embyuser22 0 Posted April 5, 2016 Share Posted April 5, 2016 (edited) Hello, I try these booth settings here but it don't work. Header set Connection "Upgrade" RequestHeader setifempty Connection "Upgrade" Header set Upgrade "websocket" RequestHeader setifempty Upgrade "websocket" # Notice!!! Put me before http!!! ProxyPass /embywebsocket ws://192.168.0.3:8096/embywebsocket ProxyPassReverse /embywebsocket ws://192.168.0.3:8096/embywebsocket # Notice!!! Put me after ws!!! ProxyPass /emby http://192.168.0.3:8096/emby ProxyPassReverse /emby http://192.168.0.3:8096/emby Header set Connection "Upgrade" RequestHeader setifempty Connection "Upgrade" Header set Upgrade "websocket" RequestHeader setifempty Upgrade "websocket" # Notice!!! Put me before http!!! ProxyPass /socket ws://localhost:8096/socket ProxyPassReverse /socket ws://localhost:8096/socket # Notice!!! Put me after ws!!! ProxyPass / http://localhost:8096/ ProxyPassReverse / http://localhost:8096/ I can call the website and play movies but I get the Error: WebSocket connection to 'ws://emby/embywebsocket?api_key=90bac03e217b47a9b4dc5863faf6803d&deviceId=88edef1b16cfe3bb50972ceeaf6c0d88157f0cac' failed: Error during WebSocket handshake: Unexpected response code: 404 i use apache 2.4.7 und I have tried some browsers. Do anyone has the same problem or a solution? btw: for the tests I'm using HTTP Edited April 5, 2016 by embyuser22 Link to comment Share on other sites More sharing options...
Luke 37099 Posted April 5, 2016 Share Posted April 5, 2016 Hello, I try these booth settings here but it don't work. Header set Connection "Upgrade" RequestHeader setifempty Connection "Upgrade" Header set Upgrade "websocket" RequestHeader setifempty Upgrade "websocket" # Notice!!! Put me before http!!! ProxyPass /embywebsocket ws://192.168.0.3:8096/embywebsocket ProxyPassReverse /embywebsocket ws://192.168.0.3:8096/embywebsocket # Notice!!! Put me after ws!!! ProxyPass /emby http://192.168.0.3:8096/emby ProxyPassReverse /emby http://192.168.0.3:8096/emby Header set Connection "Upgrade" RequestHeader setifempty Connection "Upgrade" Header set Upgrade "websocket" RequestHeader setifempty Upgrade "websocket" # Notice!!! Put me before http!!! ProxyPass /socket ws://localhost:8096/socket ProxyPassReverse /socket ws://localhost:8096/socket # Notice!!! Put me after ws!!! ProxyPass / http://localhost:8096/ ProxyPassReverse / http://localhost:8096/ I can call the website and play movies but I get the Error: WebSocket connection to 'ws://emby/embywebsocket?api_key=90bac03e217b47a9b4dc5863faf6803d&deviceId=88edef1b16cfe3bb50972ceeaf6c0d88157f0cac' failed: Error during WebSocket handshake: Unexpected response code: 404 i use apache 2.4.7 und I have tried some browsers. Do anyone has the same problem or a solution? btw: for the tests I'm using HTTP Hi there, please provide the server log: http://emby.media/community/index.php?/topic/739-how-to-report-a-problem/ Thanks. Link to comment Share on other sites More sharing options...
rubenverhoef 11 Posted April 5, 2016 Share Posted April 5, 2016 Please provide also your apache config I use ProxyPass /embywebsocket ws://192.168.0.3:8096/embywebsocket ProxyPassReverse /embywebsocket ws://192.168.0.3:8096/embywebsocket ProxyPass /emby http://192.168.0.3:8096/emby ProxyPassReverse /emby http://192.168.0.3:8096/emby Because i want to have emby at https://www.example.com/emby and i noticed that the websocket was at /embywebsocket in stead of /socket. Link to comment Share on other sites More sharing options...
