Azor 14 Posted June 29, 2015 Posted June 29, 2015 Here is my setup : I have my Emby server running inside an OpenVZ container with a local IP adress. Local Ip : 192.168.1.1 Public IP : 37.37.37.37 My Emby server can be accessed by two different ways : - Accessing http://37.37.37.37:8096/web/index.html - Accessing http://emby.mydomain.com/, which reverse proxy to http://192.168.1.1:8096 Both options works great, the second being "better" from my point of view as I can have a friendlier url. However, if I connect to Emby using the reverse proxy, I can't access the remote control from any other Emby client (being web, android, etc ...) Is it an issue with my configuration, or an Emby bug ?
mMO 0 Posted June 29, 2015 Posted June 29, 2015 Which proxy do you use? I have noticed the same issue with my nginx reverse proxy. Can you post your proxy config?
Azor 14 Posted June 29, 2015 Author Posted June 29, 2015 Which proxy do you use? I have noticed the same issue with my nginx reverse proxy. Can you post your proxy config? Nginx aswell, here is my config : /etc/nginx/sites-enabled/emby server { listen 80; server_name emby.domain; location / { include proxy.conf; proxy_pass http://192.168.1.9:8096; } } /etc/nginx/proxy.conf proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_headers_hash_max_size 51200; proxy_headers_hash_bucket_size 6400;
Azor 14 Posted July 6, 2015 Author Posted July 6, 2015 Anyone got an idea on this ? This isn't a really urgent bug, but using a shortened url would definitely help !
Solution Karbowiak 27 Posted July 7, 2015 Solution Posted July 7, 2015 This is what i use, redirects from http to https, and passes all traffic to the Emby instance, including websocket traffic. server { server_name mydomain; listen 80; rewrite ^ https://mydomain$request_uri? permanent; } server { server_name mydomain; listen 443 ssl spdy; ssl_certificate ; ssl_certificate_key ; ssl_prefer_server_ciphers On; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL'; ssl_stapling on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/ca-certs.pem; keepalive_timeout 180; # This is for strict transport security HSTS # add_header Strict-Transport-Security max-age=31536000; client_max_body_size 1024M; location / { # Send traffic to the backend proxy_pass http://127.0.0.1:8096; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; proxy_redirect off; # Send websocket data to the backend aswell proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } 2
Azor 14 Posted July 7, 2015 Author Posted July 7, 2015 Thanks @@Karbowiak, it does indeed work, I guess I was missing the websocket part!
Cerothen 95 Posted September 21, 2015 Posted September 21, 2015 I have been fighting with this for about a week now and I cannot seem to get the websockets to work. I tried pasting even the exact config in in the answer above and have had no luck at all. My Nginx version is 1.8.0 running on Debian 7. Any thoughts how I might be able to get this to work?
Luke 38874 Posted September 21, 2015 Posted September 21, 2015 remember that emby can be accessed using the /emby subpath. I think that makes things easier for reverse proxies.
fc7 123 Posted September 21, 2015 Posted September 21, 2015 Just to add my two cents, I'm using Apache as a SSL reverse proxy for Emby and it works fine. Also the configuration looks much more simpler. In case anyone is interested, mine looks like this (I'm using a virtual host since I have other SSL sites behind the same proxy): <VirtualHost *:443> ServerName emby.somedomain.com ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://<emby_internal_ip>:8096/ ProxyPassReverse / http://<emby_internal_ip>:8096/ SSLEngine On SSLCertificateFile <path_to_SSL_cert> SSLCertificateKeyFile <path_to_SSL_private_key> </VirtualHost> This is the shorter version since I'm also authenticating users against Active Directory before they can reach Emby login page for added security. Hope it helps to anyone else wanting to try Apache as a reverse proxy for Emby.
Cerothen 95 Posted September 21, 2015 Posted September 21, 2015 I have the proxy working however I cant seem to have nginx upgrade the connection to allow the websocket to be passed through. from what I have read its been available since nginx 1.4 so I should be in the clear however it doesnt seem to be functioning as expected.
