HOW TO: Recommended Cloudflare Settings

[crusher11 916]

I don't have any of those things, though. 

[vaise 324]

51 minutes ago, crusher11 said:

I don't have any of those things, though. 

Do you have a laptop or something you can install with tailscale, then use it remotely, and you should be able to ping things in your LAN if tailscale is working and routing to everything.  Maybe watch some tailscale setup YouTube videos or something. 

[crusher11 916]

I definitely have my username and password correct, so it would seem to be a tailscale issue.

The fact that it logged me out at all would seem to imply this. 

[vaise 324]

30 minutes ago, crusher11 said:

I definitely have my username and password correct, so it would seem to be a tailscale issue.

The fact that it logged me out at all would seem to imply this. 

Are you using an emby app on your phone ?  Maybe if you use a browser instead to hit the emby web page url, if you were not tailscale connected, and not routed, then that page would fail to connect at all.

[crusher11 916]

3 hours ago, vaise said:

Maybe if you use a browser instead to hit the emby web page url, if you were not tailscale connected, and not routed, then that page would fail to connect at all.

Via LAN IP? Yeah, that's not connecting.

[crusher11 916]

3 hours ago, vaise said:

Are you using an emby app on your phone ?  Maybe if you use a browser instead to hit the emby web page url, if you were not tailscale connected, and not routed, then that page would fail to connect at all.

Hang on...via the LAN IP in the Emby dashboard, or via the IP tailscale gives me? The former fails completely, the latter is treated as a remote connection by Emby.

[vaise 324]

I just googled tailscale advertised routes windows.  It apparently does not work in windows.  If that’s what you are using :

https://forum.tailscale.com/t/can-subnet-routes-be-advertised-from-windows/183

[vaise 324]

Do you have an old laptop or cheap pi you can install Linux and tailscale on ?

[vaise 324]

A bit more googling, and maybe it can be done with windows.  I found this:

 

[crusher11 916]

My server is on a Synology NAS, that's where I installed tailscale. 

[vaise 324]

I guess I can’t help you then, unless you install it on something else.

[vaise 324]

I have a question for the people that have been blocked by CF for the media streaming violation.

What exactly do you mean by blocked ?  Is the media just unable to be streamed anymore ?

Does everything else still work on the domain ?  They are not blocking your other stuff ?

For reference, I have three domains in my CF account now, one is doing just emby, one if the wifes art domain and has page redirects to her website, plus uses icloud+ for the 'business' email.  And finally, I have my work domain with has a web page redirect and also my email routing.  

If I was blocked on my media domain, I dont want the others to be affected in any way.

[darkassassin07 585]

13 minutes ago, vaise said:

I have a question for the people that have been blocked by CF for the media streaming violation.

What exactly do you mean by blocked ?  Is the media just unable to be streamed anymore ?

Does everything else still work on the domain ?  They are not blocking your other stuff ?

For reference, I have three domains in my CF account now, one is doing just emby, one if the wifes art domain and has page redirects to her website, plus uses icloud+ for the 'business' email.  And finally, I have my work domain with has a web page redirect and also my email routing.  

If I was blocked on my media domain, I dont want the others to be affected in any way.

About 3 months ago my media stopped loading through cloudflare. The media player would open but just sit with a blank screen not actually playing anything and not throwing any errors.

 

Stopped proxying that single subdomain and it went back to working as normal.

[vaise 324]

3 minutes ago, darkassassin07 said:

About 3 months ago my media stopped loading through cloudflare. The media player would open but just sit with a blank screen not actually playing anything and not throwing any errors.

 

Stopped proxying that single subdomain and it went back to working as normal.

Thats for that - the emaill routing on there would be stopped in that case, as that need the CF proxy - but I dont really use that. 

Still dont know why I have not been stopped as yet.  600-700GB a month goes through there.

[Dazik 44]

Hadn't tried CF in awhile, did today because I registered a new domain for my Emby hostname.
Setup security bypass and cache bypass rules today, then swapped it in as the live URL and within 10 minutes videos stopped streaming, checking the network tab in Chrome it was straight up downloading the full file in the browser and playing from the local file.

Anyway, for others here, and reading this guide. Even on a new setup with an old free account never connected to anything, it doesn't work anymore.
Tried at least 2 dozen cache rules, only thing that let it run for a short while was turning off cache entirely, and that lasted until their soft 250gb/mo limit.

My setup runs through an nginx rproxy offsite to an nginx rproxy onsite for the LAN connection.
I'm now looking at running redis on the frontend rproxy to cache static html/image/scripts because I don't think CF is viable anymore.

[pir8radio 1304]

19 minutes ago, Dazik said:

Hadn't tried CF in awhile, did today because I registered a new domain for my Emby hostname.
Setup security bypass and cache bypass rules today, then swapped it in as the live URL and within 10 minutes videos stopped streaming, checking the network tab in Chrome it was straight up downloading the full file in the browser and playing from the local file.

