Happy2Play Posted April 14 Share Posted April 14 Troubleshooting for another user, but what would cause a mp4 to download file then play and a mkv to direct play/steam? Link to comment Share on other sites More sharing options...
avitali Posted April 16 Share Posted April 16 Thanks for the guide! Is the second rule (Bypass cache) still valid? It seems to me, when I play a video, it never says /*videos/* it only ever says /*videoosd/*. Shouldn't 'videoosd' be what to put in the rules? Link to comment Share on other sites More sharing options...
pir8radio Posted May 1 Author Share Posted May 1 (edited) On 4/16/2022 at 4:38 PM, avitali said: Thanks for the guide! Is the second rule (Bypass cache) still valid? It seems to me, when I play a video, it never says /*videos/* it only ever says /*videoosd/*. Shouldn't 'videoosd' be what to put in the rules? @Luke anything change here? do you have a screenshot showing this videoosd? I just checked, no, its videos still: Edited May 1 by pir8radio Link to comment Share on other sites More sharing options...
Luke Posted May 1 Share Posted May 1 videoosd is the web app html url that you see in the browser. /videos is the video api url, so I think this is still valid. 1 1 Link to comment Share on other sites More sharing options...
Flamez Posted May 22 Share Posted May 22 I just read this thread and I was wondering what similar alternatives are for using Emby on the internet since Cloudflare does not allow videos? Thank you. Link to comment Share on other sites More sharing options...
Turbofiero Posted May 26 Share Posted May 26 For me, it would seem the rules have to be in the reverse order as to what youve posted... unsure why, but if I do it as posted cf-cache-status stays dynamic for all images, but changing order I get miss/hit Nonetheless thanks for the post! Link to comment Share on other sites More sharing options...
vaise Posted May 31 Share Posted May 31 (edited) I have been using cloudflare and nginx for ages with no issue. @pir8radio's config pretty much. No changed for ages. Tonight my users cant connect. Emby cant connect. my sonarr/radarr also cant connect, so not an emby issue. I get a 400 Bad Request. The SSL certifate error below that and nginx below that. I have restarted nginx, checked its logs etc etc - I dont know if this is a cloudflare issue at all ? This has all just worked for me, so when it goes bad, I have no idea where to look. Any ideas on the below errors from the nginx logs : 2022/05/31 23:04:45 [error] 386#386: *213 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.133.229:80 2022/05/31 23:04:46 [error] 386#386: *216 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 2022/05/31 23:04:48 [error] 386#386: *218 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 2022/05/31 23:06:09 [crit] 386#386: *220 connect() to [2606:4700::6810:85e5]:80 failed (99: Address not available) while requesting certificate status, responder: ocsp.cloudflare.com, peer: [2606:4700::6810:85e5]:80 2022/05/31 23:06:09 [crit] 386#386: *220 connect() to [2606:4700::6810:84e5]:80 failed (99: Address not available) while requesting certificate status, responder: ocsp.cloudflare.com, peer: [2606:4700::6810:84e5]:80 2022/05/31 23:06:10 [error] 386#386: *220 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 2022/05/31 23:06:29 [crit] 386#386: *224 connect() to [2606:4700::6810:84e5]:80 failed (99: Address not available) while requesting certificate status, responder: ocsp.cloudflare.com, peer: [2606:4700::6810:84e5]:80 2022/05/31 23:06:30 [error] 386#386: *224 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 For now to fix this, I have commented the OCSP Stapling stuff in the conf file as such : # OCSP Stapling #ssl_stapling on; #ssl_stapling_verify on; #ssl_stapling_responder http://ocsp.cloudflare.com/; #ssl_trusted_certificate /config/nginx/cf-certs/trusted-chain.pem; # my cert + cloudflare certs combined in 1 file #ssl_ocsp on; #ssl_ocsp_responder http://ocsp.cloudflare.com/; #ssl_ocsp_cache shared:OCSPCache:20m; If anyone has an idea of why this started happening ? Edited May 31 by vaise 1 Link to comment Share on other sites More sharing options...
