Swynol 375 Posted December 8, 2016 Share Posted December 8, 2016 So currently i access my various application from externally by creating a forwarding rule with my domain registrar to point to my dynamic DNS service and port number, example emby.mydomain.com forwards to mydomain.dyndns.info:8920 I use a cert to give it HTTPS however i get the usual errors saying its unsecure because the cert is assigned to my domain name yet it forwards to a ddns. so what benefit would i have running something like apache and a reverse proxy? is it simple to setup? i have other applications running which i access on different ports would i be able to access these with reverse proxy aswell? if i run apache on the same windows box as emby would it have an impact on emby? i.e resources, bandwidth, transcoding... and anyone successfully running it with a domain name, DDNS etc? Link to comment Share on other sites More sharing options...
Swynol 375 Posted December 8, 2016 Author Share Posted December 8, 2016 my external IP isnt static so i need something that can resolve the IP if it changes. Link to comment Share on other sites More sharing options...
Swynol 375 Posted December 8, 2016 Author Share Posted December 8, 2016 well bloody hell..... i never knew namecheap had a ddns. that changes things. although my orignal question stands. any reason to use a reverse proxy over a ddns Link to comment Share on other sites More sharing options...
Swynol 375 Posted December 8, 2016 Author Share Posted December 8, 2016 ok thanks. are you familiar with namecheap? i'm now using their DDNS. however i'm not sure how to set it up. i have test.mydomain.com setup to update my ddns. how to i create a subdomain to point to the DDNS including a port number? previously i was using a URL redirect. Will creating a URL redirect using emby.mydomain.com redirected to http://test.mydomain.com:8096? i would like to mask it or create a permanant redirect but they never worked in the past i had to use a unmasked redirect. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted December 8, 2016 Share Posted December 8, 2016 (edited) Just adding my two cents... I have a domain name that i own (a few actually) and my server is on a DHCP network as well... I use the FREE https://www.dynu.com/ DDNS service here it supports ipv6 as well. It's a good service I have had zero issues, I even became a member for their domain email service and pay for that.. Redirects suck. They often don't work with apps that are programmed to go to a specific path. A reverse proxy will allow you to open one set of ports on your firewall (say port 80 http and 443 https) and run many websites/different servers without having to open a million ports... For example I have a webserver running for a few domain names, I also have Emby, PRTG, and a separate reporting server running... All funneled through a reverse proxy and all that changes is my domain name prefix serverone.mydomain.com or server2.mydomain.com etc.. that way all of the original paths work, no redirect trickery is needed, you don't have to worry about search engine caching redirects and what not either. Your reverse proxy adds a little security as well, there is only that one application to secure and monitor. To be clear a reverse proxy is kind of like a router for many (or one) web servers/services where as DDNS tells the public clients how to reach your server. Edited December 8, 2016 by pir8radio Link to comment Share on other sites More sharing options...
chenks 21 Posted December 9, 2016 Share Posted December 9, 2016 did anyone get reverse proxy working? i have reverse proxy on my "server" and works fine with plex, couchpotato, sonarr etc (via blah.com/plex, blah.com/couchpotato etc etc). all going thru port 80 on the router (means i don't need to open up numerous ports). can i do the same with Emby? Link to comment Share on other sites More sharing options...
chenks 21 Posted December 9, 2016 Share Posted December 9, 2016 this is my config file at the moment (without emby added). #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name servernamegoeshere, 192.168.1.50; #charset koi8-r; #access_log logs/host.access.log main; location /sabnzbd { proxy_pass http://127.0.0.1:38080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /web { proxy_pass http://127.0.0.1:32400/web; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /sonar { proxy_pass http://127.0.0.1:38082; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /couchpotato { proxy_pass http://127.0.0.1:38083; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /transmission { proxy_pass http://127.0.0.1:9091; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} } Link to comment Share on other sites More sharing options...
chenks 21 Posted December 9, 2016 Share Posted December 9, 2016 (edited) i already have the following (via nginx) /couchpotato /sonarr /transmission /sabnzbd and /web which is plex, as we couldn't work out any other way to get it to work, would have preferred /plex obviously though. Edited December 9, 2016 by chenks Link to comment Share on other sites More sharing options...