Anyway, for others here, and reading this guide. Even on a new setup with an old free account never connected to anything, it doesn't work anymore.
Tried at least 2 dozen cache rules, only thing that let it run for a short while was turning off cache entirely, and that lasted until their soft 250gb/mo limit.

My setup runs through an nginx rproxy offsite to an nginx rproxy onsite for the LAN connection.
I'm now looking at running redis on the frontend rproxy to cache static html/image/scripts because I don't think CF is viable anymore.

was it an MP4?  If you don't pass all of the correct headers, nginx will just sit there and try to download the whole file before playing it.  unless i misunderstood what you were saying. 

[Dazik 44]

On 7/28/2023 at 10:51 PM, pir8radio said:

was it an MP4?  If you don't pass all of the correct headers, nginx will just sit there and try to download the whole file before playing it.  unless i misunderstood what you were saying. 

Nah you got it, but its any file.
I got it working via a new CF account btw, I think they are soft banning if you don't setup everything correctly before changing the records. My OG account can not stream any media now on any domain. Which is fine, the rest of the stuff on it is web hosting/articles/etc.

 

 

[vaise 324]

5 hours ago, Dazik said:

Nah you got it, but its any file.
I got it working via a new CF account btw, I think they are soft banning if you don't setup everything correctly before changing the records. My OG account can not stream any media now on any domain. Which is fine, the rest of the stuff on it is web hosting/articles/etc.

 

 

Oh .  They stoped all domains on your account?  Not just the one that was an issue?  I have three domains there inc my emby one, maybe I should create three accounts then going forward if others are affected.  The others don’t do any media though……. Yet.

[vaise 324]

They don’t seem to have a process to move domains to new accounts.  The notes say You have to move away to another domain provider first, then move back to new account  That’s two more payments and delays!!!!!!!   Omg.

[redjacket69 4]

On 3/17/2022 at 5:04 PM, redrobot2121 said:

is there any way to server the only video directly from the origin server but everything else should be proxied ??? 

@pir8radiohey, i was searching for something like this. So what i understand, https://emby.example.com/emby/videos/* only this path can not be unproxied in cf. so it can be something like this. it can be something like this, https://emby.example.org for user interface and https://emby-streams.example.org for the actual stream. Is it doable in cloudflare ?

ref: 

 

[LAPS0082 7]

Hi!

At first thank you all for all this work and guides and stuff. Especially @pir8radioWithout your help I would never have been able to come this far with my Emby setup. I have been reading a lot. But now I have to make my first post because I need your help.

 

My setup is like this:

• Emby Server running on Windows 10 on a dedicated machine
• Nginx running on a VM on my Proxmox server
  • Letsencrypt for public certificates
• Both servers are on the same subnet hosted in my homelab
• Own a public domain
  • Using a subdomain for emby (eg: emby.example.com) 
  • Switched DNS servers to cloudflare recently

I don't get whats wrong.  

When I use cloudflare in DNS only mode  everything works fine. No problems. As soon as I switch to I get Error code 552 from cloudflare:

 

 

 

I use exactly the config of @pir8radiofor nginx and the recommended settings for CF with the rules and all stuff.

 

I only changed the two parts in your config because it was mentioned so in the commented section:

## Cloudflare users will want to swap $remote_addr in first line below to $http_CF_Connecting_IP
## to log the real client IP address
    log_format  emby  '$http_CF_Connecting_IP - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port "$http_x_emby_authorization"';


    log_format default '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port';

$http_CF_Connecting_IP in line 3

 

##  proxy_set_header X-Real-IP $remote_addr;  ## Passes the real client IP to the backend server.
    proxy_set_header X-Real-IP $http_CF_Connecting_IP;  ## if you use cloudflare un-comment this line and comment out above line.

$http_CF_Connecting_IP in line 2

 

There is nothing showing up in my logfiles on nginx (access.log / emby.log / error.log).

 

Is my ISP maybe blocking cloudflare? Is there any way I can test this?

Is there an issue because my certificate is provided by letsencrypt?

 

I appreciate any help. Thank you!

 

[mattykellyuk 18]

Thanks for the guide, I used this after changing domain and I'm having problems with cloudfare. I don't think the cache is bypassing video or working for images too as I'm not getting any 'hits' and its affecting load speeds. Any suggestions would be great.

[est3ban129 2]

I am using Argo tunnel for my server but it happens that the applications change the domain URL of my server by the IP:port automatically, this can be fixed because the server is not accessible by the port and therefore you have to retype the domain URL every time you want to access the server.

[vaise 324]

No issues my side. Not touched my cf config in years.  Except to add a backup tunnel also so they load balance.

[est3ban129 2]

Does it happen to anyone that is using Argo tunnel and randomly in the EMBY applications the tunnel URL is changed by the ip+port but this is inaccessible because port is closed? 

Also, since I have a dynamic ip, when I reboot the router it will stop working and I will have to put the tunnel URL again.
In addition to not making use of Argo if it connects by IP spontaneously.