jad3675 26 Posted January 20, 2023 Posted January 20, 2023 2 hours ago, sross44 said: I may need your help on doing this, but I’m going to check this out today. Sounds super interesting!! Great idea Few things to remember with the OCI - if use the Ubuntu image, they don't use ufw - it's iptables. You'll need to allow any internet traffic in on iptables and on the virtual network you have configured for the host. mod_security gets cranky with playing video within emby. Easiest way to address that is to place this in your modsecurity.conf. SecRule REQUEST_FILENAME "@contains emby" "id:1,phase:2,nolog,allow,ctl:ruleEngine=Off" I'm sure there's a better and safer way to do it, but I haven't figured it out yet.
sross44 318 Posted January 20, 2023 Posted January 20, 2023 (edited) 24 minutes ago, jad3675 said: Few things to remember with the OCI - if use the Ubuntu image, they don't use ufw - it's iptables. You'll need to allow any internet traffic in on iptables and on the virtual network you have configured for the host. mod_security gets cranky with playing video within emby. Easiest way to address that is to place this in your modsecurity.conf. SecRule REQUEST_FILENAME "@contains emby" "id:1,phase:2,nolog,allow,ctl:ruleEngine=Off" I'm sure there's a better and safer way to do it, but I haven't figured it out yet. Ok, well now I'm completely lost lol. Maybe I'll avoid this setup for now haha. I really would just use this to set up Nginx though and whitelist my ip address like you said. This way I don't have to open my network to anything. Edited January 20, 2023 by sross44
sross44 318 Posted January 21, 2023 Posted January 21, 2023 10 hours ago, sross44 said: Ok, well now I'm completely lost lol. Maybe I'll avoid this setup for now haha. I really would just use this to set up Nginx though and whitelist my ip address like you said. This way I don't have to open my network to anything. Well I got it set up, and I'm pretty sure I installed everything correctly... but I suck at command line and can't figure it out. I have the docker image running. I thought i set up IPTables correctly.... but damned if I can't access it. (I set it up via Nginx proxy manager, because that's what I've used lately)
jad3675 26 Posted January 22, 2023 Posted January 22, 2023 On 1/20/2023 at 11:50 PM, sross44 said: Well I got it set up, and I'm pretty sure I installed everything correctly... but I suck at command line and can't figure it out. I have the docker image running. I thought i set up IPTables correctly.... but damned if I can't access it. (I set it up via Nginx proxy manager, because that's what I've used lately) Did you set it up in Oracle Cloud? If so, you need to allow tcp/443 in on the default security list for your public vcn.
JonBigTellyEmby 0 Posted January 22, 2023 Posted January 22, 2023 Hi All, May I ask if anybody has this working on an Apple TV or iPhone. Cannot seem to get it working even though it works perfectly via a browser What would be the setting for the IOS app / Host - embyserver.uk Port - 8096 and just get a spinning wheel is it something to do with HTTPS ? have that port fwd on router using 8920 Thx for any help Jon
jjo5555 0 Posted January 22, 2023 Posted January 22, 2023 Should the recent change your password email stop my Emby working on Roku?
sross44 318 Posted January 22, 2023 Posted January 22, 2023 4 hours ago, jad3675 said: Did you set it up in Oracle Cloud? If so, you need to allow tcp/443 in on the default security list for your public vcn. Ok I’ll give that a try and see if I can get it working! Thanks
notuxnobux 9 Posted February 23, 2023 Posted February 23, 2023 (edited) So... What's the alternative to cloudflare? I'm using the SWAG reverse proxy (it uses nginx backend) and for Emby, the only thing I really need from the (cloudflare) service is to point emby.mydomain.com to my pubic IP, so the reverse proxy can do the rest. I make use of more cloudflare features for my other subdomains however, so I'm only looking to get emby away from it, to prevent being TOS banned. Will something like duckdns suffice? Edited February 23, 2023 by notuxnobux
vaise 324 Posted February 23, 2023 Posted February 23, 2023 (edited) It’s only the media that stops working when you are banned I believe. So I have a backup system that is swag fully configured and waiting to go. You have cf already doing the the pointing to swag, so just untick your emby.mydomain.com in cf dns and it will not be routed via cf anymore. You can do that as a test. personally, I have a bit more to do as I use cf tunnels and hence are not port forwarding so Ibhave to re-enable the port forwarding also. It takes just seconds to roll out. Edited February 23, 2023 by vaise 1
seanbuff 1026 Posted February 23, 2023 Posted February 23, 2023 6 hours ago, notuxnobux said: the only thing I really need from the (cloudflare) service is to point emby.mydomain.com to my pubic IP, so the reverse proxy can do the rest. If you just use CF in "DNS" mode only (gray cloud icon) instead of "proxying" (orange cloud icon) which violates the TOS. Then let your SWAG setup take care of the rest locally. You should be all set. 1 1
vaise 324 Posted February 23, 2023 Posted February 23, 2023 48 minutes ago, seanbuff said: If you just use CF in "DNS" mode only (gray cloud icon) instead of "proxying" (orange cloud icon) which violates the TOS. Then let your SWAG setup take care of the rest locally. You should be all set. Much More detailed reply than my answer Sean. Well done.