rubenverhoef 11 Posted September 21, 2015 Posted September 21, 2015 This is what i use, redirects from http to https, and passes all traffic to the Emby instance, including websocket traffic. server { server_name mydomain; listen 80; rewrite ^ https://mydomain$request_uri? permanent; } server { server_name mydomain; listen 443 ssl spdy; ssl_certificate ; ssl_certificate_key ; ssl_prefer_server_ciphers On; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL'; ssl_stapling on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/ca-certs.pem; keepalive_timeout 180; # This is for strict transport security HSTS # add_header Strict-Transport-Security max-age=31536000; client_max_body_size 1024M; location / { # Send traffic to the backend proxy_pass http://127.0.0.1:8096; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; proxy_redirect off; # Send websocket data to the backend aswell proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } It works, but not great. When i delete the watched status i get this error in chrome debug console: DELETE https://www.thuisverhoef.nl/emby/Users/17e625b5d76647d98af7f31a47ed7130/PlayedItems/74fcb72fccec2bb1f44fb77a531f2388 net::ERR_EMPTY_RESPONSE I think there are more problems, i will check it. and ofcourse look into it myself but some help is always fine
fc7 123 Posted September 21, 2015 Posted September 21, 2015 I have the proxy working however I cant seem to have nginx upgrade the connection to allow the websocket to be passed through. from what I have read its been available since nginx 1.4 so I should be in the clear however it doesnt seem to be functioning as expected. Ok. I thought about sharing my setup since I'm not having any issue so far with Apache as reverse proxy and websocket is just working out of the box. Sent from my iPad using Tapatalk
rubenverhoef 11 Posted September 22, 2015 Posted September 22, 2015 Ok. I thought about sharing my setup since I'm not having any issue so far with Apache as reverse proxy and websocket is just working out of the box. Sent from my iPad using Tapatalk well, my server and alle the applications runs on nginx, and i love the performance of nginx. Switching to apache is not the ideal sollution.
rubenverhoef 11 Posted September 24, 2015 Posted September 24, 2015 Ok. I thought about sharing my setup since I'm not having any issue so far with Apache as reverse proxy and websocket is just working out of the box. Sent from my iPad using Tapatalk Well, i have managed to switched to Apache because nginx websocket reverse proxy didn't work so well for more applications. But how do you manage Emby Connect? it doesn't work.
fc7 123 Posted September 24, 2015 Posted September 24, 2015 (edited) To be honest I don't use it but more important I don't know how it really works (again because I just don't use it). If I can get a good explanation of how it works and the flows I may be able to help a little bit more. ThanksSent from my iPhone using Tapatalk Edited September 24, 2015 by fc7
rubenverhoef 11 Posted September 29, 2015 Posted September 29, 2015 To be honest I don't use it but more important I don't know how it really works (again because I just don't use it). If I can get a good explanation of how it works and the flows I may be able to help a little bit more. Thanks Sent from my iPhone using Tapatalk when i use your apache config it works but on every page i get in firefox console: could not connect to wss://www.thuisverhoef.nl/emby?api_key=f33e33e3533947238e95701ada9efbea&deviceId=22b67452d654ab4bc01c40452e14574abe9d72a3. any idea? <Proxy *> Order deny,allow deny from all Allow from all </Proxy> ProxyPass /emby http://192.168.0.3:8096/emby ProxyPassReverse /emby http://192.168.0.3:8096/emby
fc7 123 Posted September 29, 2015 Posted September 29, 2015 (edited) Maybe you can try adding a location configuration. So to the configuration that I shared above will now look like this: <VirtualHost *:443> ServerName emby.somedomain.com ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> ProxyPass http://<emby_internal_ip>:8096/ ProxyPassReverse http://<emby_internal_ip>:8096/ </Location> <Location /emby> ProxyPass ws://<emby_internal_ip>:8096/emby ProxyPassReverse ws://<emby_internal_ip>:8096/emby </Location> SSLEngine On SSLCertificateFile <path_to_SSL_cert> SSLCertificateKeyFile <path_to_SSL_private_key> </VirtualHost> The you should restart Apache, to be on the safe side. Let me know if it worked. EDIT: small change in the configuration file. Edited September 29, 2015 by fc7
rubenverhoef 11 Posted September 29, 2015 Posted September 29, 2015 Maybe you can try adding a location configuration. So to the configuration that I shared above will now look like this: <VirtualHost *:443> ServerName emby.somedomain.com ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> ProxyPass / http://<emby_internal_ip>:8096/ ProxyPassReverse / http://<emby_internal_ip>:8096/ </Location> <Location /emby> ProxyPass ws://<emby_internal_ip>:8096/emby ProxyPassReverse ws://<emby_internal_ip>:8096/emby </Location> SSLEngine On SSLCertificateFile <path_to_SSL_cert> SSLCertificateKeyFile <path_to_SSL_private_key> </VirtualHost> The you should restart Apache, to be on the safe side. Let me know if it worked. ProxyPass / http://<emby_internal_ip>:8096/ ProxyPassReverse / http://<emby_internal_ip>:8096/ has to be: ProxyPass http://<emby_internal_ip>:8096/ ProxyPassReverse http://<emby_internal_ip>:8096/ i think but it is not helping. same error
fc7 123 Posted September 29, 2015 Posted September 29, 2015 ProxyPass / http://<emby_internal_ip>:8096/ ProxyPassReverse / http://<emby_internal_ip>:8096/ has to be: ProxyPass http://<emby_internal_ip>:8096/ ProxyPassReverse http://<emby_internal_ip>:8096/ i think but it is not helping. same error Indeed I changed it a few minutes ago. So that didn't work either? Weird.... is working for me with another application but maybe the application behaves different than Emby. You see this error when trying to play video?