dcrdev 251 Posted April 5, 2016 Share Posted April 5, 2016 (edited) I think everyone is over complicating it - this works even when accessing the websocket from root /: <If "%{HTTP_HOST} = 'media.domain.com'"> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} </If> <VirtualHost *:443> ServerName media.domain.com RewriteEngine On RewriteCond %{HTTP:Connection} Upgrade [NC] RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteRule /(.*) ws://127.0.0.1:8096/$1 [P,L] SSLProxyEngine On RequestHeader set Front-End-Https "On" ProxyPreserveHost On ProxyRequests off <Location /> ProxyPass http://127.0.0.1:8096/ ProxyPassReverse / </Location> SSLEngine on SSLCertificateFile /etc/httpd/ssl/server.pem SSLCertificateChainFile /etc/pki/CA/cacert.pem SSLCertificateKeyFile /etc/httpd/ssl/server.key SSLProtocol all -SSLv2 -SSLv3 -TLSv1 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA3$ SSLHonorCipherOrder on # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security "max-age=15768000" </VirtualHost> Edited April 5, 2016 by dcrdev Link to comment Share on other sites More sharing options...
embyuser22 0 Posted April 6, 2016 Share Posted April 6, 2016 Here my config: <virtualhost *:443> ServerName emby.domain.com UseCanonicalName On <proxy *> <RequireAny> <RequireAll> Require ip 192.168.100.4 </RequireAll> <RequireAll> AuthType Basic AuthName "Put in user and password!" AuthUserFile /etc/apache2/htpasswd Require valid-user </RequireAll> </RequireAny> </proxy> #ssl browser SSLEngine On SSLProtocol ALL -SSLv2 -SSLv3 SSLProtocol TLSv1 TLSv1.1 TLSv1.2 SSLCertificateFile /etc/apache2/ssl/org.crt SSLCertificateKeyFile /etc/apache2/org.key #ssl proxy SSLProxyEngine On SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ProxyRequests Off ProxyPreserveHost On # Header set Connection "Upgrade" # RequestHeader setifempty Connection "Upgrade" # Header set Upgrade "websocket" # RequestHeader setifempty Upgrade "websocket" # Notice!!! Put me before http!!! ProxyPass /embywebsocket ws://192.168.0.102:8096/embywebsocket ProxyPassReverse /embywebsocket ws://192.168.0.102:8096/embywebsocket # Notice!!! Put me after ws!!! ProxyPass / http://192.168.0.102:8096/ ProxyPassReverse / http://192.168.0.102:8096/ </virtualhost> and the Error: WebSocket connection to 'wss://emby.domain.com/embywebsocket?api_key=65377b03457942beb9db9fd1ab103959&deviceId=3b822b35fef7d66d449deace28d99304795c6978' failed: Error during WebSocket handshake: Unexpected response code: 500 Link to comment Share on other sites More sharing options...
sea3pea0 5 Posted August 12, 2016 Share Posted August 12, 2016 (edited) Thanks, this apache reverse proxy works for me to access emby from web browsers: Header set Connection "Upgrade" RequestHeader setifempty Connection "Upgrade" Header set Upgrade "websocket" RequestHeader setifempty Upgrade "websocket" # Notice!!! Put me before http!!! ProxyPass /embywebsocket ws://192.168.0.3:8096/embywebsocket ProxyPassReverse /embywebsocket ws://192.168.0.3:8096/embywebsocket # Notice!!! Put me after ws!!! ProxyPass /emby http://192.168.0.3:8096/emby ProxyPassReverse /emby http://192.168.0.3:8096/emby It would be nice to have the ability to access emby from "https://mysite.com/emby"from the various emby apps. I don't have the ability to assign a subdomain to emby since I am running it on a server that is already assigned to a subdomain. Edited August 12, 2016 by sea3pea0 Link to comment Share on other sites More sharing options...
Guest plexman Posted October 17, 2016 Share Posted October 17, 2016 The config from curtisghanson was not working for me because emby was connecting its websocket to /embywebsocket. So i made this config for apache with some code from curtisghanson. Now you can go to www.domain.com/emby without a error in chrome about websockets. Maybe this works for others as well. Header set Connection "Upgrade" RequestHeader setifempty Connection "Upgrade" Header set Upgrade "websocket" RequestHeader setifempty Upgrade "websocket" # Notice!!! Put me before http!!! ProxyPass /embywebsocket ws://192.168.0.3:8096/embywebsocket ProxyPassReverse /embywebsocket ws://192.168.0.3:8096/embywebsocket # Notice!!! Put me after ws!!! ProxyPass /emby http://192.168.0.3:8096/emby ProxyPassReverse /emby http://192.168.0.3:8096/emby Other question, is it possible to use emby connect with reverse proxy so i can close the 8096 port and all the apps are connecting over HTTPS? In the emby server settings i cannot set my outgoing address to https://www.domain.com/emby, i have to specify a port. But https://www.domain.com/emby:443 doesn't work. Does anyone know if this is possible? This config worked perfectly on my server!! Thanks! Link to comment Share on other sites More sharing options...
