Happy2Play 8928 Posted April 14, 2022 Share Posted April 14, 2022 Troubleshooting for another user, but what would cause a mp4 to download file then play and a mkv to direct play/steam? Link to comment Share on other sites More sharing options...
avitali 1 Posted April 16, 2022 Share Posted April 16, 2022 Thanks for the guide! Is the second rule (Bypass cache) still valid? It seems to me, when I play a video, it never says /*videos/* it only ever says /*videoosd/*. Shouldn't 'videoosd' be what to put in the rules? Link to comment Share on other sites More sharing options...
pir8radio 1301 Posted May 1, 2022 Author Share Posted May 1, 2022 (edited) On 4/16/2022 at 4:38 PM, avitali said: Thanks for the guide! Is the second rule (Bypass cache) still valid? It seems to me, when I play a video, it never says /*videos/* it only ever says /*videoosd/*. Shouldn't 'videoosd' be what to put in the rules? @Luke anything change here? do you have a screenshot showing this videoosd? I just checked, no, its videos still: Edited May 1, 2022 by pir8radio Link to comment Share on other sites More sharing options...
Luke 38096 Posted May 1, 2022 Share Posted May 1, 2022 videoosd is the web app html url that you see in the browser. /videos is the video api url, so I think this is still valid. 1 1 Link to comment Share on other sites More sharing options...
Flamez 0 Posted May 22, 2022 Share Posted May 22, 2022 I just read this thread and I was wondering what similar alternatives are for using Emby on the internet since Cloudflare does not allow videos? Thank you. Link to comment Share on other sites More sharing options...
Turbofiero 5 Posted May 26, 2022 Share Posted May 26, 2022 For me, it would seem the rules have to be in the reverse order as to what youve posted... unsure why, but if I do it as posted cf-cache-status stays dynamic for all images, but changing order I get miss/hit Nonetheless thanks for the post! Link to comment Share on other sites More sharing options...
vaise 324 Posted May 31, 2022 Share Posted May 31, 2022 (edited) I have been using cloudflare and nginx for ages with no issue. @pir8radio's config pretty much. No changed for ages. Tonight my users cant connect. Emby cant connect. my sonarr/radarr also cant connect, so not an emby issue. I get a 400 Bad Request. The SSL certifate error below that and nginx below that. I have restarted nginx, checked its logs etc etc - I dont know if this is a cloudflare issue at all ? This has all just worked for me, so when it goes bad, I have no idea where to look. Any ideas on the below errors from the nginx logs : 2022/05/31 23:04:45 [error] 386#386: *213 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.133.229:80 2022/05/31 23:04:46 [error] 386#386: *216 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 2022/05/31 23:04:48 [error] 386#386: *218 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 2022/05/31 23:06:09 [crit] 386#386: *220 connect() to [2606:4700::6810:85e5]:80 failed (99: Address not available) while requesting certificate status, responder: ocsp.cloudflare.com, peer: [2606:4700::6810:85e5]:80 2022/05/31 23:06:09 [crit] 386#386: *220 connect() to [2606:4700::6810:84e5]:80 failed (99: Address not available) while requesting certificate status, responder: ocsp.cloudflare.com, peer: [2606:4700::6810:84e5]:80 2022/05/31 23:06:10 [error] 386#386: *220 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 2022/05/31 23:06:29 [crit] 386#386: *224 connect() to [2606:4700::6810:84e5]:80 failed (99: Address not available) while requesting certificate status, responder: ocsp.cloudflare.com, peer: [2606:4700::6810:84e5]:80 2022/05/31 23:06:30 [error] 386#386: *224 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 For now to fix this, I have commented the OCSP Stapling stuff in the conf file as such : # OCSP Stapling #ssl_stapling on; #ssl_stapling_verify on; #ssl_stapling_responder http://ocsp.cloudflare.com/; #ssl_trusted_certificate /config/nginx/cf-certs/trusted-chain.pem; # my cert + cloudflare certs combined in 1 file #ssl_ocsp on; #ssl_ocsp_responder http://ocsp.cloudflare.com/; #ssl_ocsp_cache shared:OCSPCache:20m; If anyone has an idea of why this started happening ? Edited May 31, 2022 by vaise 1 Link to comment Share on other sites More sharing options...
