Ronny244 4 Posted October 14, 2024 Posted October 14, 2024 I have spent alot of time trying to make Emby secure with https and I have now hit a brick wall. My knowledge on this topic is zero, so im hoping with some guidance I can get this working. OS: Windows Port Forward: 443 Domain: YES SSL: Lets Encrypt via Win-Acme (No passphrase) Reverse Proxy: NGINX Most of the infomation is taken from https://emby.media/community/index.php?/topic/44757-setting-up-ssl-for-emby-wip/#comment-419091 Where I have hit a brick wall is when i try and start NGINX. It fails to start and nothing shows in the logs. Below is my nginx.conf, Thanks in advance. worker_processes 2; events { worker_connections 8192; } http { include mime.types; default_type application/octet-stream; server_tokens off; gzip on; gzip_disable "msie6"; gzip_comp_level 6; gzip_min_length 1100; gzip_buffers 16 8k; gzip_proxied any; gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/rss+xml image/svg+xml; tcp_nodelay on; sendfile off; server_names_hash_bucket_size 128; map_hash_bucket_size 64; ## Start: Timeouts ## client_body_timeout 10; client_header_timeout 10; keepalive_timeout 30; send_timeout 10; keepalive_requests 10; ## End: Timeouts ## ## Default Listening ## server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301 https://$host$request_uri; } ##EMBY Server## server { listen [::]:80; listen 80; listen [::]:443 ssl; listen 443 ssl; server_name emby.mydomain.com; ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate C:\\nginx-1.26.2\conf\SSL\mydomain.com-crt.pem; ssl_certificate_key C:\\nginx-1.26.2\conf\SSL\mydomain.com-key.pem; ssl_session_cache shared:SSL:10m; ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; proxy_hide_header X-Powered-By; add_header X-Xss-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header 'Referrer-Policy' 'no-referrer'; add_header Content-Security-Policy "frame-ancestors mydomain.com; emby.mydomain.com; location / { proxy_pass http://192.167.178.21:8096; proxy_hide_header X-Powered-By; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Next three lines allow websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } }
seanbuff 1015 Posted October 14, 2024 Posted October 14, 2024 7 minutes ago, Ronny244 said: Where I have hit a brick wall is when i try and start NGINX. It fails to start and nothing shows in the logs. Below is my nginx.conf, Thanks in advance. Below is a good reference to use, compare your nginx config with this:
Ronny244 4 Posted October 14, 2024 Author Posted October 14, 2024 Thank you for pointing me to that link. I have edited it to match my server and i still get nothing. One good thing is the seperate log for Emby, that will be usefull going forward. here is my new nginx.config: worker_processes auto; error_log logs/error.log; events { worker_connections 8192; } http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 64; server_tokens off; log_format emby '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port "$http_x_emby_authorization"'; log_format default '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port'; sendfile off; gzip on; gzip_disable "msie6"; gzip_comp_level 6; gzip_min_length 1100; gzip_buffers 16 8k; gzip_proxied any; gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/rss+xml image/svg+xml; proxy_connect_timeout 1h; proxy_send_timeout 1h; proxy_read_timeout 1h; tcp_nodelay on; server { listen 80 default_server; server_name _; return 301 https://$host$request_uri; } server { listen [::]:443 ssl; listen 443 ssl; http2 on; proxy_buffering off; server_name emby.mydomain.com; access_log logs/emby.log emby; ## SSL SETTINGS ## ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate C:/nginx-1.26.2/conf/SSL/mydomain.com-crt.pem; ssl_certificate_key C:/nginx-1.26.2/conf/SSL/mydomain.com-key.pem; ssl_session_cache shared:SSL:10m; location ^~ /swagger { return 404; } location / { proxy_pass http://192.168.178.21:8096; client_max_body_size 1000M; proxy_hide_header X-Powered-By; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header Strict-Transport-Security "max-age=15552000; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } } }
Carlo 4483 Posted October 14, 2024 Posted October 14, 2024 Hi, You did use your actual domain and not "mydomain.com" as shown above, correct? What does the nginx log file show?
Ronny244 4 Posted October 14, 2024 Author Posted October 14, 2024 Hi, I used my domain (godaddy, confirmed with CNAME in Win-Acme) I just changed it before posting. Thanks for checking about it though it could be easily missed. 1
Carlo 4483 Posted October 14, 2024 Posted October 14, 2024 That's good! Next up check the nginx log to see if it has any useful information as to the problem.
Ronny244 4 Posted October 14, 2024 Author Posted October 14, 2024 (edited) There is nothing in the logs, the error and the emby log are both blank. line “error_log logs/error.log;” of my nginx conf and not the actual emby error log that is. I have tried running as admin and changed permissions but I have hit a brick wall and not sure where to go next. Edited October 14, 2024 by Ronny244
Carlo 4483 Posted October 14, 2024 Posted October 14, 2024 How did you install nginx on windows? Did you test it prior to trying to set it up for use with Emby?