chenks 21 Posted December 9, 2016 Share Posted December 9, 2016 yes that was the issue i had both have the same base URL. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted December 9, 2016 Share Posted December 9, 2016 (edited) This is why I suggest using XXXXXX.domainname.com its painless in reverse proxies and doesn't piss off device apps, sub directories don't overlap either.... Try something like this: location /emby {rewrite /emby/(.*) /$1 break;proxy_pass http://127.0.0.1:8096;proxy_redirect off;proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;} location /plex {rewrite /plex/(.*) /$1 break;proxy_pass http://127.0.0.1:9999; # whatever your plex port isproxy_redirect off;proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;} these options will take http://yourdomain.com /plex/whatever.html and send it to the server as http://127.0.0.1/whatever.html take the silly /web out of the equation. I'm sure I forgot something so take that with a grain of salt... these are basic examples. Don't forget you can use regex in nginx configs... Edited December 9, 2016 by pir8radio Link to comment Share on other sites More sharing options...
chenks 21 Posted December 9, 2016 Share Posted December 9, 2016 the /web can't be taken out the equation though, as plex requires that. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted December 9, 2016 Share Posted December 9, 2016 the /web can't be taken out the equation though, as plex requires that. yea but plex should correct you... so when you are on the local box and you go to http://127.0.0.1:9999 (or whatever plex port) plex will respond take you to a page and you end up at http://127.0.0.1:9999/web/ automatically correct? So with the reverse proxy as a client you should see http://yourdomain.com/plex/web/ if you wrote your ngnix rules correctly. I can test my example above, but did it work for you? Link to comment Share on other sites More sharing options...
Swynol 375 Posted December 9, 2016 Author Share Posted December 9, 2016 I can help with namecheap, I would rather use a CNAME than url redirect. that would be awesome. how would i use a cname? so my ddns uses dns.mydomain.co.uk to update my IP on namecheap. i then want to access emby by going to emby.mydomain.co.uk so at the moment i have a url redirect using unmasked so that when i type emby.mydomain.co.uk it redirects to dns.mydomain.co.uk:8920 Link to comment Share on other sites More sharing options...
chenks 21 Posted December 11, 2016 Share Posted December 11, 2016 (edited) it works for emby, but not for plex, which i suspected would be the case. 401 unauthorised when using domain.com/plex Edited December 11, 2016 by chenks Link to comment Share on other sites More sharing options...
chenks 21 Posted December 11, 2016 Share Posted December 11, 2016 problem is, this works fine on the local network. but when off the network the server becomes unavailable, because i assume the app is looking to connect on port 8096, which is now not open due to using nginx to route everything thru port 80. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted December 11, 2016 Share Posted December 11, 2016 That's a nice looking rewrite rule you got there... Good job with the whole config. rewrite /emby/(.*) /$1 break; Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted December 11, 2016 Share Posted December 11, 2016 (edited) Complete config also has TLSv1.3 + EC 384 bits (SHA256withRSA) certs, with HSTS and HKPK. some places does need a rewrite, normaly i try to avid it but that does not always work sadly. Config for plex should be applicable for Emby one might be able to forgo that rewrite . I was just being funny, because I suggested the same rewrite early in the post.. lol Yea I love seeing other peoples nginx config... I'm not doing TLS 1.3 yet but here is my config in case you are a bit of a geek as well.. server { listen [::]:80; listen 80; listen [::]:443 ssl; listen 443 ssl; server_name guest.notallmine.net; include userId.Emby; access_log logs/guest.log guest; ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate ---pub.pem; ssl_certificate_key ---pvt.pem; ssl_session_cache shared:SSL:10m; location / { proxy_pass http://127.0.0.1:8080; proxy_hide_header X-Powered-By; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header X-Proxy-Cache $upstream_cache_status; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; } # HTML files only location ~* \.(?:html|htm)$ { proxy_pass http://127.0.0.1:8080; sub_filter '<meta property="og:title" content="Emby"><meta property="og:site_name" content="Emby"><meta property="og:url" content="http://emby.media"><meta property="og:description" content="Energize your media."><meta property="og:type" content="article"><meta property="fb:app_id" content="1618309211750238">' '<meta property="og:title" content="nam"><meta property="og:site_name" content="nam"><meta property="og:description" content="Not All Mine"><meta property="og:type" content="article"><meta property="og:image" content="http://notallmine.net/images/FBShare_logo2.png"><meta property="fb:app_id" content=" ">'; sub_filter '<title>Emby</title>' '<title>nam</title>'; sub_filter '</body>' '<script type="text/javascript" src="https://notallmine.net/js/wle_tracker.js" defer></script></body>'; sub_filter_last_modified on; proxy_set_header Accept-Encoding ""; proxy_hide_header X-Powered-By; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header X-Proxy-Cache $upstream_cache_status; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; } } } Edited December 11, 2016 by pir8radio Link to comment Share on other sites More sharing options...