fc7 123 Posted September 29, 2015 Posted September 29, 2015 Are you doing SSL termination with Apache? I mean, is this your setup?<Internet> -- SSL --> <Apache Proxy> -- PLAIN HTTP --> <Emby>
rubenverhoef 11 Posted September 29, 2015 Posted September 29, 2015 (edited) the error is only in the console of chrome or firefox. everything works "fine". the error comes in the console every time i change from screen (like i click on a movie) there is no error when playing a video. and yes see: <VirtualHost _default_:443> ServerName www.thuisverhoef.nl ProxyRequests Off <Proxy *> Order deny,allow deny from all Allow from all </Proxy> ProxyPass /emby http://192.168.0.3:8096/emby ProxyPassReverse /emby http://192.168.0.3:8096/emby Redirect permanent /mediabrowser https://www.thuisverhoef.nl/emby SSLEngine On SSLCertificateFile "/etc/certificates/www.thuisverhoef.nl_bundle.crt" SSLCertificateKeyFile "/etc/certificates/www.thuisverhoef.nl_bundle.key" </VirtualHost> the config with location didn't work either without the proxypass emby locations the error is also present in chrome/firefox console NOTE: the error is not present when i go to the local emby ip:port Edited September 29, 2015 by rubenverhoef
fc7 123 Posted September 29, 2015 Posted September 29, 2015 This may seem obvious, but did you check that you are loading the Proxy Websocket module in Apache configuration (mod_proxy_wstunnel.so)?
rubenverhoef 11 Posted September 29, 2015 Posted September 29, 2015 This may seem obvious, but did you check that you are loading the Proxy Websocket module in Apache configuration (mod_proxy_wstunnel.so)? yes i load :proxy_wstunnel_module, proxy_module and proxy_http_module
fc7 123 Posted September 29, 2015 Posted September 29, 2015 the error is only in the console of chrome or firefox. everything works "fine". the error comes in the console every time i change from screen (like i click on a movie) there is no error when playing a video. and yes see: <VirtualHost _default_:443> ServerName www.thuisverhoef.nl ProxyRequests Off <Proxy *> Order deny,allow deny from all Allow from all </Proxy> ProxyPass /emby http://192.168.0.3:8096/emby ProxyPassReverse /emby http://192.168.0.3:8096/emby Redirect permanent /mediabrowser https://www.thuisverhoef.nl/emby SSLEngine On SSLCertificateFile "/etc/certificates/www.thuisverhoef.nl_bundle.crt" SSLCertificateKeyFile "/etc/certificates/www.thuisverhoef.nl_bundle.key" </VirtualHost> the config with location didn't work either without the proxypass emby locations the error is also present in chrome/firefox console NOTE: the error is not present when i go to the local emby ip:port I would suggest two things. 1- Make sure that you have the mod_proxy_wstunnel.so module configured and loading in Apache. 2- Review the configuration since what you are pasting here is not correct. You need to use the "Location" configuration and also check that you are using the correct URL for /emby location. That will be ws:// and not http:// as I read in your post. You can use my previous posted configuration as an example (please check it again since I edited it like twice and you maybe wrinting a post and didn't notice the changes )
fc7 123 Posted September 29, 2015 Posted September 29, 2015 (edited) yes i load :proxy_wstunnel_module, proxy_module and proxy_http_module Ok that's great. So please now, try the configuration I posted and edited in my previous post. Pay attention to the /emby location and the protocol configuration of the Proxypass directive since it must be ws:// and not http:// Let me know how it goes. EDIT: by the way, which version of Apache and on which distro are you running your proxy? Edited September 29, 2015 by fc7
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now