mortstar 2 Posted September 4, 2015 Share Posted September 4, 2015 (edited) I have a valid SSL certificate and use different /paths to access webapps exposed via reverse-proxy. For example https://mydomain.com/emby is proxied to http://192.168.0.1:8096/emby Using the desktop and Android version of Chrome I'm able to log in and access the Emby Server and use all features. When using the Android app, I'm able to connect to the server using these settings: Host: https://mydomain.com/emby Port: (left blank) The app shows my user which I select and then enter the password (which is very simple at the moment to rule out complex password problems). I get this error message in the app: Invalid username or password. Please try again. The server logs show this error: 2015-09-04 13:24:55.5755 Error - DtoUtils: ServiceBase<TRequest>::Service Exception *** Error Report *** Version: 3.0.5724.3 Command line: /usr/lib/emby-server/MediaBrowser.Server.Mono.exe -programdata /config -ffmpeg /usr/bin/ffmpeg -ffprobe /usr/bin/ffprobe -restartpath /Restart.sh -restartargs Operating system: Unix 4.0.4.0 Processor count: 4 64-Bit OS: True 64-Bit Process: True Program data path: /config Mono: 4.0.3 (Stable 4.0.3.20/d6946b4 Thu Aug 13 12:46:26 UTC 2015) Application Path: /usr/lib/emby-server/MediaBrowser.Server.Mono.exe Argument cannot be null. Parameter name: username System.ArgumentNullException at MediaBrowser.Server.Implementations.Library.UserManager+<AuthenticateUser>c__async1.MoveNext () [0x00000] in <filename unknown>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x00000] in <filename unknown>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x00000] in <filename unknown>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00000] in <filename unknown>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00000] in <filename unknown>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[System.Boolean].GetResult () [0x00000] in <filename unknown>:0 at MediaBrowser.Server.Implementations.Session.SessionManager+<AuthenticateNewSession>c__asyncC.MoveNext () [0x00000] in <filename unknown>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x00000] in <filename unknown>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x00000] in <filename unknown>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00000] in <filename unknown>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00000] in <filename unknown>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[MediaBrowser.Model.Users.AuthenticationResult].GetResult () [0x00000] in <filename unknown>:0 at MediaBrowser.Api.UserService+<Post>c__async1.MoveNext () [0x00000] in <filename unknown>:0 2015-09-04 13:24:55.5755 Error - HttpServer: Error processing request for /emby/Users/authenticatebyname *** Error Report *** Version: 3.0.5724.3 Command line: /usr/lib/emby-server/MediaBrowser.Server.Mono.exe -programdata /config -ffmpeg /usr/bin/ffmpeg -ffprobe /usr/bin/ffprobe -restartpath /Restart.sh -restartargs Operating system: Unix 4.0.4.0 Processor count: 4 64-Bit OS: True 64-Bit Process: True Program data path: /config Mono: 4.0.3 (Stable 4.0.3.20/d6946b4 Thu Aug 13 12:46:26 UTC 2015) Application Path: /usr/lib/emby-server/MediaBrowser.Server.Mono.exe Argument cannot be null. Parameter name: username ServiceStack.HttpError No Stack Trace Available Here is a snippit of the log from Android showing that a Username field is being sent in the request: 13:30:08.257 [JavaBridge] INFO App - Setting server address to https://mydomain.com/emby 13:30:08.381 [JavaBridge] INFO App - event.trigger connected 13:30:08.388 [JavaBridge] INFO App - event.trigger pagebeforeshowready 13:30:08.401 [JavaBridge] INFO App - event.trigger pageshowbeginready 13:30:08.404 [JavaBridge] INFO App - event.trigger pageshowready 13:30:08.418 [JavaBridge] INFO App - Requesting https://mydomain.com/emby/users/public 13:30:08.420 [JavaBridge] INFO App - Sending request: {"Method":"GET","Url":"https://mydomain.com/emby/users/public","RequestHeaders":{"accept":"application/json"},"Timeout":30000} 13:30:08.436 [JavaBridge] DEBUG App - Adding request to queue: https://mydomain.com/emby/users/public 13:30:08.443 [JavaBridge] INFO App - event.on response4 13:30:08.447 [JavaBridge] INFO App - Requesting https://mydomain.com/emby/Branding/Configuration 13:30:08.449 [JavaBridge] INFO App - Sending request: {"Method":"GET","Url":"https://mydomain.com/emby/Branding/Configuration","RequestHeaders":{"Authorization":"MediaBrowser Client=\"Emby Mobile\", Device=\"HTC One\", DeviceId=\"bc9523ea-476a-e124-3578-640518168078\", Version=\"3.0.5679.20282\"","accept":"application/json"},"Timeout":30000} 13:30:08.476 [JavaBridge] DEBUG App - Adding request to queue: https://mydomain.com/emby/Branding/Configuration 13:30:08.482 [JavaBridge] INFO App - event.on response5 13:30:08.564 [main] INFO App - Response received from: https://mydomain.com/emby/Branding/Configuration 13:30:08.570 [JavaBridge] INFO App - event.trigger response5 13:30:08.575 [JavaBridge] INFO App - event.off response5 13:30:08.608 [main] INFO App - Response received from: https://mydomain.com/emby/users/public 13:30:08.617 [JavaBridge] INFO App - event.trigger