The size column will be 0 or typically say disk cache if it was loaded locally and not pulled from the Internet. The policy gives you sort of a blend of the two but could be way off if you happen to pull a lot of content from your local cache as they are considered dynamic.

You're not bypassing audio?

Edited by cayars
Link to comment
Share on other sites

pir8radio
23 hours ago, cayars said:

Right but if Cloudflare can deliver IP6 to you they will.  That will only come into play for people who don't support IP6. A lot of IPS still don't give you IP6 but only IP4.
Without that setting turn on the user won't make it to you site unless it retries using IP4.

You're not bypassing audio?

Not if you don't set an AAAA record in CF DNS settings..   they have no idea how to try ipv6 to reach your origin if you don't set one..   Yet your domain name will still have a AAAA record to reach cloudflare.      all the pseudo ipv4 does is "creates" a fake IPv4 address to represent the connecting client and sends it to the origin server in case the origin doesn't know what to do with ipv6 addresses.   

 

For example i have someone on my emby right now:  image.png.6a150aef62ff28a1e8dae145f9fbbf31.png

If I enable that pseudo ipv4 setting this same user will show up with a fake (cloudflare created) ipv4 address.  

https://community.cloudflare.com/t/http-cf-pseudo-ipv4-give-the-wrong-ip/24459

Its only needed if your origin server application doesn't know how to handle IPv6 addressing (in headers)  the connecting IP from cloudflare is what the origin will respond to which will be an ipv4 cloudflare server ip.  This is why x-forwarded-for is important, it contains multiple IP addresses, X-Forwarded-For: <client>, <proxy1>, <proxy2> so the origin server knows the client ip and knows to respond to proxy2 in that attached example, client can be IPv6 proxy1 and proxy2 can be ipv4.      My origin server does not support IPv6 right now, yet its streaming to an ipv6 person just fine,  and of course ipv4 too.    But if emby were to reject ipv6 client addresses and not respond to them, I would need to enable pseudo ipv4. 

 

 

No I do not bypass audio at the moment..  their TOS says its only not allowed if the number of audio files greatly outnumbers other cached files.   

Edited by pir8radio
Link to comment
Share on other sites

pir8radio
9 hours ago, cayars said:

Great info @pir8radio.

Thanks as always!

whatever saves others the hours of googleing and figuring things out I did way back when...   lol  

 

  • Agree 1
Link to comment
Share on other sites

MSI2017

The images rule makes my server insanely slow for the client. Thumbnails load like I'm trying to download an image on dial-up. 

 

Edit; turned the rule of and it is faster but still a bit sluggish, also response time seems really slow. Pressig play sometimes needs a few clicks before anything happens for example. Internet speed is 1gbit up so that should not be an issue @pir8radio any ideas?

Edited by MSI2017
Link to comment
Share on other sites

pir8radio
15 hours ago, MSI2017 said:

The images rule makes my server insanely slow for the client. Thumbnails load like I'm trying to download an image on dial-up. 

 

Edit; turned the rule of and it is faster but still a bit sluggish, also response time seems really slow. Pressig play sometimes needs a few clicks before anything happens for example. Internet speed is 1gbit up so that should not be an issue @pir8radio any ideas?

what country you in?    That does seem strange, I don't think I have heard of others with that issue... its usually quite the opposite.    any servers down in your area?  https://www.cloudflarestatus.com/

 

Link to comment
Share on other sites

MSI2017
4 hours ago, pir8radio said:

what country you in?    That does seem strange, I don't think I have heard of others with that issue... its usually quite the opposite.    any servers down in your area?  https://www.cloudflarestatus.com/

 

Servers were all fine, but I'm having some issues with cloudfare in general so not sure if these settings were the cause, just something I noticed.

Link to comment
Share on other sites

20 hours ago, MSI2017 said:

Edit; turned the rule of and it is faster but still a bit sluggish, also response time seems really slow. Pressig play sometimes needs a few clicks before anything happens for example. Internet speed is 1gbit up so that should not be an issue @pir8radio any ideas?

You might want to check your Emby settings in the Network section - specifically the setting for 'Secure connection mode'. I had issues similar to yours until I changed it from 'Required' to 'Handled by reverse proxy'.

  • Agree 1
Link to comment
Share on other sites

CarlosLima

Hi, thanks for sharing.
I have a paid CF account and if I use it like you do, the emby client in browsers or applications can't...
--- play Continue watching as the system crashes
--- fast forward the video to Keep watching, forcing restart to succeed.
Changing the configuration, everything works fine.

 

download.png

Edited by CarlosLima
Link to comment
Share on other sites

That reduces your use of Cloudflare a lot.
You are far better off adjusting the other settings in Cloudflare correctly for Emby use and if using a local reverse proxy to make sure it's configure correctly to sit between Emby Server and Cloudflare.

If you don't get the settings correct you will have issues direct playing MP4 and/or MKV files for example.

  • Like 1
Link to comment
Share on other sites

pir8radio
On 11/23/2021 at 6:25 AM, CarlosLima said:

Hi, thanks for sharing.
I have a paid CF account and if I use it like you do, the emby client in browsers or applications can't...
--- play Continue watching as the system crashes
--- fast forward the video to Keep watching, forcing restart to succeed.
Changing the configuration, everything works fine.

 

download.png

you don't want to use "no query string"     see the screen capture below, everything after the ? is a query string..     if you ignore this cloudflare will cache these files as if they never change. so when a new version of emby comes out and that V= version  changes, cloudflare wont cache the new files..   and it will serve up the old version files causing other issues. 
if you are not caching videos and you have the proper rules set, your mp4's shouldnt be getting cached in the first place.    

image.png.539156d6c37b4b8f968864be7d5dc7f2.png

  • Like 1
Link to comment
Share on other sites

Happy2Play

Ah so with that option any time Emby changes scripts or css, the existing cache would never update to show the changes until you purged your cache.

Link to comment
Share on other sites

pir8radio
Just now, Happy2Play said:

Ah so with that option any time Emby changes scripts or css, the existing cache would never update to show the changes until you purged your cache.

it might like after 30 days or so,  i forget when cf force purges edges..  but yea it caused me headache in the beginning..    emby changed something, and the js was trying the old location because it was an old js file..   took me a bit to figure it out..  🙂   

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...