Luke 37099 Posted October 17, 2016 Share Posted October 17, 2016 Great info, thanks! Link to comment Share on other sites More sharing options...
tigrao 18 Posted October 20, 2016 Share Posted October 20, 2016 I am using IIS on my Windows 8.1 machine to reverse proxy to Emby. I just came across this post and it prompted me to check the Chrome console. Sure enough, I was seeing a websockets error. It turned out that all I had to do was turn on the WebSocket Protocol under the IIS features. I don't have an error in Chrome anymore and remote control works. Link to comment Share on other sites More sharing options...
chigh 10 Posted December 29, 2016 Share Posted December 29, 2016 Hello, I try these booth settings here but it don't work. Header set Connection "Upgrade" RequestHeader setifempty Connection "Upgrade" Header set Upgrade "websocket" RequestHeader setifempty Upgrade "websocket" # Notice!!! Put me before http!!! ProxyPass /embywebsocket ws://192.168.0.3:8096/embywebsocket ProxyPassReverse /embywebsocket ws://192.168.0.3:8096/embywebsocket # Notice!!! Put me after ws!!! ProxyPass /emby http://192.168.0.3:8096/emby ProxyPassReverse /emby http://192.168.0.3:8096/emby Header set Connection "Upgrade" RequestHeader setifempty Connection "Upgrade" Header set Upgrade "websocket" RequestHeader setifempty Upgrade "websocket" # Notice!!! Put me before http!!! ProxyPass /socket ws://localhost:8096/socket ProxyPassReverse /socket ws://localhost:8096/socket # Notice!!! Put me after ws!!! ProxyPass / http://localhost:8096/ ProxyPassReverse / http://localhost:8096/ I can call the website and play movies but I get the Error: WebSocket connection to 'ws://emby/embywebsocket?api_key=90bac03e217b47a9b4dc5863faf6803d&deviceId=88edef1b16cfe3bb50972ceeaf6c0d88157f0cac' failed: Error during WebSocket handshake: Unexpected response code: 404 i use apache 2.4.7 und I have tried some browsers. Do anyone has the same problem or a solution? btw: for the tests I'm using HTTP Do you have the mod "mod_proxy_wstunnel" enabled? Link to comment Share on other sites More sharing options...
matejz 0 Posted February 19, 2017 Share Posted February 19, 2017 Hello, I tried setting up reverse proxy for my Emby today with @@curtisghanson config and web interface is working. Websockets also seem to work, as does iPhone app. At the moment, only AndroidTV app doesn't work. I can see the libraries, but playing doesn't work. All I get is a black screen with rotating circle. It does work when accessing Emby directly, so I think it must be the reverse proxy that is causing the problems. I think the problem are those lines. For some reason, there is a problem with streaming data, where Emby returns an error of 500 (last line in bottom log). 2017-02-19 13:33:28.7540 Warn App: PlaybackStart reported with null media info. 2017-02-19 13:33:28.7540 Info HttpServer: HTTP Response 204 to 184.192.1.9. Time: 2ms. http://domain.example.org:8096/emby/Sessions/Playing 2017-02-19 13:33:29.5416 Info HttpServer: HTTP GET http://domain.example.org:8096/emby/Videos/5b7f1905703fb9d12134f5e9721a10cc/stream.mkv?DeviceId=a6f8d4e7503b1cce&Static=true&Tag=c009565c69b0eba17f8c70550670b3ab&MediaSourceId=5b7f1905703fb9d12134f5e9721a10cc. UserAgent: Emby/1.3.20g (Linux;Android 5.1.1) ExoPlayerLib/2.0.4 2017-02-19 13:33:29.6597 Error HttpResultFactory: Error streaming data *** Error Report *** Version: 3.2.1.0 Command line: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe -programdata /media/apps/data/emby/ -restartpath /usr/lib/emby-server/restart.sh Operating system: Unix 3.10.0.514 64-Bit OS: True 64-Bit Process: True Mono: 4.6.2 (Stable 4.6.2.16/ac9e222 Tue Jan 3 11:51:14 UTC 2017) Processor count: 2 Program data path: /media/apps/data/emby/ Application directory: /usr/lib/emby-server/bin System.IO.IOException: Unable to write data to the transport connection: Connection reset by peer. ---> System.Net.Sockets.SocketException: Connection reset by peer at System.Net.Sockets.Socket.EndSend (System.IAsyncResult result) [0x00033] in <5071a6e4a4564e19a2eda0f53e42f9bd>:0 at System.Net.Sockets.NetworkStream.EndWrite (System.IAsyncResult asyncResult) [0x0005f] in <5071a6e4a4564e19a2eda0f53e42f9bd>:0 --- End of inner exception stack trace --- at System.Net.Sockets.NetworkStream.EndWrite (System.IAsyncResult asyncResult) [0x000af] in <5071a6e4a4564e19a2eda0f53e42f9bd>:0 at System.IO.Stream.