notuxnobux 9 Posted February 23, 2023 Posted February 23, 2023 (edited) 2 hours ago, vaise said: It’s only the media that stops working when you are banned I believe. So I have a backup system that is swag fully configured and waiting to go. You have cf already doing the the pointing to swag, so just untick your emby.mydomain.com in cf dns and it will not be routed via cf anymore. You can do that as a test. personally, I have a bit more to do as I use cf tunnels and hence are not port forwarding so Ibhave to re-enable the port forwarding also. It takes just seconds to roll out. 58 minutes ago, seanbuff said: If you just use CF in "DNS" mode only (gray cloud icon) instead of "proxying" (orange cloud icon) which violates the TOS. Then let your SWAG setup take care of the rest locally. You should be all set. Thanks guys. Quick question for either of you... won't doing this expose my IP address? Edited February 23, 2023 by notuxnobux
vaise 324 Posted February 23, 2023 Posted February 23, 2023 Do what you can. Add fail2ban or croudsec to swag. I have moved to crowdsec now. Still not banned yet!!!! 1
notuxnobux 9 Posted February 24, 2023 Posted February 24, 2023 2 hours ago, vaise said: Yep 2 hours ago, vaise said: Do what you can. Add fail2ban or croudsec to swag. I have moved to crowdsec now. Still not banned yet!!!! Thank you. I have already got fail2ban set up with swag. Might look into crowdsec, as I've heard good things about it.
jhruan 0 Posted March 7, 2023 Posted March 7, 2023 Now cloudflare has launched a lot of test functions for caching. Is there any recommended configuration?
crusher11 903 Posted March 9, 2023 Posted March 9, 2023 (edited) I have NGINX set up, but I'm using CloudFlare to handle IP blocking so my server is only available in Australia, which should solve 99% of security issues right off the bat. I also don't really know how it all works, I just trust that guys on here with these sorts of threads do. I'm running my server on a Synology NAS. Don't have fail2ban or any equivalent set up. So I'd need that, plus the geoblocking, at a minimum. I also currently have my admin account enabled for online access so I can do maintenance away from home, but people have recommended against that for obvious reasons and suggested some sort of alternative that still allows admin to be accessed remotely via some other setup? Not sure what the deal is there. EDIT: CloudFlare also handles my SSL cert. Edited March 9, 2023 by crusher11
vaise 324 Posted March 9, 2023 Posted March 9, 2023 (edited) Install tailscale on something in your lan, with advertised routes turned on, then on your remote device (laptop, phone), then easy secure access to anything in your network from anywhere, with no port forwarding. Remove that admin then from remote, once you use tailscale, you are local then and admin will work. Edited March 9, 2023 by vaise
thunderclap 39 Posted March 21, 2023 Posted March 21, 2023 Does the first post warning still apply if one uses NginxProxyManager? I run Emby in docker on Unraid and have over 20 dockers, including NgnixProxyManager, that forwards subdomains to specific ports. Does that obscure what data is being transferred through Cloudflare?
crusher11 903 Posted March 21, 2023 Posted March 21, 2023 On 3/10/2023 at 7:00 AM, vaise said: Install tailscale on something in your lan, with advertised routes turned on, then on your remote device (laptop, phone), then easy secure access to anything in your network from anywhere, with no port forwarding. Remove that admin then from remote, once you use tailscale, you are local then and admin will work. I get an "invalid username or password" error from Emby when trying to sign in.
vaise 324 Posted March 21, 2023 Posted March 21, 2023 6 hours ago, crusher11 said: I get an "invalid username or password" error from Emby when trying to sign in. Is this after doing the tailscale config? Does other stuff to your lab work? On my tailscale, with advertised routes, my remote chrome browser bookmarks all work e a y the same as if I can on my lan. No difference at all. Every hosted service I can connect too. Just prove tails ale all works like that. All web pages etc.
crusher11 903 Posted March 21, 2023 Posted March 21, 2023 43 minutes ago, vaise said: Is this after doing the tailscale config? Config? 43 minutes ago, vaise said: Does other stuff to your lab work? Eh?
vaise 324 Posted March 21, 2023 Posted March 21, 2023 (edited) 19 minutes ago, crusher11 said: Config? Eh? You referenced my post, which was about tailscale, so the tailscale config I mention in my post. Lab was a typo. Should be LAN. Edited March 21, 2023 by vaise
crusher11 903 Posted March 22, 2023 Posted March 22, 2023 There doesn't seem to be any config, though? All I can find is a checkbox for the advertised routes thing, which I've checked. I'm not aware of any other LAN access method from my phone than Emby.
vaise 324 Posted March 22, 2023 Posted March 22, 2023 I use it with Linux, I have to pass parameters and config for the routes that tailscale will use, then I allow it in the tailscale gui. By LAN, I mean access anything else on your lan to prove it works (not just emby). I.e, I host cctv, sonarr, radarr, jellyseer, uptimeKuma, readarr, tdarr and multiple pihole instances on my lan. Tailscale allows me to access any of these as if I am home. That’s what I mean to prove access is working.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now