Jump to content

Running Emby through reverse proxy


silverfish45
Go to solution Solved by silverfish45,

Recommended Posts

silverfish45

I'm having issues using Emby Server V.4.7.1.0 (Modified by Luke in a previous forum to work with Win7). I've had to remain at this version level because Win7 does not like SSL after the new .net 6 update. This has forced me to use a reverse proxy via Caddy to create SSL certificates and connect that way.. 

This works really well for tablets and phones that are using the Emby app.. where i'm struggling is using a chromecast or Chromecast with android TV outside the network. I've read all the forum on how to deal with this and haven't found a solution yet.

This is how I've got it setup

Reverse proxy server will forward emby.domain.com to emby 8096 port (as https port seems to only respond to remote connections). Certificates are automatically generated and are valid.. everything works perfectly for Web UI into emby or the android apps..

When I try to cast to a TV that isn't local to the server.. it just sits there spinning. I cannot login to emby using android TV if it's going to the proxy.. I love the reverse proxy as it automates my certificates but there must be a setting or work around out there.. I read forum for JellyFin and they had the same problem but they released a patch in their next version..

If anyone has any advice, it would be appreciated. 

 

Link to comment
Share on other sites

pir8radio
4 hours ago, silverfish45 said:

I'm having issues using Emby Server V.4.7.1.0 (Modified by Luke in a previous forum to work with Win7). I've had to remain at this version level because Win7 does not like SSL after the new .net 6 update. This has forced me to use a reverse proxy via Caddy to create SSL certificates and connect that way.. 

This works really well for tablets and phones that are using the Emby app.. where i'm struggling is using a chromecast or Chromecast with android TV outside the network. I've read all the forum on how to deal with this and haven't found a solution yet.

This is how I've got it setup

Reverse proxy server will forward emby.domain.com to emby 8096 port (as https port seems to only respond to remote connections). Certificates are automatically generated and are valid.. everything works perfectly for Web UI into emby or the android apps..

When I try to cast to a TV that isn't local to the server.. it just sits there spinning. I cannot login to emby using android TV if it's going to the proxy.. I love the reverse proxy as it automates my certificates but there must be a setting or work around out there.. I read forum for JellyFin and they had the same problem but they released a patch in their next version..

If anyone has any advice, it would be appreciated. 

 

if it works without a proxy, it should work with the poxy (if proxy is setup correctly) no patch needed..    check out your proxy config make sure your remote users show up as remote users and not all as the proxy ip.     

 

Link to comment
Share on other sites

silverfish45
On 18/06/2022 at 00:40, Luke said:

Hi, I would suggest looking at this: 

 

Wow, thanks for your quick reply Luke.. Legend! Unfortunately I tried using Nginx first but found Caddy was so much easier and it handles all the certificate stuff automatically. My caddy setup config is pretty simple but I'm sure i'm just missing a header argument or something..

 

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

#Emby Reverse Proxy 
emby.domain.com {      
reverse_proxy 10.20.0.2:8096

}

#CloudyKey Web Server
cloudkey.domain.com {
reverse_proxy https://10.20.0.9:443 {
transport http {
tls_insecure_skip_verify

                }

        }

}

Link to comment
Share on other sites

silverfish45
On 18/06/2022 at 01:29, pir8radio said:

if it works without a proxy, it should work with the poxy (if proxy is setup correctly) no patch needed..    check out your proxy config make sure your remote users show up as remote users and not all as the proxy ip.     

 

When I use my phone or tablet and start to play something, the IP address on the server dashboard will show the external IP address of my phone carrier however when I try to play a chromecase outside the network, it never gets a request or I haven't found a location that would show a log of what's happening. 

The SSL works because I manually get the certificate from ZeroSSL and install it into Emby via the server UI and port forward servers HTTPS address so everyone outside the network gets the correct address.. I suspect that the proxy is returning the local address to the client outside the network (but not to APP version of emby)

Link to comment
Share on other sites

silverfish45

My Setup is as follows

Server: Win 7 64bit 16GB RAM V.4.7.1.0 (modified for .net 3 environment, .net 6 doesn't work with certificate SSL anymore past version 4.6.*.*)
Proxy Server: CaddyServer V2 on Raspberry Pi 3 (Rasbian)
Clients: Android phone Emby for Android 3.2.50

I'm sure it's just a setting in Caddy but I've read through so many times and nothing seems to jump out as the key setting to enable. They say by default, most of the common settings are enabled by default.. I dont know where to check any logs to see how far the chromecasts actually get to connecting.

