Jump to content

Recommended Posts

crusher11
Posted
37 minutes ago, pwhodges said:

Cloudflare thinks your server is down - is it?

Paul

I don't know? I can access it locally. Haven't changed any of the CloudFlare or network settings recently that I'm aware of/can remember. 

Posted

Public IP changed?

crusher11
Posted

I'm unable to access my server via PUBLICIP:8096 or PUBLICIP:443. But I'm not sure if that's normal given the CloudFlare/NGINX setup or not. 

Posted

Port forwarding is all good on your router and local firewall is open? Can you reach your PC using a different service via IP (RDP as an example)

You could remove anything related to connecting securely as a test and then see if you can connect via public IP.

When I have the cert configured i'm unable to connect via public IP as well.

crusher11
Posted

Not at my PC at the moment, but I haven't changed any of my router or firewall settings.

Don't know what RDP is. 

Posted

What does your CF dashboard say for bandwidth used over the last 30 days? Do you get a monthly email telling you how much data you used? I believe they only send an email when you use more than a certain amount, but I don't know what the threshold is.

Posted
42 minutes ago, C.S. said:

What does your CF dashboard say for bandwidth used over the last 30 days? Do you get a monthly email telling you how much data you used? I believe they only send an email when you use more than a certain amount, but I don't know what the threshold is.

I don't think that's true, I get one for ~2MB data used for as domain I'm not using

crusher11
Posted
1 hour ago, C.S. said:

What does your CF dashboard say for bandwidth used over the last 30 days? 

100MB, why? 

Posted
1 hour ago, crusher11 said:

100MB, why? 

MB, not GB? So you basically haven't used it at all in the past month?

I was thinking maybe they banned you, but you don't really use it, so probably not.

crusher11
Posted
47 minutes ago, C.S. said:

MB, not GB? So you basically haven't used it at all in the past month?

I was thinking maybe they banned you, but you don't really use it, so probably not.

I'm not sure how long it's been down for TBH. 

Posted

I think we can say at least 30 days. Did you get the emails? Do you know how much data you've been pushing?

crusher11
Posted
3 minutes ago, C.S. said:

I think we can say at least 30 days. Did you get the emails? Do you know how much data you've been pushing?

Well the reason I don't know is it rarely gets used, so the lack of data the last month is really no indicator one way or the other.

How much data I've been pushing is irrelevant. The answer isn't going to resolve my issue one way or the other. 

crusher11
Posted

CanYouSeeMe is negative on 8096 and 443, but again I don't know if that's normal with NGINX/CloudFlare.

Still haven't established if it's an Emby issue, and NGINX issue, or a CloudFlare issue.

samuelqwe
Posted
14 hours ago, crusher11 said:

CanYouSeeMe is negative on 8096 and 443, but again I don't know if that's normal with NGINX/CloudFlare.

Assuming you usually connect using HTTPS, port 443 should be open on your router and CanYouSeeMe should be able to see it as open if Nginx is actually accepting the connection. Otherwise, there is port 80 for HTTP traffic, but you don’t actually need if you connect exclusively using HTTPS.

So if you’ve checked that port 443 (and/or 80) is open on your router and that it is pointing to the device hosting the Nginx server on your LAN, and that your public ip is correctly entered in your CloudFlare DNS rules, then it’s likely an issue with the Nginx configuration.

Port 8096 (or 8920 for secure connections) would only need to be open and reachable on CanYouSeeMe if you were connecting directly to Emby with your plugins on public IP instead of your domain, so it shouldn’t need to be open in this case.

Also, just to be sure, have you checked that your domain has not expired and is still active? Just looking at all the possibilities here.

Posted (edited)

I have found the cloudflare tunnels have really taken all this pain away.  Tunnel is now either up or down, it has detailed logging, and no reverse proxy to worry about.  And no ports to open on the router.

Edited by vaise
crusher11
Posted

Yep, turns out it's NGINX, which had completely stopped running. Attempting to restart gives the error "Docker API has failed. Please visit Docker Log for more information." Docker log:

Start container nginx2 failed: {"message":"Bind mount failed: '/volume1/Emby Libraries/emby.log' does not exists"}.
       
