Jump to content


Photo

Emby + Domain Name?

URL Domain IP

  • Please log in to reply
50 replies to this topic

#21 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2926 posts
  • Local time: 10:34 AM
  • LocationChicago

Posted 09 February 2017 - 09:13 AM

it should let you put an A name in https://www.godaddy....-a-record-19239

 

However forwarding should still function for the web gui and it is not.  You still dont have the correct ports open on your firewall.    80 and 443 are not working.  @chef Take your above photos down and PM me if you have any other info.. Your server is kind of open lol     

 

What will work for testing is changing that forwarding IP to http from https and adding :8920 to the end.. That will work with your current port that is open.  We will need to look at your router/firewall settings. 



#22 Swynol OFFLINE  

Swynol

    Advanced Member

  • Members
  • 1062 posts
  • Local time: 04:34 PM
  • LocationWales, UK

Posted 09 February 2017 - 10:37 AM

@pir8radio

 

i could do with some advice. I currently have a domain name and a DDNS from Namecheap. I have it setup:-

 

My DDNS service is update.mydomain.net which when my IP changes it updates it to namecheap.

 

I then have subdomains pointing to different services i run. so for emby its https://emby.mydomain.net which has a URL redirect on it to https://update.mydomain.net:8920 this works fine however i would prefer to see https://emby.mydomain.net in the address bar rather than the update.my.... So i added a CNAME which points emby to my DDNS https://update.mydomain.net and then forwarded the external ports 443 to internal port 8920. works fine. 

 

However i have other services running so if i changed them to the external port of 443 how would they know where to go. so for example. i have https://sonarr.mydomain.net which has a URL redirect to https://update.mydomain.net:PORT if i created a CNAME for sonarr to point to https://update.mydomain.net it will use the same external port as emby. it wont let my specify a port in a cname record. 

 

any better way to set this up?



#23 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2926 posts
  • Local time: 10:34 AM
  • LocationChicago

Posted 09 February 2017 - 04:57 PM

@pir8radio

 

i could do with some advice. I currently have a domain name and a DDNS from Namecheap. I have it setup:-

 

My DDNS service is update.mydomain.net which when my IP changes it updates it to namecheap.

 

I then have subdomains pointing to different services i run. so for emby its https://emby.mydomain.net which has a URL redirect on it to https://update.mydomain.net:8920 this works fine however i would prefer to see https://emby.mydomain.net in the address bar rather than the update.my.... So i added a CNAME which points emby to my DDNS https://update.mydomain.net and then forwarded the external ports 443 to internal port 8920. works fine. 

 

However i have other services running so if i changed them to the external port of 443 how would they know where to go. so for example. i have https://sonarr.mydomain.net which has a URL redirect to https://update.mydomain.net:PORT if i created a CNAME for sonarr to point to https://update.mydomain.net it will use the same external port as emby. it wont let my specify a port in a cname record. 

 

any better way to set this up?

 

So wait... you have one of those weird  myname.dyndns.org domain names that you do not own..  Then you own mydomain.com   You have your mydomain.com pointing to myname.dyndns.org?  so when i go to mydomain.com my browser will show myname.dyndns.org:PORT/blah/blah.      You can't really loose the redirects unless you install ngnix as a reverse proxy...   Its not hard we can work through it if you like..  That will allow you to run all of these goofy servers with different ports all on port 80 and/or 443 so your https://sonarr.mydomain.com will come into nginx on regular ssl port 443 and nginx will direct it to your internal IP:PORT same for all of the other things you are running...    

 

Then the next step would be to get rid of the myname.dyndns.org address by using something like the free http://DYNU.com to dynamically update your mydomain.com directly.  It works just like your dynamic ip service but updates the A records on your owned domain name.  If that all makes sense.  


Edited by pir8radio, 09 February 2017 - 05:00 PM.


#24 Swynol OFFLINE  

Swynol

    Advanced Member

  • Members
  • 1062 posts
  • Local time: 04:34 PM
  • LocationWales, UK

Posted 09 February 2017 - 05:13 PM

ye i have been looking at nginx. getting a bit lost with the config.

 

ye i have a dynamic dns i use namecheap which also has all my dns features. so my router has an option to update my IP using a A+ dns record. so my record is update.mydomain.net. then i have url redirects so i use sonarr.mydomain.net which forwards to update.mydomain.net:port. it works, and works with my SSL cert.