shorty1483 450 Posted January 26, 2017 Share Posted January 26, 2017 (edited) Guys is there any interest in a Nginx Windows version compiled against OpenSSL 1.1.0 with http2 module enabled to check out latest cipher suites like CHACHA20_POLY1305? Since the official or several unofficial Win Binaries of Nginx do either not include http2 module or do not use OpenSSL 1.1.0, I decided to set up an Windows Build environment and try it myself from source. Latest Win Binary I use currently is latest Nginx 1.11.10 source with OpenSSL 1.1.0c. nginx version: nginx/1.11.10 built by cl 16.00.30319.01 for 80x86 built with OpenSSL 1.1.0c 10 Nov 2016 TLS SNI support enabled configure arguments: --with-cc=cl --builddir=objs --prefix= --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-temp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fastcgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsgi-temp-path=temp/uw sgi_temp --with-cc-opt=-DFD_SETSIZE=32768 --with-pcre=objs/lib/pcre-8.40 --with-zlib=objs/lib/zlib-1.2.11 --with-openssl=objs/lib/openssl-1.1.0c --with-select_module --with-http_realip_module --with-h ttp_addition_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_slice_module --with-mail --with-stream --with-http_ssl_module --with-mail_ssl_module --with-s tream_ssl_module --with-http_v2_module --add-module=objs/lib/nginx-rtmp-module-1.1.10 --with-openssl-opt=no-asm Edited January 26, 2017 by shorty1483 Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted January 26, 2017 Share Posted January 26, 2017 (edited) Guys is there any interest in a Nginx Windows version compiled against OpenSSL 1.1.0 with http2 module enabled to check out latest cipher suites like CHACHA20_POLY1305? Since the official or several unofficial Win Binaries of Nginx do either not include http2 module or do not use OpenSSL 1.1.0, I decided to set up an Windows Build environment and try it myself from source. Latest Win Binary I use currently is latest Nginx 1.11.10 source with OpenSSL 1.1.0c. nginx version: nginx/1.11.10 built by cl 16.00.30319.01 for 80x86 built with OpenSSL 1.1.0c 10 Nov 2016 TLS SNI support enabled configure arguments: --with-cc=cl --builddir=objs --prefix= --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-temp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fastcgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsgi-temp-path=temp/uw sgi_temp --with-cc-opt=-DFD_SETSIZE=32768 --with-pcre=objs/lib/pcre-8.40 --with-zlib=objs/lib/zlib-1.2.11 --with-openssl=objs/lib/openssl-1.1.0c --with-select_module --with-http_realip_module --with-h ttp_addition_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_slice_module --with-mail --with-stream --with-http_ssl_module --with-mail_ssl_module --with-s tream_ssl_module --with-http_v2_module --add-module=objs/lib/nginx-rtmp-module-1.1.10 --with-openssl-opt=no-asm I use this version: http://nginx-win.ecsds.eu which includes these features: http://nginx-win.ecsds.eu/download/Readme%20nginx-win%20version.txt I'm pretty happy with the features compiled in. But one geared toward emby might be neat. Edited January 26, 2017 by pir8radio Link to comment Share on other sites More sharing options...