Ronny244 4 Posted October 15, 2024 Author Posted October 15, 2024 I downloaded from the nginx site then unzip to my C:/ folder, I didn't test it before as to be honest i dont know how it works. I was just following the guide with all my fingers crossed. I have had a few errors with .pem locations but i think they are sorting in the conf now. I have used commands such as nginx -s reload and nginx -t and I get nothing. Do you suggest I use another version of nginx? Im not sure what to do next.
TMCsw 146 Posted October 15, 2024 Posted October 15, 2024 On 10/14/2024 at 1:20 PM, Ronny244 said: There is nothing in the logs, the error and the emby log are both blank. Is your router forwarding the WAN port(s) to the proper LAN IP:port(s) running nginx ?
Carlo 4483 Posted October 16, 2024 Posted October 16, 2024 On 10/15/2024 at 7:26 AM, Ronny244 said: I downloaded from the nginx site then unzip to my C:/ folder, I didn't test it before as to be honest i dont know how it works. I was just following the guide with all my fingers crossed. I have had a few errors with .pem locations but i think they are sorting in the conf now. I have used commands such as nginx -s reload and nginx -t and I get nothing. Do you suggest I use another version of nginx? Im not sure what to do next. If using the version recommended for Windows from nginx-win.ecsds.eu Read the directions for how to install the windows version. It basically tells you to go to the official nginx site to download and install their windows version. Then you overwrite it with the Windows version from ecsds.eu
Ronny244 4 Posted October 25, 2024 Author Posted October 25, 2024 (edited) On 16/10/2024 at 00:44, TMCsw said: Is your router forwarding the WAN port(s) to the proper LAN IP:port(s) running nginx ? My networking knowage is non existent but ill try and expain what ive done so far. In my routers port sharing settings I seleted my HTPC device with IPv4 address: 192.168.178.21 and opened up port 443. In firewall settings inbound rules I have alowed port 443 for Domain, Private, Public. My Emby Network ill show by attaching pictures at the bottom of this post. In my nginx config im using 192.168.178.21 as its the WAN port on my router? ...geez this is way to deep for me, I should of just stuck with an SSL cert and pass but reverse proxy adds much more security. On 16/10/2024 at 23:51, Carlo said: If using the version recommended for Windows from nginx-win.ecsds.eu Read the directions for how to install the windows version. It basically tells you to go to the official nginx site to download and install their windows version. Then you overwrite it with the Windows version from ecsds.eu Ok thank for that information, will do that now. I am now seeing logs in the logs folder, its saying: [notice] 25476#25044: Fatal: wait for sockapi failed Edited October 25, 2024 by Ronny244
TMCsw 146 Posted October 26, 2024 Posted October 26, 2024 Please give a screen shot of you router’s port forwarding page... And Go to https://www.yougetsignal.com/tools/open-ports/ and put in your URL and port (443)
Ronny244 4 Posted October 26, 2024 Author Posted October 26, 2024 11 hours ago, TMCsw said: Please give a screen shot of you router’s port forwarding page... And Go to https://www.yougetsignal.com/tools/open-ports/ and put in your URL and port (443) I went to https://www.yougetsignal.com/tools/open-ports/ and it shows my ISP's static IP port 443 is open. With IP 192.168.178.21 port 443 is closed. I have now download nginx for windows and replaced from the nginx-win.ecsds.eu version and in command prompt I typed cd c:/nssm restart nginx. it succesfull stopped and started and my log file says: [notice] 3788#12400: Access to sockapi succeeded! [notice] 3788#12400: using sockapi from "4;8;12;"
Q-Droid 830 Posted October 26, 2024 Posted October 26, 2024 You should consider using Caddy instead of nginx. It's the much easier option and ideal for those starting from zero to intermediate networking skill. 1
Ronny244 4 Posted October 29, 2024 Author Posted October 29, 2024 On 26/10/2024 at 13:39, Q-Droid said: You should consider using Caddy instead of nginx. It's the much easier option and ideal for those starting from zero to intermediate networking skill. I wanted to try caddy but there is a lack of guides on the Emby forum. There is one guide but its for V1, Im still open to try caddy but dont want to seach places like reddit. The guides for Nginx are also old but there are more guides so thats why I chose Nginx. On 28/10/2024 at 01:02, Luke said: @Ronny244has this helped? Yes it has helped but I cannot get acces via emby.mydomain.com
GrimReaper 3795 Posted October 29, 2024 Posted October 29, 2024 3 minutes ago, Ronny244 said: I wanted to try caddy but there is a lack of guides on the Emby forum. There is one guide but its for V1 1
Ronny244 4 Posted October 29, 2024 Author Posted October 29, 2024 Ahh great, I will give caddy a go If nginx fails. Thanks for the pointing me to the guides.
Solution Ronny244 4 Posted yesterday at 08:10 AM Author Solution Posted yesterday at 08:10 AM Migrated to Linux and used caddy. Had some issues to begin with but when I used localhost instead of my ip in the caddyfile it worked. Possibly an ip issue caused the problems with nginx. Thank you all for your time. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now