 

want i would like is having it say sonarr.mydomain.net in the address bar rather than update.mydomain.net:port and i would like to do as you say, only have the one port open to the internet rather than all the ones i currently have.

 

so i have installed ngnix for windows. so now i create a CNAME for emby to point to update.mydomain.net (my dynamic dns). then setup the nginx config to point emby.mydomin.net to my internal server ip and internal port number.



#25 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2926 posts
  • Local time: 10:34 AM
  • LocationChicago

Posted 09 February 2017 - 06:59 PM

http://nginx-win.ecsds.eu/ is the good version..  free.. 

 

Yes, what you said above is correct..   There are all kinds of ways to setup a reverse proxy..   But lets start here so you can get one of your servers running through nginx and play around with it.

the below config is a starter config for emby/nginx you can remove a some stuff for a basic backend server, like a reporting server or something.

Here is most of my config https://emby.media/c...rding/?p=413614 if you want to reference some of the Pre-Server settings.

server {
    listen [::]:80;
    listen 80;
    listen [::]:443 ssl;
    listen 443 ssl;
    server_name emby.domain.net; # Base domain name the client entered emby.yourdomain.com

        #path to your SSL files, nginx must now handle all of the SSL, not each individual server
        #to your backend is regular HTTP its assumed safe, its on your local network or the same PC as nginx
        ssl_session_timeout 30m;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
	ssl_certificate      ssl/_pub.pem;
	ssl_certificate_key  ssl/_pvt.pem;
        ssl_session_cache shared:SSL:10m;

     location / {
        proxy_pass http://127.0.0.1:8080;  # Local emby ip and non SSL port

	proxy_hide_header X-Powered-By;
	proxy_set_header Range $http_range;
	proxy_set_header If-Range $http_if_range;
	proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        #Next three lines allow websockets
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Edited by pir8radio, 09 February 2017 - 07:04 PM.


#26 Swynol OFFLINE  

Swynol

    Advanced Member

  • Members
  • 1062 posts
  • Local time: 04:34 PM
  • LocationWales, UK

Posted 10 February 2017 - 04:51 AM

ok so i added the above to my config and changed servername to my subdomain.domain.com and added my lets encrypt SSL cert and key certificate.crt and private.key and finally changed the proxy_Pass to 127.0.0.1:8096

 

if i navigate to http://localhost then it loads emby fine.

 

if i browse to http://subdomain.mydomain.com  it picks up one of my services which is currently running on port 80 (annoyingly i cant change the port on it) so for now i have port forwarded port 80 to my machine running nginx and i can reach emby on the http://subdomain.mydomain.com

 

 

if i browse to https://subdomain.mydomain.com i get the site can't be reached


Edited by Swynol, 10 February 2017 - 05:36 AM.


#27 Swynol OFFLINE  

Swynol

    Advanced Member

  • Members
  • 1062 posts
  • Local time: 04:34 PM
  • LocationWales, UK

Posted 10 February 2017 - 05:48 AM

nevermind i was being stupid. now working on https://subdomain.mydomain.com is there anyway to force it to only use https? so if i browse emby.mydomain.com it will automatically change to https://emby.mydomain.com?

 

EDIT: so done some reading, just double check i have done it right. i change listen to 

 

listen 443 default_server ssl;

 

and added 

 

if ($scheme = http) {
        return 301 https://$server_name$request_uri;
    }

Edited by Swynol, 10 February 2017 - 06:22 AM.


#28 Swynol OFFLINE  

Swynol

    Advanced Member

  • Members
  • 1062 posts
  • Local time: 04:34 PM
  • LocationWales, UK

Posted 10 February 2017 - 08:01 AM

I think i will be asking alot of questions here....

 

more problems.

 

So... 

 

tying http://localhost or https://localhost somehow is forwarding to https://emby.mydomain.com

typing http://emby.mydomain.com and https://emby.mydomain.com works as it should

 

i then setup CNAME record like i did for emby for sonarr and cctv. 

now this is where i am stuck. http://sonarr.mydomain.com brings back the nginx test localhost page

https://sonarr.mydomain.com goes to emby.

 

Spoiler



#29 Swynol OFFLINE  

Swynol

    Advanced Member

  • Members
  • 1062 posts
  • Local time: 04:34 PM
  • LocationWales, UK

Posted 10 February 2017 - 09:17 AM

another update. Seems the issue was related to my work browser caching files. 

