Jump to content

HOW TO: Recommended Cloudflare Settings

pir8radio

By pir8radio
in General/Windows

 Share

Recommended Posts

darkassassin07

darkassassin07   423

Posted
Posted (edited)

If you forward a different wan port to your server (8096 for example), can you reach your server through that?

 

My previous internet connection blocked hosting on port 80, but every other port I tried worked. I've heard of other ISPs blocking some incoming ports but not others.

Edited by darkassassin07
Link to comment
Share on other sites
vaise

vaise   304

Posted
Posted

Also, had your isp changed to cgnat?  As that would also cause this as you can’t port forward with cgnat.

 

cf with proxy dns ticked will only forward 443 so so all testing with that turned off.

Link to comment
Share on other sites
crusher11

crusher11   851

Posted
Posted
4 minutes ago, vaise said:

Also, had your isp changed to cgnat?  As that would also cause this as you can’t port forward with cgnat.

They use CGNAT by default, but I specifically opted out when signing up. That my IP remains the same as what I set up in CloudFlare indicates they haven't changed anything on me.

4 minutes ago, vaise said:

cf with proxy dns ticked will only forward 443 so so all testing with that turned off.

I'm not sure I follow. If I'm testing IP:PORT then CF settings are irrelevant, surely? Either way, yes, it's currently DNS only.

Link to comment
Share on other sites
vaise

vaise   304

Posted
Posted

Cf does proxies only 80 and 443 traffic I thought.  Hence turn off proxy until you get comms to your open port working.

Link to comment
Share on other sites
vaise

vaise   304

Posted
Posted

Could they have turned cgnat back on by accident or design?

Link to comment
Share on other sites
crusher11

crusher11   851

Posted
Posted
40 minutes ago, vaise said:

Could they have turned cgnat back on by accident or design?

I still have the same IP address, so it seems unlikely.

Link to comment
Share on other sites
vaise

vaise   304

Posted
Posted

Gotta be the port forward is not working then.  Have you tried restarting your router?

Link to comment
Share on other sites
vaise

vaise   304

Posted
Posted

Is there any sort of firewall active on your emby server?

Link to comment
Share on other sites
crusher11

crusher11   851

Posted
Posted
3 minutes ago, vaise said:

Is there any sort of firewall active on your emby server?

I'm not sure? It's running through CloudFlare and NGINX, I don't think there's anything else in there.

Link to comment
Share on other sites
unisoft

unisoft   272

Posted
Posted

Are the exclusions still similar to:

yourdomain.net/*videos/*/*

yourdomain.net/*items/*/images/*

as when I look in emby's server logs I see paths which makes me think it should be:

 

yourdomain.net/emby/*videos/*/*

yourdomain.net/emby/*items/*/images/

Anyone who knows, would be grateful :)

Link to comment
Share on other sites
vaise

vaise   304

Posted
Posted

Would that not depend on if you are using subdomains or not ?

Mine are :

image.png.676ab677c7dc1f5696dd3fdb26bc2d4a.png

Link to comment
Share on other sites
vaise

vaise   304

Posted
Posted
On 06/03/2024 at 01:13, unisoft said:

Are the exclusions still similar to:

yourdomain.net/*videos/*/*

yourdomain.net/*items/*/images/*

as when I look in emby's server logs I see paths which makes me think it should be:

 

yourdomain.net/emby/*videos/*/*

yourdomain.net/emby/*items/*/images/

Anyone who knows, would be grateful :)

Its only video you are excluding - and in my experience, if this is not excluded and goes through CF cache - they things take 20-30 seconds to start. 

This was from testing when these had to be changed with @pir8radio a long time ago now (year back).  He ran tests on my system, viewed the chrome debug, and we made the changes i=until the cache was not there for videos, then the files played back immediately.

That said - I have swag sitting ready to take over in case I am blocked.....

Link to comment
Share on other sites
vaise

vaise   304

Posted
Posted

That’s fine.  
But you are not getting any benefit of your emby jpg’s, images etc being distributed to all their end servers so closer to remote users.  

However when I ran with no caching (just a tick box so no need for a different port), I never noticed much of a difference from the users.

Link to comment
Share on other sites
CFC

CFC   25

Posted
Posted

Yes, I didn't notice much if any difference cached or not cached.

Correct, I can tick to un-proxy, but I like to use their firewall features and filter my incoming connection to CF ip's only on my end.

It's just another option for those who may not be aware.

CFC

 

Link to comment
Share on other sites
vaise

vaise   304

Posted
Posted
1 hour ago, CFC said:

Yes, I didn't notice much if any difference cached or not cached.

Correct, I can tick to un-proxy, but I like to use their firewall features and filter my incoming connection to CF ip's only on my end.

It's just another option for those who may not be aware.

CFC

 

I did not mean untick the proxy (very bad), but there is a screen to disable all caching - just a switch on what you want cached.  If I think there are CF issues, i click that off, then flush cache and see if any issues still - that's how we found that CF roles slightly changed and the cached files needed updating for emby.

But as you say - it really does not seem to make much, if any difference - in the user poll I did.  

I also swapped to my 'disaster' plan if CF block me - untick the proxy, re-open the 443/80 port forwards (as I use tunnels now) and start up my swag reverse proxy - and still the users did not notice any differences in speed of browsing libs etc.

Caching level :

image.png.9bb8d564ed1e29da635da7c50e919caa.png

 

Link to comment
Share on other sites
  • 1 month later...
HorsePDF

HorsePDF   2

Posted
Posted

I finally got some time to try and move away from hosting Emby directly and use Cloudflare - I came up with something today that serves nearly all requests via Cloudflare, but goes directly for the actual video streaming, which I posted here:

This works for me because I don't have restrictions on my home internet connection, if you are using CF tunnels to avoid CGNAT then this won't help - but if you just want to use Cloudflare auth/caching/security then it may be valuable for you.

 

Link to comment
Share on other sites
vaise

vaise   304

Posted
Posted
2 hours ago, HorsePDF said:

I finally got some time to try and move away from hosting Emby directly and use Cloudflare - I came up with something today that serves nearly all requests via Cloudflare, but goes directly for the actual video streaming, which I posted here:

This works for me because I don't have restrictions on my home internet connection, if you are using CF tunnels to avoid CGNAT then this won't help - but if you just want to use Cloudflare auth/caching/security then it may be valuable for you.

 

Nice 1.  A bit technical for most - but great nonetheless..

Link to comment
Share on other sites
KegTapper

KegTapper   7

Posted
Posted

Great write-up!!!!

I'm on cgnat and still plugging away with a tunnel averaging 150gb per month. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...