  • 1 month later...
Posted (edited)

My emby server (a docker container) is accessed remotely through Cloudflare tunnel to the port 8096 of emby server. There is no problem to log in from my laptop's web browser. When I tried to connect the server (same host name) from android app, the log in screen will show up but I can't log in. It will always show "Sign In Error Invalid username or password. Please try again" even though the correct information was provided. The server log shows a single line: "Error Server: Access token is invalid or expired". Any help is appreciated.

Update:

Issue is resolved if port 443 is specified (instead of left empty)

Edited by wmd1942
Issue resolved
  • Thanks 1
Posted
9 hours ago, wmd1942 said:

My emby server (a docker container) is accessed remotely through Cloudflare tunnel to the port 8096 of emby server. There is no problem to log in from my laptop's web browser. When I tried to connect the server (same host name) from android app, the log in screen will show up but I can't log in. It will always show "Sign In Error Invalid username or password. Please try again" even though the correct information was provided. The server log shows a single line: "Error Server: Access token is invalid or expired". Any help is appreciated.

Update:

Issue is resolved if port 443 is specified (instead of left empty)

I use all ports on my tunnel config - no issues on my side reported from any remote family.  Maybe they dont have any android phones however.....  Plenty of google TV and a few chromecasts.

image.thumb.png.55d9142d7ac6b1c99b358647c9379b54.png

Maybe it is something in your application policy config ?

Maybe update your cloudflare tunnel version ?  I am using docker - cloudflare/cloudflared:2022.12.1-amd64

  • 3 weeks later...
Posted

Well my number came up tonight and CF TOS'ed me.

It was a good 5 year run.

Got a nginx reverse proxy stood up in the cloud pretty quickly and had everything working after an hour 

 

Posted
On 1/16/2023 at 8:47 PM, jad3675 said:

Well my number came up tonight and CF TOS'ed me.

It was a good 5 year run.

Got a nginx reverse proxy stood up in the cloud pretty quickly and had everything working after an hour 

 

I had the same thing happen to me last month. I switched everything over to nginx reverse proxy as well..... but I did love the Cloudfare setup. I have a feeling more and more people are going to start having this happen to them.

Posted
53 minutes ago, sross44 said:

I had the same thing happen to me last month. I switched everything over to nginx reverse proxy as well..... but I did love the Cloudfare setup. I have a feeling more and more people are going to start having this happen to them.

If CF's defense, I was averaging ~4TB/month. I am honestly beyond surprised I was able to skate for the better part of 5 years.

Rather than setup a ngninx reverse proxy on my home network and open 443 up to the world, I spun up an Ampere A1 instance in the Oracle Cloud (it's free!) - 1GB bandwidth, 10TB egress/month and a public IP address. Installed nginx with mod_security and deployed crowdsec on it. Whitelisted the public IP on my home firewall. It's probably 98% as good as CF from a WAF/Intrusion standpoint. Don't have the fancy webpanel like CF, but I can scrape the metrics into the CloudSIEM from Datadog and have an idea of what's going on.

 

John

Posted

My public ip changes on average once every 2 weeks.  That would be a pain I think.  CF only 489gb last month.

Posted
14 hours ago, vaise said:

My public ip changes on average once every 2 weeks.  That would be a pain I think.  CF only 489gb last month.

My pub ip changes if my firewall gets rebooted. CF is doing my DNS, though. I have the name record that nginx uses to connect back to emby updated via the cloudflare-ddns script and then another script (on the reverse proxy) that reloads nginx if the DNS record changes. A bit convoluted (and a few minutes of downtime while DNS changes) but it works.

 

Posted
On 1/19/2023 at 9:57 AM, jad3675 said:

If CF's defense, I was averaging ~4TB/month. I am honestly beyond surprised I was able to skate for the better part of 5 years.

Rather than setup a ngninx reverse proxy on my home network and open 443 up to the world, I spun up an Ampere A1 instance in the Oracle Cloud (it's free!) - 1GB bandwidth, 10TB egress/month and a public IP address. Installed nginx with mod_security and deployed crowdsec on it. Whitelisted the public IP on my home firewall. It's probably 98% as good as CF from a WAF/Intrusion standpoint. Don't have the fancy webpanel like CF, but I can scrape the metrics into the CloudSIEM from Datadog and have an idea of what's going on.

 

John

I may need your help on doing this, but I’m going to check this out today. Sounds super interesting!! Great idea 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...