 

working from another machine all my server blocks seem to be working as intended. thanks for everyones help and thanks to @pir8radio for pointing me in the right direction and putting up with all my questions.


Edited by Swynol, 10 February 2017 - 09:17 AM.

  • pir8radio likes this

#30 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2926 posts
  • Local time: 10:34 AM
  • LocationChicago

Posted 10 February 2017 - 09:24 AM

@Swynol  EDIT: never mind, config looks good,    You might want to clean up your config, get rid of all of the # commented out lines, keep your comments..  once you do that, you will find that you are listening on "localhost" and serving a default html page.     But it looks good. Good work! 


Edited by pir8radio, 10 February 2017 - 09:32 AM.


#31 Swynol OFFLINE  

Swynol

    Advanced Member

  • Members
  • 1062 posts
  • Local time: 04:34 PM
  • LocationWales, UK

Posted 10 February 2017 - 09:48 AM

ye i have just cleaned it all up. added all my services which are all working bar one. can you have a subdomain.mydomain.com to proxy_pass to an internal IP on port 80? 

 

so this is my finished config minus all the extra server blocks. all the additional services are just copies of sonarr and emby server blocks. does my security look ok? Also can NGINX proxy_pass to other networks? i.e i have VLANs setup. So nginx is on network 192.168.10.0/24 my other network is 192.168.20.0/28. would it be as simple as servername subdomain1.mydomain.com proxy_pass 192.168.20.2:PORT?

 

Spoiler



#32 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2926 posts
  • Local time: 10:34 AM
  • LocationChicago

Posted 10 February 2017 - 09:55 AM

ye i have just cleaned it all up. added all my services which are all working bar one. can you have a subdomain.mydomain.com to proxy_pass to an internal IP on port 80? 

 

 

 

Not if that port 80 server resides on the same physical PC as nginx..   Ngnix is already listening on port 80 so no one else can.  If you dont use port 80 regular http on any of your nginx sites you can remove those lines from all of the server sections, close it on your firewall, then uses it for a backend server... But i would guess its probably easier to change that backend service to 81 or something.  OR if that backend server using port 80 is on a different PC then yes you can use 80.


Edited by pir8radio, 10 February 2017 - 09:57 AM.


#33 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2926 posts
  • Local time: 10:34 AM
  • LocationChicago

Posted 10 February 2017 - 10:06 AM

Now you get to fine-tune and play around with nginx!    If you want super secure SSL @shorty1483 can probably help you there..  I was fine with "decent" https connections (which is what you used in your config), Shorty's emby/nginx setup is probably more secure than my online banking site....    ^_^


Edited by pir8radio, 10 February 2017 - 10:07 AM.

  • shorty1483 likes this

#34 Swynol OFFLINE  

Swynol

    Advanced Member

  • Members
  • 1062 posts
  • Local time: 04:34 PM
  • LocationWales, UK

Posted 10 February 2017 - 10:53 AM

Not if that port 80 server resides on the same physical PC as nginx..   Ngnix is already listening on port 80 so no one else can.  If you dont use port 80 regular http on any of your nginx sites you can remove those lines from all of the server sections, close it on your firewall, then uses it for a backend server... But i would guess its probably easier to change that backend service to 81 or something.  OR if that backend server using port 80 is on a different PC then yes you can use 80.

 

it's not on the same box as nginx. its a box that is plugged into my heating which doesnt allow me to change the port on it. i will play around with this another time. I think i'm happy with my SSL setup at present. when i get bored i might take a look at shorty1483's config.

 

also one of my services needs an additional location i.e. http://127.0.0.1:7000/webpam. i have the below in a server block

 

location /webpam {
 
however it doesnt work. i still need to go to https://subdomain.mydomain.com/webpam for it to work


#35 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2926 posts
  • Local time: 10:34 AM
  • LocationChicago

Posted 10 February 2017 - 02:23 PM

Leave the webpam off of the location. But leave it on your backend server ip line.

