Login über Emby App nicht möglich trotz korrekter Anmeldedaten

[Schleudertrauma 4]

Hey Freunde,

ich bräuchte mal eure Hilfe und zwar kann ich mich außerhalb des LAN nicht per Emby App auf dem Server einloggen. In der App wird mir immer angezeigt, dass Nutzername oder Passwort nicht korrekt seien. Die sind aber definitiv korrekt.
Ein Einloggen per mobilem Browser über LTE funktioniert ohne Probleme, warum nicht in der App? Der Server wird in der App ja auch gefunden, nur ist ein Login hier nicht möglich (zumindest von außerhalb des Netzwerkes). Innerhalb des LAN funktioniert der Login auch in der App.

Meine Konfiguration sieht wie folgt aus:

Server 1 (Ubuntu-Server 20.04): Nginx Reverse Proxy

server {
        server_name emby.domain.de;

               proxy_hide_header X-Powered-By;
               add_header X-Xss-Protection "1; mode=block" always;
               add_header X-Content-Type-Options "nosniff"  always;
               add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always;
               add_header X-Frame-Options "SAMEORIGIN" always;
               add_header 'Referrer-Policy' 'no-referrer';

        location / {
                proxy_pass      http://192.168.xxx.xx:8096;
                        proxy_hide_header X-Powered-By;
                        proxy_set_header Range $http_range;
                        proxy_set_header If-Range $http_if_range;
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header Host $host;
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    client_max_body_size 0;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/emby.domain.de/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/emby.domain.de/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = emby.domain.de) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        server_name emby.domain.de;
    listen 80;
    return 404; # managed by Certbot
}
 

Server 2 (Ubuntu-Server 20.04): Emby-Server (Version 4.7.6.0)  -  Ports sind auf Standard (8096 und 8920), Remoteverbindungen sind aktiviert, sicherer Verbindungsmodus ist deaktiviert, das Feld "externe Domain" ist leer, im Prinzip ist alles recht original eingestellt

 

Ich hoffe ihr könnt mir da weiterhelfen, bin leider nicht der beste in Sachen Linux.

 

Grüße

Schleudi

[Luke 37095]

Hi, have you compared your nginx configuration to this?

 

[Schleudertrauma 4]

I compared it today and changed my configuration of nginx and now it works fine. Thank you :D

[Luke 37095]

5 minutes ago, Schleudertrauma said:

I compared it today and changed my configuration of nginx and now it works fine. Thank you

Great. What was the solution?

[Schleudertrauma 4]

1 minute ago, Luke said:

Great. What was the solution?

The solution was that my config was build in /sites-available and then linked to /sites-enabled. The nginx config in /nginx/nginx.conf was on original values from the installation. So i copied the nginx.conf from your your linked post, changed the values to my needs and quotet out every line in the config file made in /sites-available (luckily it was the only one). I didn´t unlink the file yet.

After failed tests with "nginx -t" i had to create the log directory with "mkdir /usr/share/nginx/logs/" and i had to quote out the SSL section because i have no own certificates to implement. So i had to get the Let´s Encrypt Certs to work. Now my config looks like below. After the last test everything was ok. I reloaded with "systemctl restart nginx.service" and tried to login via browser (worked fine) and via Emby App on Android (also fine). Now everything seems to work properly.

## Start of actual server blocks
server {

##    listen [::]:443 ssl http2;
##    listen 443 ssl http2; 
    proxy_buffering off; 

    server_name emby.domain.de;  (Domain changed because nobody needs to know  )

    access_log  logs/emby.log  emby;  ## Creates a log file with this name and the log info above.

## SSL SETTINGS ##
##        ssl_session_timeout 30m;
##        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
##        ssl_certificate      ssl/pub.pem;  ## Location of your public PEM file.
##        ssl_certificate_key  ssl/pvt.pem;  ## Location of your private PEM file.
##        ssl_session_cache shared:SSL:10m;

    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/emby.domain.de/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/emby.domain.de/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

 

Thats was the magic

Greetings

Schleudi