Link to comment
Share on other sites

silverfish45

I would like to but I have some service and applications that will only work on Win 7 or have been removed from Win 10.. I read that JellyFin users were having the same issues with having the local address being pushed to the chromecasts but they could modify a plugin file for chromecast plugin and force remote address only..

I fixed it for me by modifying jellyfin-web\plugins\chromecastPlayer\plugin.js
Changed "message.serverAddress = serverAddress" to "message.serverAddress = message.serverAddress" (so that it ignores the serverAddress from chromecastHelper)

Might be a good idea to at least let the user configure to always use the external address that the caster uses.

Edit: I would love to see a checkbox in the network settings so that every device you cast to always use the same address (including domain, exactly as written) as the client you cast with uses to connect. Always use https://jellyfin.whatever.com. No logic

Link to comment
Share on other sites

silverfish45

Upgrading to Win 10 isn't going to fix the manual certificate installation process.. I'm almost willing to forgo the chromecasts for that auto-cert setup as it's pretty time consuming. The reverse Proxy has TLS1.2 min and TLS1.3 Max enabled.. all SSL disabled.. Which ends up giving me a security rating of 'A' vs getting a B when installing my own cert and using emby to encrypt the traffic. 

Link to comment
Share on other sites

Sorry I got mixed up. Since you're using a reverse proxy I don't think it's os related.

It's either connectivity or the Chromecast receiver is rejecting the ssl certificate.

Link to comment
Share on other sites

seanbuff
On 19/06/2022 at 09:31, silverfish45 said:

#Emby Reverse Proxy 
emby.domain.com {      
reverse_proxy 10.20.0.2:8096

}

#CloudyKey Web Server
cloudkey.domain.com {
reverse_proxy https://10.20.0.9:443 {
transport http {
tls_insecure_skip_verify

                }

        }

}

I don't quite understand the significance of this portion of your config file.
 

I use Caddy myself for secured Emby connections and have configured ZeroSSL as the cert provider, but my config is super simple:

{
	#ZeroSSL Email Address
	acme_ca https://acme.zerossl.com/v2/DV90
	email <my.email@address.com>
}

#Site Name
<my.emby.domain> {
	reverse_proxy localhost:8096
}

My router forwards 443 requests to Caddy, which talks to Emby on 8096 -- I've never had any issues with remote Chromecasts before, every client device works perfectly.

Link to comment
Share on other sites

silverfish45
3 hours ago, seanbuff said:

I don't quite understand the significance of this portion of your config file.

#Emby Reverse Proxy 
emby.domain.com {      
reverse_proxy 10.20.0.2:8096

}

So i've got the domain at the top as per their tutorial.. emby.mydomain.com 

then i have it set to reverse_proxy @ 10.20.0.2 (server local ip address running emby) 

Caddy is running on a Raspberry Pi 3+ so I dont use localhost as I need it to forward it to the emby server and port 8096..

the cloudkey is for another web  service i'm running and it has a self-signed certificate so this helps it work.

Link to comment
Share on other sites

silverfish45
4 hours ago, Luke said:

Sorry I got mixed up. Since you're using a reverse proxy I don't think it's os related.

It's either connectivity or the Chromecast receiver is rejecting the ssl certificate.

Is there somewhere I can check how far the connection gets before getting dropped? I might try to run emby on Win 11, use caddy as before and see if the OS has anything to do with the connection but it shouldn't.. I also tried forcing TLS 1.2 because people have said chromecast cant use 1.3.. but that didnt make any difference.. 

 

Link to comment
Share on other sites

silverfish45
3 hours ago, seanbuff said:

I use Caddy myself for secured Emby connections and have configured ZeroSSL as the cert provider, but my config is super simple:

My certificate is provided by R3 - Lets Encrypt

I currently use ZeroSSL but i need to manually validate via DNS every 3 months..
Is it free if I use caddy or did you sign up for an SSL plan?

 

Link to comment
Share on other sites

seanbuff
2 hours ago, silverfish45 said:

My certificate is provided by R3 - Lets Encrypt

I currently use ZeroSSL but i need to manually validate via DNS every 3 months..
Is it free if I use caddy or did you sign up for an SSL plan?

