cp41 3 Posted February 16 Share Posted February 16 (edited) I have been running Emby off my Mac mini M1 for a while now without issue. I setup SSL certification for remote access and everything has been working great. Right now, though, I have to renew my certificates every 90 days and then restart the Server for the new Certs to take effect. I have been using CertBot and OpenSSL for my certificate creation. I was trying to explore the use of NGINX Reverse Proxy as a way to automate the SSL Certificate process. Specifically, I could have a powershell script run to generate my certificates using CertBot and then I wouldn't have to worry about restarting the Emby Server as part of the process. I went though the recommended HOW TO: NGINX for Windows Topic that is recommended. And that was very useful for generating my Config file. However, I have not yet been able to get the Reverse Proxy to work. Here is my Config File (this is taken directly from the other HOW TO post): worker_processes 2; events { worker_connections 8192; } http { include mime.types; default_type application/octet-stream; server_tokens off; gzip on; gzip_disable "msie6"; gzip_comp_level 6; gzip_min_length 1100; gzip_buffers 16 8k; gzip_proxied any; gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/rss+xml image/svg+xml; tcp_nodelay on; sendfile off; server_names_hash_bucket_size 128; map_hash_bucket_size 64; ## Start: Timeouts ## client_body_timeout 10; client_header_timeout 10; keepalive_timeout 30; send_timeout 10; keepalive_requests 10; ## End: Timeouts ## ## Default Listening ## server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301 https://$host$request_uri; } ##EMBY Server## server { listen [::]:80; listen 80; listen [::]:443 ssl; listen 443 ssl; server_name mydomain.com; # ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate /private/etc/letsencrypt/live/mydomain.com/cert.pem; ssl_certificate_key /private/etc/letsencrypt/live/mydomain.com/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; proxy_hide_header X-Powered-By; add_header X-Xss-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header 'Referrer-Policy' 'no-referrer'; add_header Content-Security-Policy "frame-ancestors mydomain.com;"; #add your domainname and all subdomains listed on your cert location / { proxy_pass http://192.168.86.21:8096; # This is my local emby ip and non SSL port proxy_hide_header X-Powered-By; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Next three lines allow websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } } I know the syntax works because I ran the command sudo nginx -t and the test was successful. So I guess where I am struggling is the Emby Network Settings and/or the Port Forwarding. As I mentioned, I have Remote Access with mydomain.com working already, so I am at least familiar with these areas (in so much that I know the router works if the ports are set up correctly). But I am not 100% sure that I have these setup the way they are supposed to be configured. I have local http/https as 8096/8920. I have public http/https as 80/443. I forwarded the 80 and 443 ports on my router to the computer that is running NGINX (which is the same computer where Emby runs). Does anyone see where I may have gone wrong, or where I might be missing a step? Edited February 16 by cp41 Replaced Actual Domain Name with mydomain.com Link to comment Share on other sites More sharing options...
Luke 37066 Posted February 16 Share Posted February 16 HI, what exactly is the problem? Link to comment Share on other sites More sharing options...
cp41 3 Posted February 16 Author Share Posted February 16 When I have this setup configured, and I have the NGINX reverse proxy running, l cannot access the server using mydomain.com. The website fails to connect. So I am unable to access the server from outside my network. I figured I must be doing something wrong. I was hoping someone could look at my configuration and see a glaring error. Link to comment Share on other sites More sharing options...
Luke 37066 Posted February 18 Share Posted February 18 Hi, do you get an error message? What does it say? Link to comment Share on other sites More sharing options...
Solution cp41 3 Posted February 18 Author Solution Share Posted February 18 Wellllllll....I was going to take a screenshot of the error. Which I did. But as I did I noticed it talked about the firewall. So I decided to make sure NGINX could pass through the firewall. Once I had that setup...everyhting is working. Huzzah! And even though I didn't end up needing any specific advice from this thread....it did trigger in me the ability to figure it out. So I thank you all the same. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now