Jump to content

Synology + Docker + Emby + Metadata


mengoshmink
 Share

Go to solution Solved by emoby0,

Recommended Posts

mengoshmink

Hi guys,

for reasons not worth explaining here I am currently without my dedicated server hardware. So I decided to install Docker to my Synology NAS and install the Emby image. My reasons for using the Docker Emby image and not the native Synology Emby app are various.

  • DSM 6.2.4-25556 Update 2
  • Docker 20.10.3-0554
  • Emby latest (4.7.0.9)

When I entered my premier key I got an error. After a bit of digging I found that if I turned off my Synology firewall then the key worked fine. Not ideal but to turn off the firewall for a few seconds while my premier key is validated and verified is not a deal breaker.

What I found next is that when scanning my video library it doesn't download any metadata unless the firewall is off.

I've tried a few different firewall rules but to no avail. Does anyone here have any ideas or the answer?

Many thanks in advance!

Synology Firewall.png

Container Log emby-1.html Container Settings emby.json embyserver.txt

Link to comment
Share on other sites

Hi, that's interesting. That's the first I've seen of this but then again most Synology users are on the native package (and DSM7 if available to them).

Link to comment
Share on other sites

What interface is Emby running on in Docker?

Bridge, Host, Macvlan or other network setups will require different firewall ports.

Just a quick look at your server log and 172.17.0.2 or 172.17.0.1 likely needs opening in the firewall.

Edited by cayars
  • Agree 1
Link to comment
Share on other sites

mengoshmink
On 11/01/2022 at 20:57, Luke said:

Hi, that's interesting. That's the first I've seen of this but then again most Synology users are on the native package (and DSM7 if available to them).

Hi Luke, nice to hear from you again 🙂

I prefer Docker over native installs for when I inevitably break something.

As for DSM 7, I was going to upgrade until I read some negative feedback about some features I think I use in DSM 6. Until I have had a chance to check I'm not upgrading.

 

9 minutes ago, cayars said:

What interface is Emby running on in Docker?

Bridge, Host, Macvlan or other network setups will require different firewall ports.

Just a quick look at your server log and 172.17.0.2 or 172.17.0.1 likely needs open in the firewall.

Hi cayars,

That setup is bridge. As a temporary solution I'm using host. I don't have time tonight to test bridge with 172.17.0.1 open. I will try soon and feedback. Thank you.

Link to comment
Share on other sites

Smart move not doing the DSM upgrade until you've had a chance to review everything you use first.

Sounds good on the bridge setup. Let us know how you make out.

Does your NAS support Virtual Machines? If so you could install a VM using DSM 6 with the software you use. Then upgrade that to DSM 7 and see what happens. 
I did the migration video using a VM after I ran through the process once or twice beforehand.  It's great for things like this even if you don't normally use it for running VMs.

Link to comment
Share on other sites

mengoshmink

Okay, so with Emby running in a default bridged container it has the IP: 172.17.0.2 but I am connecting to it with the IP: 192.168.1.72.

I concede I may of set the firewall rule incorrectly.

It's network access still appears to be limited as it still can not fetch metadata.

Thanks,

image.png.bc165d0f8bf939c16515bb3cc540a416.png

Edited by mengoshmink
Link to comment
Share on other sites

What happens if you turn off the firewall and run a scan?

That will let you know if the firewall is the issue or if you need to look elsewhere.

You're not using any kind of VPN are you?

Link to comment
Share on other sites

mengoshmink

If I turn off the firewall and scan a library / try and fetch metadata it works as it should.

Nope. No VPN's in use here.

Link to comment
Share on other sites

That would seem to indicate that it's a firewall issue then. :)

You should be able to tell by the logs why it's getting blocked. For starters you could change TCP to ALL
Make sure you have the proper interfaces covered.

Make sure you cover all the IPs used between metal, Synology & Docker for Emby including WAN.

Link to comment
Share on other sites

mengoshmink

Thanks cayars. Any suggestions of which log to look at? Synology firewall log (if there is such a thing) or Emby server log? I'm guessing this (below quote) is the type of error I'm looking for? I am also guessing turning on Emby's debug logging would be overkill.

Quote

2022-01-11 20:29:14.331 Info Server: http/1.1 Response 200 to 172.17.0.1. Time: 51ms.

Ah, not like the old days of my Slackware server when I configured iptables with fwbuilder and monitored with dmesg 🙂

I'll probably have a library of just a couple of videos and debug with that. Good idea to check the interfaces first and the IPs between the Synology and Docker.