pir8radio 1301 Posted June 3, 2022 Author Share Posted June 3, 2022 On 5/31/2022 at 8:07 AM, vaise said: I have been using cloudflare and nginx for ages with no issue. @pir8radio's config pretty much. No changed for ages. Tonight my users cant connect. Emby cant connect. my sonarr/radarr also cant connect, so not an emby issue. I get a 400 Bad Request. The SSL certifate error below that and nginx below that. I have restarted nginx, checked its logs etc etc - I dont know if this is a cloudflare issue at all ? This has all just worked for me, so when it goes bad, I have no idea where to look. Any ideas on the below errors from the nginx logs : 2022/05/31 23:04:45 [error] 386#386: *213 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.133.229:80 2022/05/31 23:04:46 [error] 386#386: *216 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 2022/05/31 23:04:48 [error] 386#386: *218 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 2022/05/31 23:06:09 [crit] 386#386: *220 connect() to [2606:4700::6810:85e5]:80 failed (99: Address not available) while requesting certificate status, responder: ocsp.cloudflare.com, peer: [2606:4700::6810:85e5]:80 2022/05/31 23:06:09 [crit] 386#386: *220 connect() to [2606:4700::6810:84e5]:80 failed (99: Address not available) while requesting certificate status, responder: ocsp.cloudflare.com, peer: [2606:4700::6810:84e5]:80 2022/05/31 23:06:10 [error] 386#386: *220 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 2022/05/31 23:06:29 [crit] 386#386: *224 connect() to [2606:4700::6810:84e5]:80 failed (99: Address not available) while requesting certificate status, responder: ocsp.cloudflare.com, peer: [2606:4700::6810:84e5]:80 2022/05/31 23:06:30 [error] 386#386: *224 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 For now to fix this, I have commented the OCSP Stapling stuff in the conf file as such : # OCSP Stapling #ssl_stapling on; #ssl_stapling_verify on; #ssl_stapling_responder http://ocsp.cloudflare.com/; #ssl_trusted_certificate /config/nginx/cf-certs/trusted-chain.pem; # my cert + cloudflare certs combined in 1 file #ssl_ocsp on; #ssl_ocsp_responder http://ocsp.cloudflare.com/; #ssl_ocsp_cache shared:OCSPCache:20m; If anyone has an idea of why this started happening ? so you have an ssl cert on nginx, and one in cloudflare.. both certs are valid and not expired? Link to comment Share on other sites More sharing options...
vaise 324 Posted June 3, 2022 Share Posted June 3, 2022 I suspect it is an ocsp issue. There are some google searches that match whereby the ocsp end has to do something. I am just back from a trip so will have a play over the next few days. I set this up years back and have had a stroke since so will have to go through my documentation to remember it all. Link to comment Share on other sites More sharing options...
vaise 324 Posted June 3, 2022 Share Posted June 3, 2022 12 hours ago, pir8radio said: so you have an ssl cert on nginx, and one in cloudflare.. both certs are valid and not expired? Howdy @pir8radio - been a while since we worked on that cloudflare caching issue together - I notice you are still a user on my system - (but I firewall USA again) To answer your questions - I have the cloudflare provided origin server certificate (2034 expiration). I have the cloudflare provided authenticated origin pulls client certificate (checked it is still the latest as it was updated in 2020). Further research today seems to indicate that this ocsp stappling stuff is only needed in NGINX if you are NOT using cloudflare, and they have implemented it in the edge certificates themselves. This may explain why on www.ssllabs.com/ssltest and www.digicert.com/help/ they both are happy that stapling is still activated even though I have th sections commented out. So in summary - that ocsp section (an artifact from pre cloudflare) which it seems was happy doing nothing all of a sudden was broken (likely at CF end as no changes my side). Link to comment Share on other sites More sharing options...