100% Free. There is no signup process or anything. By simply adding a valid email address in your config, it uses it to generate the cert - no extra steps required.
 

On 19/06/2022 at 09:35, silverfish45 said:

the IP address on the server dashboard will show the external IP address of my phone carrier

This doesn't quite sound right, are you using your phones connection to host your Emby server?

You remote address on your dashboard should be your domain on port 443
image.png.1cb342fcca65c5deb8756fe2bd94f232.png

This is controlled by the Public ports and External domain on your 'Network' tab.
image.png.1943bcb12c5a1cb7aa43c8a2099559c6.png

Edited by seanbuff
clarification
Link to comment
Share on other sites

silverfish45
20 hours ago, seanbuff said:

This doesn't quite sound right, are you using your phones connection to host your Emby server?

No, sorry.. Let me clarify.  I have a Fibre connection with a public IP.. when i connect to emby with my phone and play something, under the video that is playing will show the clients IP address and what they are watching.

I'll try to add the email address to the config file.. maybe chromecast is rejecting the SSL certificate if there is no email associated with it.. I hope this works.. It's been hours of 'tweaking'.. I even started to install Nginx but it got too full on and went back to Caddy.

 

Thanks for your reply's.. good to know others are on the ball with these things.

  • Like 1
Link to comment
Share on other sites

silverfish45

image.jpeg.f20e6b63f4ab7971a8188bf115f2b832.jpeg 

It shows up in this area. In this screen shot its a local device so i realise it's an internal IP.. at least i know that when i'm using the proxy with a device outside the network, emby is shown the clients IP address.

Link to comment
Share on other sites

silverfish45

I've just tried adding that ZeroSSL section to caddy which works fine.. I checked and the certificate is now showing ZeroSSL..

My client on the tablet, I click add server.. put in emby.mydomain.com, port 80 (443 doesn't show as valid..) Is that what you do on your client?

Caddy routes port 80 to 443 then it's passed onto emby...

Do these settings look like your settings?

I tried playing a video on the tablet.. no worries.. works great.. then i click cast.. the TV gets Emby loaded.. then i press play and the circle goes on and on forever..

settings.jpg

Link to comment
Share on other sites

silverfish45

Update:

On my tablet, I went to Dashboard after trying to cast several times (without success) just to see if the server settings were working. I clicked on the Remote (WAN) access: IP:443 which opened my chrome browser on the tablet.. I signed in and selected the cast button.. I clicked on a video and the background was shown.. exciting.. then i pressed play and it worked just fine..

It seems like only if I cast or try to connect with the Emby app on Android TV that it wont connect.. maybe something to do with the APPs.. strange.. so strange.. yet using the app without casting works perfectly fine.. I'm not sure where to go from here..

In the Apps my login details are server: https://media.mydomain.com port: 443 --- no issues, goes directly to login screen.. login, click play.. all good.. click cast.. no bingo.

Link to comment
Share on other sites

seanbuff
32 minutes ago, silverfish45 said:

Do these settings look like your settings?

The only difference I have is I haven't touched Emby's local ports

image.png.65aef786c861603593f0d373214a81a6.png

Only the Public ones:
image.png.3a9cd7ac74bb5223130aaf7ff07bef0d.png

Caddy communicates internally to Emby on local 8096, but is externally accepting secure connections on 443

The rest of your network settings look correct to me.

And my clients typically connect using Emby Connect, but I just tried connecting manually and I am able to connect via HTTPS (443)

Link to comment
Share on other sites

silverfish45

I have solved the problem...

Here is what I've found..

I was connecting to the server using the Apps with these settings.. https://media.myserver.com and port 443, or  https://media.myserver.com and no port number,... these would both work with the app without any issues but no chromecast..

I found that ONLY if i have the server settings as http://media.myserver.com port 80 will the chromecast work properly..  443 works on the app, 80 works on the app, 80 works for chrome and app.. I'm going to try to use a lets encrypt certificate now and see if chrome is still happy.. Thanks everyone..

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

silverfish45
1 hour ago, Luke said:

Let us know how you get on. Thanks.

Nope, not fixed.. turns out that chromecast will only successfully connect if I open and connect to the server via Chrome browser.. It's by no means reliable or repeatable connection.. it's got to be something to do with how the app is set up.. 

I can 100% of the time connect and login with web ui, apps.. and rarely with chromecast and never with Android TV on white chromecast.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...