Link to comment
Share on other sites

I don't use it so I can't say for sure but I was thinking the firewall software would have to write a log file.

I just took a look at this:
image.png.c8c7bfa37071a9e6056ea0ada5d5696f.png

Have you tried the option I have selected in the red box?  That should be all that's needed I'd think.
If you try that and still can't figure out the issue let me know and we can setup a remote session to get you some help figuring it out.

Carlo

Link to comment
Share on other sites

  • 5 weeks later...
mengoshmink

Hi guys,

sorry for the delay. Just turned my NAS back on so I should be able to test and report back soon.

  • Thanks 2
Link to comment
Share on other sites

  • 1 month later...
mengoshmink

Hi guys,

I finally spent some time tonight trying to figure it out. My gut feeling is it is a routing issue but it's beyond me. I found this but got nowhere. Strictly speaking I think it is talking about a different problem.

cayars I tried that option but I think it only displays notifications from changes within the DSM software. Not what's going on behind the scenes.

Honestly the last couple of months I have been using the Emby Docker image with host networking.

This week I put on my separate server box where I was originally hosting the Emby Docker image and will again; unless energy prices prove to be prohibitive.

So I'm sorry guys but I don't think I'll be pursuing this any further.

Many thanks for the support.

Link to comment
Share on other sites

Why not just keep the firewall off and use the firewall on your router?

Link to comment
Share on other sites

mengoshmink

I just don't trust the firewall on my router. Simply because I don't see the firmware get many updates and I don't see many features to protect against intrusion. It is a simple ISP provided router. That said it seems to handle connecting well.

I'm now on the journey of setting up a reverse proxy to protect my Emby server and other services I like to access externally.

  • Thanks 1
Link to comment
Share on other sites

  • Solution
Posted (edited)

Thanks for posting your question, I think I had the same problem (I'm also running Emby on a Synology nas with a firewall, and had issues trying to identify media failed to search (after it working very reliably for a long time)

Thanks to this post, I remembered I had recently cleaned up my Synology firewall settings. I believe I had inadvertently removed the rule to allow applications on the Docker bridge to access the Synology network. (unrelated I wish Synology allowed us to put comments in the firewall rule settings so we know what they were for!...)

As the Docker configuration has my emby server on this bridge:

image.png.c7315145610514a62277b3ed724ab4ae.png

I added a rule like this:

image.png.b45ffad4e6a81f5eb6f7f27da7825735.png

Once doing this, I was able to identify media and retrieve metadata.

I had originally thought I had to allow access from the docker images to the main internet firewall, but it seems the issue was that the docker bridge needs to go through the synology system first. This seems reasonable, but I must have forgotten since I set it up a while ago.

Hope it helps someone!

BTW, I'm on DSM 7.0.1

Edited by emoby0
  • Agree 1
Link to comment
Share on other sites

mengoshmink
25 minutes ago, emoby0 said:

I added a rule like this:

image.png.b45ffad4e6a81f5eb6f7f27da7825735.png

Once doing this, I was able to identify media and retrieve metadata.

You legend emoby0. Your reply and solution are spot on! Many thanks 🙂

@cayars you were right too, I just didn't know how to fix it.

BTW Adding comments to the Synology firewall rules would indeed be helpful. I am trying to keep my NAS as purely a file server but other things are creeping in.

BTW BTW I am still on DSM 6 as I read something (I think it was in the release notes) about DSM 7 and NFS.

Link to comment
Share on other sites

Great to hear it was helpful! The way the firewall is blocking the internal network, is a bit counter intuitive. It seems like Synology sees the docker network as external to some extent, and the traffic passes through the synology device before it goes out to the main router.

For reference for anyone coming across this post. The firewalls rules are executed in order from the top down, so if a DENY ALL rule is at the top, then it trumps other rules.

Edited by emoby0
Link to comment
Share on other sites

Glad you guys got this figured out but I was going to comment the same thing emobyo did. 

So file that one away so you'll remember if you ever see the 172 address space you're missing a route from 192 which the firewall is doing for you.

Alternately, don't use a bridge in Docker for Emby but let it get a host address which will be faster too.

Link to comment
Share on other sites

Thanks for the additional info Carlo.

I took a look at switching the docker network to "host", but it seems it's not possible to switch the container network once the container is created easily in the UI based on this reddit post.

I was able to create a new container and point the mounts accordingly - thanks!

Edited by emoby0
  • Thanks 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...