#36 shorty1483 OFFLINE  

shorty1483

    Advanced Member

  • Members
  • 1378 posts
  • Local time: 05:34 PM
  • LocationGermany

Posted 10 February 2017 - 04:09 PM

Now you get to fine-tune and play around with nginx!    If you want super secure SSL @shorty1483 can probably help you there..  I was fine with "decent" https connections (which is what you used in your config), Shorty's emby/nginx setup is probably more secure than my online banking site....    ^_^

 

Went a bit away from that cause the whole HPKP and X25519 thing was tooo incompatible with lots of clients and playback became choppy. I try again in the year 2024 :D



#37 NYD3030 OFFLINE  

NYD3030

    Newbie

  • Members
  • 8 posts
  • Local time: 11:34 AM

Posted 23 August 2017 - 11:26 PM

Heya everyone!

 

So this thread has been super helpful thus far - I think I'm at the very end of figuring this out. Basically I've done the following things:

 

1) Registered a domain

2) Changed the A record to point to my IP

3) Changed the CNAME record to point to my URL

4) Changed my http port numbers to 80 in Emby

5) Changed my https port numbers to 443 in Emby

6) Forwarded those ports in my NAT for Emby's internal IP

 

My DNS is still propagating through the aether so that isn't working yet, but when I attempt to hit my server via IP the connection is timing out. In fact it appears to start loading Emby (the black background loads in) before I get the error.

 

Any ideas where I might be screwing up? My ISP does not block port 80 for what it's worth.

 



#38 NYD3030 OFFLINE  

NYD3030

    Newbie

  • Members
  • 8 posts
  • Local time: 11:34 AM

Posted 24 August 2017 - 09:37 AM

So in doing a little more research, I'm guessing this has to do with my router, which is a google onhub. I can't ping my public IP, for example. What's weird is if I leave emby with the default network settings I can access via IP:Port from outside the network.

 

Anyway, any ideas are appreciated.

Heya everyone!

 

So this thread has been super helpful thus far - I think I'm at the very end of figuring this out. Basically I've done the following things:

 

1) Registered a domain

2) Changed the A record to point to my IP

3) Changed the CNAME record to point to my URL

4) Changed my http port numbers to 80 in Emby

5) Changed my https port numbers to 443 in Emby

6) Forwarded those ports in my NAT for Emby's internal IP

 

My DNS is still propagating through the aether so that isn't working yet, but when I attempt to hit my server via IP the connection is timing out. In fact it appears to start loading Emby (the black background loads in) before I get the error.

 

Any ideas where I might be screwing up? My ISP does not block port 80 for what it's worth.



#39 BAlGaInTl OFFLINE  

BAlGaInTl

    Advanced Member

  • Members
  • 703 posts
  • Local time: 11:34 AM

Posted 24 August 2017 - 09:59 AM

So in doing a little more research, I'm guessing this has to do with my router, which is a google onhub. I can't ping my public IP, for example. What's weird is if I leave emby with the default network settings I can access via IP:Port from outside the network.

 

Anyway, any ideas are appreciated.

 

I'd be interested to hear more on this if anyone has thoughts.

 

I'm using a Google OnHub router (3 in a mesh actually) and it works for me on the default and custom ports.  I haven't tried 80/443.

 

I don't think much about but instead just use https://server.domain.net:port to access the server while I'm away.  I never saw the need to use port 80/443 as it isn't that difficult to use the specific port. 

 

I use my internal IP address when I'm accessing on my home network.



#40 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2926 posts
  • Local time: 10:34 AM
  • LocationChicago

Posted 24 August 2017 - 10:43 AM

Heya everyone!

 

So this thread has been super helpful thus far - I think I'm at the very end of figuring this out. Basically I've done the following things:

 

1) Registered a domain

2) Changed the A record to point to my IP

3) Changed the CNAME record to point to my URL

4) Changed my http port numbers to 80 in Emby

5) Changed my https port numbers to 443 in Emby

6) Forwarded those ports in my NAT for Emby's internal IP

 

My DNS is still propagating through the aether so that isn't working yet, but when I attempt to hit my server via IP the connection is timing out. In fact it appears to start loading Emby (the black background loads in) before I get the error.

 

Any ideas where I might be screwing up? My ISP does not block port 80 for what it's worth.

 

If you pm me your domain name I can take a peek and see what is being blocked. If you don't trust me,  :)  you can try from an external computer, or service like http://canyouseeme.org/  first, make sure the path is open...    If yes, then you can use chrome in developer mode to figure out whats being blocked or erroring out.  







Also tagged with one or more of these keywords: URL, Domain, IP

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users