Flamez 0 Posted June 12, 2022 Share Posted June 12, 2022 (edited) I am new to using Cloudflare and using the suggested settings on page one of this thread I am seeing the following on the analytics page. I am using the free setup and wondering if I would be charged for any bandwidth usage? Cached Bandwidth Previous 24 hours 3.95 kB Uncached Bandwidth Previous 24 hours 360.01 MB Edited June 12, 2022 by Flamez Link to comment Share on other sites More sharing options...
muzicman0 63 Posted June 23, 2022 Share Posted June 23, 2022 I'm clearly not doing something right! I use https://stream.mydomain.com to access Emby from a Cloudflare tunnel (Argo tunnel?). Here are my rules: *.mydomain.com/*Items/*/Images/* Cache Level: Cache Everything, Edge Cache TTL: a month Enabled *.mydomain.com/*videos/*/* Cache Level: Bypass But I get all either miss or dynamic. Link to comment Share on other sites More sharing options...
vaise 324 Posted August 6, 2022 Share Posted August 6, 2022 Has anyone got BunnyCDN working with emby ? I signed up for the free account (14 days), but if it works and videos can be ignored from their cache, it will cost hardly anything per month (they do have a $1/month minimum charge). I expect my image cache etc to use only 15c of that!!! I calculated what went through CF in even if they cached my video's too, it would still be about $15/month. The things I have found - After support emails 1 - They do not hide the IP address like CF does. That will be a later solution when they have their DNS whole site solution up and running (beta currently) - this will be more like CF then. 2 - The CF page rules we use in emby to exclude video caching - Bunny instead do that by file extension in their edge rules. If I can get a list of emby video file extensions, that would be good. 3 - I thought I could test on a dummy subdomain from CF, however as you have to turn off the CF caching on the DNS record, then you get an error as HSTS is enable for the site, and cant therefore connect like this. I need to use a different non CF domain, with a different nginx container to continue playing with this. Link to comment Share on other sites More sharing options...
Luke 38096 Posted August 7, 2022 Share Posted August 7, 2022 On 8/5/2022 at 11:07 PM, vaise said: Has anyone got BunnyCDN working with emby ? I signed up for the free account (14 days), but if it works and videos can be ignored from their cache, it will cost hardly anything per month (they do have a $1/month minimum charge). I expect my image cache etc to use only 15c of that!!! I calculated what went through CF in even if they cached my video's too, it would still be about $15/month. The things I have found - After support emails 1 - They do not hide the IP address like CF does. That will be a later solution when they have their DNS whole site solution up and running (beta currently) - this will be more like CF then. 2 - The CF page rules we use in emby to exclude video caching - Bunny instead do that by file extension in their edge rules. If I can get a list of emby video file extensions, that would be good. 3 - I thought I could test on a dummy subdomain from CF, however as you have to turn off the CF caching on the DNS record, then you get an error as HSTS is enable for the site, and cant therefore connect like this. I need to use a different non CF domain, with a different nginx container to continue playing with this. @Flintfamily and @kikinjo and @enqbcvqw may have some BunnyCDN tips. Link to comment Share on other sites More sharing options...
vaise 324 Posted August 13, 2022 Share Posted August 13, 2022 How many cloudflare users of emby are in use I wonder ? would be good to know. I am a little worried about what @pir8radiosaid about users being blocked from videos. I would hate for that to happen to me while I am overseas (going for 2 months). Not for me watching, but for me having to fix it remotely under pressure from friends and family. With that in mind, I started a parallel 'backup' system. Bunny.net was a non started after discussions with them, and things have moved on in unraid since I went to cloudflare many years back. I have rolled out a system in parallel should cloudflare stop working. I tried the nginx Proxy Manager and the swag containers, and ended up picking swag. I configured the geoip2 database plugin from maxmind, so I have the geo blocking that cloudflare was providing, then I got fail2ban jails working for emby and jellyseerr. The only bit I will be missing is the DDOS protection and IP hiding capability. This is all running in a spare domain in parallel for now, but with a few clicks, I expect I can roll out out remotely wthout too much stress. 1 Link to comment Share on other sites More sharing options...