response4 13:30:08.619 [JavaBridge] INFO App - event.off response4 13:30:15.637 [JavaBridge] INFO App - Requesting url without automatic networking: https://mydomain.com/emby/Users/authenticatebyname 13:30:15.644 [JavaBridge] INFO App - Sending request: {"Method":"POST","Url":"https://mydomain.com/emby/Users/authenticatebyname","RequestHeaders":{"Authorization":"MediaBrowser Client=\"Emby Mobile\", Device=\"HTC One\", DeviceId=\"bc9523ea-476a-e124-3578-640518168078\", Version=\"3.0.5679.20282\"","accept":"application/json"},"RequestContent":"{\"password\":\"5baa61e4c9b93f3f0682250b6cxxxxxxxxxxxxxx\",\"Username\":\"Sam\"}","RequestContentType":"application/json"} 13:30:15.663 [JavaBridge] DEBUG App - Adding request to queue: https://mydomain.com/emby/Users/authenticatebyname 13:30:15.668 [JavaBridge] INFO App - event.on response6 13:30:15.811 [main] ERROR App - VolleyError com.android.volley.ServerError: null com.android.volley.ServerError com.android.volley.toolbox.BasicNetwork.performRequest(BasicNetwork.java:178) com.android.volley.NetworkDispatcher.run(NetworkDispatcher.java:112) 13:30:15.822 [JavaBridge] INFO App - event.trigger response6 13:30:15.827 [JavaBridge] INFO App - event.off response6 13:30:15.830 [JavaBridge] INFO App - event.trigger requestfail Edited September 4, 2015 by mortstar Link to comment Share on other sites More sharing options...
Luke 36997 Posted September 4, 2015 Share Posted September 4, 2015 make sure the proxy isn't dropping or changing request headers, something we've seen before Link to comment Share on other sites More sharing options...
mortstar 2 Posted September 4, 2015 Author Share Posted September 4, 2015 Ah, this could be where I fall down. I did see a working nginx config here: http://emby.media/community/index.php?/topic/22889-emby-behind-a-reverse-proxy-remote-control-issue/ with the relevant section being: location / { # Send traffic to the backend proxy_pass http://127.0.0.1:8096; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; proxy_redirect off; # Send websocket data to the backend aswell proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } My system is running apache as the reverse proxy so I wasn't able to translate that (I'm not an Apache pro)....anybody got any pointers on how to make sure headers are being forwarded properly in Apache reverse proxy? My setup is currently: ##Emby## <Location /emby> ProxyPass http://192.168.0.1:8096/emby ProxyPassReverse http://192.168.0.1:8096/emby ProxyPreserveHost On RequestHeader append X-Real-IP $remote_addr Order deny,allow Deny from all Allow from all </Location> 1 Link to comment Share on other sites More sharing options...
mortstar 2 Posted September 4, 2015 Author Share Posted September 4, 2015 All fixed - moved to nginx and copied the above config. Link to comment Share on other sites More sharing options...
skug67 1 Posted December 12, 2015 Share Posted December 12, 2015 I'm in much the same boat except that I use apache as my main webserver and would strongly prefer to avoid setting up nginx running alongside it. Can anyone give me the Apache conf that would allow me to authenticate via apache when I'm away from home and still stream via the Android app? Link to comment Share on other sites More sharing options...
nwcatalyst 4 Posted December 26, 2016 Share Posted December 26, 2016 @skug67 I had success using Emby Connect login to connect to the server (after linking the server to my Emby account locally) rather than manual connection. Not sure why this would matter. I have a few webservices configured through Apache but here is my emby.conf part <VirtualHost *:8920> ServerName SERVERNAME UseCanonicalName On <Proxy *> Order deny,allow Allow from all </Proxy> SSLEngine On SSLProxyEngine On SSLProtocol ALL -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLProxyVerify None SSLProxyCheckPeerCN Off SSLProxyCheckPeerName Off SSLProxyCheckPeerExpire Off SSLCertificateFile /etc/letsencrypt/live/SERVERNAME/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/SERVERNAME/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/SERVERNAME/chain.pem SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!M$ ProxyRequests Off ProxyPreserveHost On Header set Connection "Upgrade" RequestHeader setifempty Connection "Upgrade" Header set Upgrade "websocket" RequestHeader setifempty Upgrade "websocket" # Notice!!! Put me before http!!! ProxyPass /socket ws://localhost:8096/socket ProxyPassReverse /socket ws://localhost:8096/socket # Notice!!! Put me after ws!!! ProxyPass / http://localhost:8096/ ProxyPassReverse / http://localhost:8096/ ErrorLog ${APACHE_LOG_DIR}/emby-ssl-error.log CustomLog ${APACHE_LOG_DIR}/emby-ssl-access.log combined </VirtualHost> I realize that much of the server SSL cert stuff is redundant as I believe the Emby services and browsers are actually using the .pfx version of my SSL set in Emby server config, but I got it working and this is how it is set I have a few other config files that relate to other services I'm running, one which does a basic rewrite for http->https, so this might not be a complete solution for you, but hopefully it helps. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now