<BeginEndWriteAsync>m__8 (System.IO.Stream stream, System.IAsyncResult asyncResult) [0x00000] in <8f2c484307284b51944a1a13a14c0266>:0 at (wrapper delegate-invoke) System.Func`3[System.IO.Stream,System.IAsyncResult,System.Threading.Tasks.VoidTaskResult]:invoke_TResult_T1_T2 (System.IO.Stream,System.IAsyncResult) at System.Threading.Tasks.TaskFactory`1+FromAsyncTrimPromise`1[TResult,TInstance].Complete (TInstance thisRef, System.Func`3[T1,T2,TResult] endMethod, System.IAsyncResult asyncResult, System.Boolean requiresSynchronization) [0x00002] in <8f2c484307284b51944a1a13a14c0266>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0004e] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x0002e] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x0000b] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <8f2c484307284b51944a1a13a14c0266>:0 at SocketHttpListener.Net.ResponseStream+<WriteAsync>c__async0.MoveNext () [0x0020c] in <8c1f4f2ba8e148669f131698c4f504eb>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0004e] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x0002e] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x0000b] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <8f2c484307284b51944a1a13a14c0266>:0 at System.IO.Stream+<CopyToAsyncInternal>c__async0.MoveNext () [0x0009b] in <8f2c484307284b51944a1a13a14c0266>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0004e] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x0002e] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x0000b] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <8f2c484307284b51944a1a13a14c0266>:0 at Emby.Server.Implementations.HttpServer.StreamWriter+<WriteToAsync>c__async0.MoveNext () [0x00139] in <60da0dda661040f0bc947d7e94c669aa>:0 System.IO.IOException at System.Net.Sockets.NetworkStream.EndWrite (System.IAsyncResult asyncResult) [0x000af] in <5071a6e4a4564e19a2eda0f53e42f9bd>:0 at System.IO.Stream.<BeginEndWriteAsync>m__8 (System.IO.Stream stream, System.IAsyncResult asyncResult) [0x00000] in <8f2c484307284b51944a1a13a14c0266>:0 at (wrapper delegate-invoke) System.Func`3[System.IO.Stream,System.IAsyncResult,System.Threading.Tasks.VoidTaskResult]:invoke_TResult_T1_T2 (System.IO.Stream,System.IAsyncResult) at System.Threading.Tasks.TaskFactory`1+FromAsyncTrimPromise`1[TResult,TInstance].Complete (TInstance thisRef, System.Func`3[T1,T2,TResult] endMethod, System.IAsyncResult asyncResult, System.Boolean requiresSynchronization) [0x00002] in <8f2c484307284b51944a1a13a14c0266>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0004e] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x0002e] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x0000b] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <8f2c484307284b51944a1a13a14c0266>:0 at SocketHttpListener.Net.ResponseStream+<WriteAsync>c__async0.MoveNext () [0x0020c] in <8c1f4f2ba8e148669f131698c4f504eb>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0004e] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x0002e] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x0000b] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <8f2c484307284b51944a1a13a14c0266>:0 at System.IO.Stream+<CopyToAsyncInternal>c__async0.MoveNext () [0x0009b] in <8f2c484307284b51944a1a13a14c0266>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0004e] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x0002e] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x0000b] in <8f2c484307284b51944a1a13a14c0266>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <8f2c484307284b51944a1a13a14c0266>:0 at Emby.Server.Implementations.HttpServer.StreamWriter+<WriteToAsync>c__async0.MoveNext () [0x00139] in <60da0dda661040f0bc947d7e94c669aa>:0 InnerException: System.Net.Sockets.SocketException System.Net.Sockets.SocketException (0x80004005): Connection reset by peer at System.Net.Sockets.Socket.EndSend (System.IAsyncResult result) [0x00033] in <5071a6e4a4564e19a2eda0f53e42f9bd>:0 at System.Net.Sockets.NetworkStream.EndWrite (System.IAsyncResult asyncResult) [0x0005f] in <5071a6e4a4564e19a2eda0f53e42f9bd>:0 at System.Net.Sockets.Socket.EndSend (System.IAsyncResult result) [0x00033] in <5071a6e4a4564e19a2eda0f53e42f9bd>:0 at System.Net.Sockets.NetworkStream.EndWrite (System.IAsyncResult asyncResult) [0x0005f] in <5071a6e4a4564e19a2eda0f53e42f9bd>:0 2017-02-19 13:33:29.6667 Info HttpServer: HTTP Response 500 to 184.192.1.9. Time: 125ms. http://domain.example.org:8096/emby/Videos/5b7f1905703fb9d12134f5e9721a10cc/stream.mkv?DeviceId=a6f8d4e7503b1cce&Static=true&Tag=c009565c69b0eba17f8c70550670b3ab&MediaSourceId=5b7f1905703fb9d12134f5e9721a10cc 2017-02-19 13:33:29.7086 Info HttpServer: HTTP GET http://domain.example.org:8096/emby/Videos/5b7f1905703fb9d12134f5e9721a10cc/stream.mkv?DeviceId=a6f8d4e7503b1cce&Static=true&Tag=c009565c69b0eba17f8c70550670b3ab&MediaSourceId=5b7f1905703fb9d12134f5e9721a10cc. UserAgent: Emby/1.3.20g (Linux;Android 5.1.1) ExoPlayerLib/2.0.4 Apache configuration Listen 3030 https <VirtualHost _default_:3030> ServerName host.domain.com UseCanonicalName On <Proxy *> Order deny,allow Allow from all </Proxy> SSLEngine On SSLProxyEngine On SSLProtocol ALL -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLProxyVerify None SSLProxyCheckPeerCN Off SSLProxyCheckPeerName Off SSLProxyCheckPeerExpire Off SSLCertificateFile /etc/letsencrypt/live/host.domain.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/host.domain.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/host.domain.com/fullchain.pem SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS ProxyRequests Off ProxyPreserveHost On Header set Connection "Upgrade" RequestHeader setifempty Connection "Upgrade" Header set Upgrade "websocket" RequestHeader setifempty Upgrade "websocket" # Notice!!! Put me before http!!! ProxyPass /embywebsocket ws://localhost:8096/embywebsocket ProxyPassReverse /embywebsocket ws://localhost:8096/embywebsocket # Notice!!! Put me after ws!!! ProxyPass / http://localhost:8096/ ProxyPassReverse / http://localhost:8096/ ErrorLog /var/log/httpd/emby-ssl-error.log CustomLog /var/log/httpd/emby-ssl-access.log combined </VirtualHost> Server log when starting stream is attached. Anyone with same troubles who managed to solved them? emby-server-log.txt Link to comment Share on other sites More sharing options...
Luke 37099 Posted February 19, 2017 Share Posted February 19, 2017 Is that the default config for apache? Link to comment Share on other sites More sharing options...
matejz 0 Posted February 19, 2017 Share Posted February 19, 2017 (edited) What do you mean by default? I have a fresh apache installation with the upper configuration added to my vhost for emby and disabled unused modules. I will try and enable all disabled modules, just in case I accidentally disabled too many:) More info about my system: * CentOS 7 * apache 2.4.25 * emby 3.2.1 * mono 4.6.2.16 I will try also try with nginx, just to see if that works. That way, it will be easier to search for problems:) Edited February 19, 2017 by matejz Link to comment Share on other sites More sharing options...
matejz 0 Posted February 20, 2017 Share Posted February 20, 2017 I tried enabling all modules on apache, but it still wasnt working. After a few hours I gave up and switched to nginx config from @@Karbowiak. I changed some parts to get better result on ssllabs.com (A+). server { server_name server.domain.org listen 442 ssl; ssl_certificate /etc/letsencrypt/live/server.domain.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/server.domain.org/privkey.pem; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; #ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; keepalive_timeout 180; add_header Strict-Transport-Security max-age=15768000; client_max_body_size 1024M; location / { # Send traffic to the backend proxy_pass http://127.0.0.1:8096; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; proxy_redirect off; # Send websocket data to the backend aswell proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } Current ciphers support the following browsers: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7 If you comment that one and uncomment the bottom one, you get more secure ciphers and TLS1.2 only. In that case only the following browsers are supported: Firefox 27, Chrome 30, IE 11 on Windows 7, Edge, Opera 17, Safari 9, Android 5.0, and Java 8 Link to comment Share on other sites More sharing options...