Spaceboy 2557 Posted August 13, 2022 Share Posted August 13, 2022 cloudflare here and no issues to date 1 Link to comment Share on other sites More sharing options...
redrobot2121 0 Posted August 15, 2022 Share Posted August 15, 2022 I am getting this massage on the video url only. Everything else is working fine. Link to comment Share on other sites More sharing options...
vaise 324 Posted August 15, 2022 Share Posted August 15, 2022 Is that what happens when video's get blocked by Cloudflare ? Link to comment Share on other sites More sharing options...
pir8radio 1301 Posted August 16, 2022 Author Share Posted August 16, 2022 (edited) 20 hours ago, redrobot2121 said: I am getting this massage on the video url only. Everything else is working fine. 18 hours ago, vaise said: Is that what happens when video's get blocked by Cloudflare ? Yes, cloudflare is trying to redirect you to a page that says something about blocking the video.. but emby doesn't let it redirect. a3c9fa4a5ca94c52b7ebeaf115f17e3f48d951cc1486a1d6e3f5705efe590c74_1[1].mp4 Edited August 16, 2022 by pir8radio Link to comment Share on other sites More sharing options...
redrobot2121 0 Posted August 16, 2022 Share Posted August 16, 2022 16 hours ago, pir8radio said: Yes, cloudflare is trying to redirect you to a page that says something about blocking the video.. but emby doesn't let it redirect. a3c9fa4a5ca94c52b7ebeaf115f17e3f48d951cc1486a1d6e3f5705efe590c74_1[1].mp4 Yes, i figured it out. But is the block permanent? it was not removed after 24h. i switched cf account. i was using the pro plan btw Link to comment Share on other sites More sharing options...
vaise 324 Posted August 16, 2022 Share Posted August 16, 2022 Do you mind saying what ratio you were using? On the cf monthly summary email, they give a total through their system and a cached amount. Mine is around 600 total and under 4 cached. Not blocked yet. I also wonder it it matters if you are using a tunnel or not. Who knows how they decide I guess. Maybe they do a sweep daily alphabetical with a quota of bans. . Hope so as mine is at the bottom!!!!! Link to comment Share on other sites More sharing options...
pir8radio 1301 Posted August 16, 2022 Author Share Posted August 16, 2022 4 hours ago, redrobot2121 said: Yes, i figured it out. But is the block permanent? it was not removed after 24h. i switched cf account. i was using the pro plan btw odd that they blocked you on the pro plan.. i would think unless you were doing something crazy they would leave you alone. Link to comment Share on other sites More sharing options...
pir8radio 1301 Posted August 16, 2022 Author Share Posted August 16, 2022 16 minutes ago, vaise said: Do you mind saying what ratio you were using? On the cf monthly summary email, they give a total through their system and a cached amount. Mine is around 600 total and under 4 cached. Not blocked yet. I also wonder it it matters if you are using a tunnel or not. Who knows how they decide I guess. Maybe they do a sweep daily alphabetical with a quota of bans. . Hope so as mine is at the bottom!!!!! I think what they look at is HOW MUCH is video vs other html, javascript, css if you are mostly video, they seem to come after you. Link to comment Share on other sites More sharing options...
vaise 324 Posted August 16, 2022 Share Posted August 16, 2022 As only emby goes through CF for me - with a 600/4 ratio - that has to be bad..... so why not banned for me I guess. If we only knew for sure..... Link to comment Share on other sites More sharing options...
vaise 324 Posted August 18, 2022 Share Posted August 18, 2022 In my spare time, I have been looking for backup solutions in case this happens to me. I have a spare domain configured with a swag reverse proxy etc etc as noted above that is 'ready to go' but I wondered if there is anything more. I notice the AWS Cloudfront allows 1TB transfer a month on their free plan, which is more than enough. It has DDOS protection, geo filtering etc. So..... I had a play with it. Signed up for a free account. Created a dns entry to my test domain called 'embyorigin.mydomain.com', then created a cloudfront 'distribution' - which was very easy, just enter the subdomain, a few clicks and it was deployed to all their servers. you get a random domain name linked to your origin host (i.e like abcdef12345.cloudfront.net. I hit that URL and got the emby remote login screen - which is great, but the password seems to always be incorrect (when I know it is correct). So hit a wall on that front. If anyone with more skills/experience than me can get this working, then this may be a great CF replacement ? You can link your own subdomain name to it also (i did not do that until I get the base working). I setup the geograhic restrictions : I found you can create 'invalidations' - which are the equivalent of the non cache page rules we set up in cloudflare. Not sure if this would work - but if you have 1TB a month, that would cover all my video anyway. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now