pir8radio Posted June 3 Author Share Posted June 3 On 5/31/2022 at 8:07 AM, vaise said: I have been using cloudflare and nginx for ages with no issue. @pir8radio's config pretty much. No changed for ages. Tonight my users cant connect. Emby cant connect. my sonarr/radarr also cant connect, so not an emby issue. I get a 400 Bad Request. The SSL certifate error below that and nginx below that. I have restarted nginx, checked its logs etc etc - I dont know if this is a cloudflare issue at all ? This has all just worked for me, so when it goes bad, I have no idea where to look. Any ideas on the below errors from the nginx logs : 2022/05/31 23:04:45 [error] 386#386: *213 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.133.229:80 2022/05/31 23:04:46 [error] 386#386: *216 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 2022/05/31 23:04:48 [error] 386#386: *218 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 2022/05/31 23:06:09 [crit] 386#386: *220 connect() to [2606:4700::6810:85e5]:80 failed (99: Address not available) while requesting certificate status, responder: ocsp.cloudflare.com, peer: [2606:4700::6810:85e5]:80 2022/05/31 23:06:09 [crit] 386#386: *220 connect() to [2606:4700::6810:84e5]:80 failed (99: Address not available) while requesting certificate status, responder: ocsp.cloudflare.com, peer: [2606:4700::6810:84e5]:80 2022/05/31 23:06:10 [error] 386#386: *220 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 2022/05/31 23:06:29 [crit] 386#386: *224 connect() to [2606:4700::6810:84e5]:80 failed (99: Address not available) while requesting certificate status, responder: ocsp.cloudflare.com, peer: [2606:4700::6810:84e5]:80 2022/05/31 23:06:30 [error] 386#386: *224 OCSP_check_validity() failed (SSL: error:2707307D:OCSP routines:OCSP_check_validity:status expired) while requesting certificate status, responder: ocsp.cloudflare.com, peer: 104.16.132.229:80 For now to fix this, I have commented the OCSP Stapling stuff in the conf file as such : # OCSP Stapling #ssl_stapling on; #ssl_stapling_verify on; #ssl_stapling_responder http://ocsp.cloudflare.com/; #ssl_trusted_certificate /config/nginx/cf-certs/trusted-chain.pem; # my cert + cloudflare certs combined in 1 file #ssl_ocsp on; #ssl_ocsp_responder http://ocsp.cloudflare.com/; #ssl_ocsp_cache shared:OCSPCache:20m; If anyone has an idea of why this started happening ? so you have an ssl cert on nginx, and one in cloudflare.. both certs are valid and not expired? Link to comment Share on other sites More sharing options...
vaise Posted June 3 Share Posted June 3 I suspect it is an ocsp issue. There are some google searches that match whereby the ocsp end has to do something. I am just back from a trip so will have a play over the next few days. I set this up years back and have had a stroke since so will have to go through my documentation to remember it all. Link to comment Share on other sites More sharing options...
vaise Posted June 3 Share Posted June 3 12 hours ago, pir8radio said: so you have an ssl cert on nginx, and one in cloudflare.. both certs are valid and not expired? Howdy @pir8radio - been a while since we worked on that cloudflare caching issue together - I notice you are still a user on my system - (but I firewall USA again) To answer your questions - I have the cloudflare provided origin server certificate (2034 expiration). I have the cloudflare provided authenticated origin pulls client certificate (checked it is still the latest as it was updated in 2020). Further research today seems to indicate that this ocsp stappling stuff is only needed in NGINX if you are NOT using cloudflare, and they have implemented it in the edge certificates themselves. This may explain why on www.ssllabs.com/ssltest and www.digicert.com/help/ they both are happy that stapling is still activated even though I have th sections commented out. So in summary - that ocsp section (an artifact from pre cloudflare) which it seems was happy doing nothing all of a sudden was broken (likely at CF end as no changes my side). Link to comment Share on other sites More sharing options...
Flamez Posted June 12 Share Posted June 12 (edited) I am new to using Cloudflare and using the suggested settings on page one of this thread I am seeing the following on the analytics page. I am using the free setup and wondering if I would be charged for any bandwidth usage? Cached Bandwidth Previous 24 hours 3.95 kB Uncached Bandwidth Previous 24 hours 360.01 MB Edited June 12 by Flamez Link to comment Share on other sites More sharing options...
muzicman0 Posted June 23 Share Posted June 23 I'm clearly not doing something right! I use https://stream.mydomain.com to access Emby from a Cloudflare tunnel (Argo tunnel?). Here are my rules: *.mydomain.com/*Items/*/Images/* Cache Level: Cache Everything, Edge Cache TTL: a month Enabled *.mydomain.com/*videos/*/* Cache Level: Bypass But I get all either miss or dynamic. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now