Luke 37099 Posted February 20, 2017 Share Posted February 20, 2017 Thanks for the report. Link to comment Share on other sites More sharing options...
matejz 0 Posted February 20, 2017 Share Posted February 20, 2017 Also, be aware that my config has HTTP Strict Transport Security enabled, so after visiting the emby vhost, all connections to this host will be forced via https. So if you have other services running on the host, browser will always visit the URL via https. Link to comment Share on other sites More sharing options...
tigrao 18 Posted July 31, 2017 Share Posted July 31, 2017 I don't know if this is the appropriate place to post this or not. This post seems like one of the best resources for correct configuration of reverse proxies though. Back in October I posted that I successfully configured IIS as a reverse proxy with full support for remote control. Well, I recently added a music library to my Emby server. Music seemed to play okay on a computer web browser, but it wouldn't play on my iOS Emby app when I was out of my home network. I troubleshooted this for a long time and finally decided that it might be IIS not playing nice as a reverse proxy. I switched to using nginx on an Ubuntu VM and now music plays on my IOS apps just fine. I used the configuration posted by @@Karbowiak and it is working flawlessly for me. Long story short: Don't use IIS as a reverse proxy. Use one of the tried and true open source solutions. I am using IIS on my Windows 8.1 machine to reverse proxy to Emby. I just came across this post and it prompted me to check the Chrome console. Sure enough, I was seeing a websockets error. It turned out that all I had to do was turn on the WebSocket Protocol under the IIS features. I don't have an error in Chrome anymore and remote control works. Link to comment Share on other sites More sharing options...
Karbowiak 27 Posted August 2, 2017 Share Posted August 2, 2017 Just to do a tiny update to this - i have since the original post switched to Caddy, and my god, the config files of Caddy are short..A full Caddyfile to run Embt through it, with automatic ssl cert management, websocket etc. amounts to a total of 7 lines.. yourdomain.tld { gzip timeouts none proxy / 127.0.0.1:8096 { transparent websocket } } If you want to use Caddy for this (and other websites on your server) i'm willing to post a setup guide to getting it to run via SystemD and whatnots.Coincidentally, the above config, also works with Plex - just change the ports and voila Link to comment Share on other sites More sharing options...
Luke 37099 Posted August 2, 2017 Share Posted August 2, 2017 Great info, thanks ! Link to comment Share on other sites More sharing options...
Tur0k 143 Posted August 3, 2017 Share Posted August 3, 2017 (edited) I purchased a domain from google and created a DDNS/A+ record that is updated from the dynamic DNS client on my PFsense firewall. I have a few CNAME records that point back to the DDNS records. I use let's encrypt certificates that I manage from an acme client package also installed on my PFsense firewall. The acme client automatically restarts the services tied to different services I have running when it renews a certificate. I hosted an HAProxy reverse proxy package on my PFsense firewall pretty easily. I ACL requests to my internal resources by the hostname request. And dynamically provision the appropriate SSL certificate based on the request. I have tied in a handful of other internal resources including a service that allows my home automation app on my phone to access my home automation server. From my firewall I limited the open ports on the wan to 443. HAproxy only listens on 443 and is configured on secured connections. I have configured the supported ciphers to only modern types, and forced TLS 1.2 or higher as the supported protocol. I'm working on 1. setting up proper auditing and logging and the. 2. automating brute force attacks for any request instead of by application. 3. configuring client certificate authentication enforcement. Sent from my iPhone using Tapatalk Edited August 3, 2017 by Tur0k Link to comment Share on other sites More sharing options...
africano 0 Posted August 28, 2021 Share Posted August 28, 2021 anyone, please, How to setup reverse proxy with apache on wampserver? Step by step. Link to comment Share on other sites More sharing options...
Luke 37099 Posted August 29, 2021 Share Posted August 29, 2021 18 hours ago, africano said: anyone, please, How to setup reverse proxy with apache on wampserver? Step by step. Re: Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now