shorty1483 450 Posted January 26, 2017 Share Posted January 26, 2017 I use this version: http://nginx-win.ecsds.eu which includes these features: http://nginx-win.ecsds.eu/download/Readme%20nginx-win%20version.txt I'm pretty happy with the features compiled in. But one geared toward emby might be neat. Yeah, also tried out the 1.11.8.1 Lion version, but lack of OpenSSL 1.1.0 annoyed me. Until now i just added the rtmp module, but look foward to include interesting modules from your mentioned site. Which external modules are useful especially for Emby? Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted January 26, 2017 Share Posted January 26, 2017 I use the sub_filter (or HttpSubsModule) not sure if that's out of the box with nginx now a days. I'm not using http2 yet but as i understand emby is going that way so I will. OpenSSL would be nice but i don't use it yet. pretty sure thats the only module i use lol if i think of something else on one of my other sites ill reply back. Link to comment Share on other sites More sharing options...
shorty1483 450 Posted January 27, 2017 Share Posted January 27, 2017 (edited) Since there are so many guys with good configs here, this is mine. The main difference to the others is that stapling is disabled since I use my own CA with openssl. I figured out how tto provide my certs as RSA and as ECDSA variant to get a higher client combabilty without going down in security (this appeals e.g. to older chrome versions) plus preferring CHACHA20-POLY1305-SHA256 as my number one cipher because it's performant AF. The rest is "borrowed" and tested for my use out of the web and from the several examples here from the forum. What I still could no fiddle out is enabling TLS1.3 draft support. I was able to compile nginx 1.11.10 against OpenSSL 1.1.1-dev to get support, but I'm not sure what to set in nginx.conf and the last tests resulted in not supported cipher errors in Chrome and FF. I'm still learning this stuff and reading a lot so if everyone is sure that a command from the config is totally crap please tell me with a short explanation. http { include mime.types; default_type application/octet-stream; keepalive_timeout 65; keepalive_requests 100000; sendfile on; tcp_nopush on; tcp_nodelay on; client_header_timeout 3m; client_body_timeout 3m; send_timeout 3m; gzip on; gzip_vary on; gzip_min_length 1000; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; gzip_disable "MSIE [1-6]\."; access_log C:/nginx/logs/access.log; server { listen 80; server_name cname.domain.com; rewrite ^ https://cname.domain.com$request_uri? permanent; } server { listen 443 ssl http2; server_name cname.domain.com; ssl_certificate cert/cname.domain.com.ecdsa.cer; ssl_certificate_key cert/cname.domain.com.ecdsa.key; ssl_certificate cert/cname.domain.com.rsa.cer; ssl_certificate_key cert/cname.domain.com.rsa.key; ssl_trusted_certificate cert/fullchain.crt; ssl_dhparam cert/dhparam2048.pem; ssl_prefer_server_ciphers on; ssl_ecdh_curve prime256v1:secp384r1; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:!aNULL:!eNULL:!LOW:!3DES:!MD5:!CBC; #ssl_stapling on; ssl_stapling_verify on; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; add_header X-XSS-Protection "1; mode=block"; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header Public-Key-Pins 'pin-sha256="Primary.rsa"; pin-sha256="Secondary.rsa"; pin-sha256="Primary.ECDSA"; pin-sha256="Secondary.ECDSA"; max-age=15768000; includeSubDomains'; keepalive_timeout 180; client_max_body_size 1024M; client_body_buffer_size 10K; client_header_buffer_size 2k; large_client_header_buffers 2 2k; output_buffers 2 32k; http2_max_field_size 16k; http2_max_header_size 32k; ## Emby ## location / { # Send traffic to the backend proxy_pass http://127.0.0.1:8096; proxy_buffering off; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; # Send websocket data to the backend aswell proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } } Edited January 27, 2017 by shorty1483 1 Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted January 27, 2017 Share Posted January 27, 2017 Here is mine, I always like seeing other peoples configs so I can see what they are doing! I removed all of my other domains just leaving my emby setup. I don't focus on the perfect SSL like you guys though... So don't make fun! worker_processes auto; error_log logs/error.log; events { worker_connections 8192; } http { include mime.types; default_type application/octet-stream; server_tokens off; log_format emby '$remote_addr - $userId [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port "$http_x_emby_authorization"'; log_format default '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port'; sendfile off; gzip on; gzip_disable "msie6"; gzip_comp_level 6; gzip_min_length 1100; gzip_buffers 16 8k; gzip_proxied any; gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/rss+xml image/svg+xml; keepalive_timeout 65; server { listen [::]:80; listen 80; listen [::]:443 ssl; listen 443 ssl; return 444; ssl_session_timeout 10m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate ssl/_pub.pem; ssl_certificate_key ssl/_pvt.pem; ssl_session_cache shared:SSL:10m; } server { listen [::]:80; listen 80; listen [::]:443 ssl; listen 443 ssl; server_name emby.domain.net; include userId.Emby; access_log logs/emby.log emby; ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate ssl/_pub.pem; ssl_certificate_key ssl/_pvt.pem; ssl_session_cache shared:SSL:10m; location / { proxy_pass http://127.0.0.1:8080; proxy_hide_header X-Powered-By; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header X-Proxy-Cache $upstream_cache_status; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } ## HTML files only ## location ~* \.(?:html|htm)$ { proxy_pass http://127.0.0.1:8080; sub_filter '<meta property="og:title" content="Emby"><meta property="og:site_name" content="Emby"><meta property="og:url" content="http://emby.media"><meta property="og:description" content="Energize your media."><meta property="og:type" content="article"><meta property="fb:app_id" content="1618309211750238">' '<meta property="og:title" content="nam"><meta property="og:site_name" content="nam"><meta property="og:description" content="Not All Mine"><meta property="og:type" content="article"><meta property="og:image" content="http://notallmine.net/images/FBShare_logo2.png"><meta property="fb:app_id" content=" ">'; sub_filter '<title>Emby</title>' '<title>nam</title>'; sub_filter '</body>' '<script type="text/javascript" src="https://notallmine.net/js/wle_tracker.js" defer></script></body>'; sub_filter_last_modified on; proxy_set_header Accept-Encoding ""; proxy_hide_header X-Powered-By; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header X-Proxy-Cache $upstream_cache_status; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } } 1 Link to comment Share on other sites More sharing options...
chenks 21 Posted May 11, 2017 Share Posted May 11, 2017 i've added a second webserver on my network, and wondered if nginx could handle routing a particular domain name to that server? port 80 on my router is directed to 192.168.1.50 (which is where all the media stuff is... emby/plex/sonarr etc etc), and nginx currently deals with all that via reverse proxy.i now have another server on 192.168.1.57 (which is a development windows server running iis), and it set for a particular domain name is it possible to have nginx route traffic for one domain name to 192.168.1.50 and route traffic to the new domain name to 192.168.1.57? so.... blah.com goes to 192.168.1.50 and blah2.com goes to 192.168.1.57 ?attached is my current nginx conf file #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name blah.com, 192.168.1.50; #charset koi8-r; #access_log logs/host.access.log main; location /sabnzbd { proxy_pass http://127.0.0.1:38080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /web { proxy_pass http://127.0.0.1:32400/web; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /sonar { proxy_pass http://127.0.0.1:38082; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /radarr { proxy_pass http://127.0.0.1:7878; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /couchpotato { proxy_pass http://127.0.0.1:38083; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /transmission { proxy_pass http://127.0.0.1:9091; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /emby { rewrite /emby/(.*) /$1 break; proxy_pass http://127.0.0.1:8096; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /plex { rewrite /plex/(.*) /$1 break; proxy_pass http://127.0.0.1:32400; # whatever your plex port is proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} } Link to comment Share on other sites More sharing options...
Swynol 375 Posted May 11, 2017 Author Share Posted May 11, 2017 Yes all you need to do is create another server block listening on the ports you want and proxy_pass 192.168.1.57. I have a similar setup where I pass traffic from my nginx machine to another machine. I can give a better example when I get home, on my phone atm Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now