chenks 21 Posted July 21, 2018 Share Posted July 21, 2018 I tried to do this with the PFSENSE squid reverse proxy. I was procuring forbmy home automation system and Emby. I found it difficult because many of the buttons in the web content were url pointers to specific sub directory content after the domain. that is a major part of the reason I picked up a forstvlevel domain and use subdomains to differentiate the services behind my reverse proxy. Sent from my iPhone using Tapatalk most, if not all, the services i plan to use have a "URL Base" setting so you can tell it that it's now being used in such a way. this removes any of the issues you found. Link to comment Share on other sites More sharing options...
Swynol 375 Posted July 22, 2018 Author Share Posted July 22, 2018 i started the thread before i really gave nginx a chance. from someone who has used both option, NGINX is clearly the way forward. Link to comment Share on other sites More sharing options...
chenks 21 Posted July 22, 2018 Share Posted July 22, 2018 I have a specific reason for moving away from nginx to iis, so unfortunately it doesn't matter how great nginx is Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted July 22, 2018 Share Posted July 22, 2018 I have a specific reason for moving away from nginx to iis, so unfortunately it doesn't matter how great nginx is well... not trying to woo you to stay with nginx... I understand weird reasons for doing one thing or another.. But I am a little curious what the reason is? I promise I wont try to tell you nginx can do that too lol.... just curious. but you should be able to do what you are looking to do in iis might just have to google around.. I don't think you will find as many examples as you would for nginx, but the info is out there if you do some digging. Link to comment Share on other sites More sharing options...
chenks 21 Posted July 23, 2018 Share Posted July 23, 2018 (edited) because i want to go 100% IIS. i'll be doing asp.net stuff and i just want to keep it solely IIS without having nginx sitting anywhere. any chance you could fire up your IIS and refresh your memory? i'm getting nowhere fast with this, and none of the msdn sites seem to show examples of this way of doing it - they all seem to point to using sub-domains. Edited July 23, 2018 by chenks Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted July 23, 2018 Share Posted July 23, 2018 (edited) because i want to go 100% IIS. i'll be doing asp.net stuff and i just want to keep it solely IIS without having nginx sitting anywhere. any chance you could fire up your IIS and refresh your memory? i'm getting nowhere fast with this, and none of the msdn sites seem to show examples of this way of doing it - they all seem to point to using sub-domains. I'll do some digging... Ill fire up IIS and see what my old emby rule was... maybe something like.... <rule name="Proxy"> <match url="http://domain.com/emby/(.*)"/> <action type="Rewrite" url="http://domain.com/{R:1}" /> </rule> https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-configuration-reference Edited July 23, 2018 by pir8radio Link to comment Share on other sites More sharing options...
chenks 21 Posted July 23, 2018 Share Posted July 23, 2018 i've been using sabnzbd as my test application. i got it working with a sub-domain, so that's a start at least. this is using Windows Server 2012 R2 <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <rewrite> <rules> <rule name="ReverseProxyInboundRule1" stopProcessing="true"> <match url="(.*)" /> <action type="Rewrite" url="http://192.168.1.2:8080/{R:1}" /> <serverVariables> <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" /> <set name="HTTP_ACCEPT_ENCODING" value="" /> </serverVariables> </rule> </rules> <outboundRules> <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1"> <match filterByTags="A, Form, Img" pattern="^http(s)?://192.168.1.2:8080/(.*)" /> <action type="Rewrite" value="http{R:1}://sabnzbd.blah.co.uk/{R:2}" /> </rule> <rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding"> <match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" /> <action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" /> </rule> <preConditions> <preCondition name="ResponseIsHtml1"> <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" /> </preCondition> <preCondition name="NeedsRestoringAcceptEncoding"> <add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" /> </preCondition> </preConditions> </outboundRules> </rewrite> </system.webServer> </configuration> Link to comment Share on other sites More sharing options...
KeithA 0 Posted November 25, 2018 Share Posted November 25, 2018 HelloI must been an idiot because after trying all day I am unable to get it working. My initial goal is to get my server secure. I tried various conf that have been posted changing what I thought was needed however it still wont work. Currently I have a domain from freenom but am not positive if I have the dns setup correctly. If someone can let me know how to setup the dns I can check my settings to see if they are correct. My IP seldom changes but I have an account at dyndns and can forward if necessary. I didn't seem to have an issue creating the certs. I think the issue may be around the fact that I use a vpn. I am using a forwarded port and cant use 443 as suggested in your guide. I have been able to access Emby in the past from remote using http without issue. Do you have any suggestions? Thanks Link to comment Share on other sites More sharing options...
Luke 37113 Posted November 25, 2018 Share Posted November 25, 2018 Hi, what exactly is the problem that you're having? 1 Link to comment Share on other sites More sharing options...
Tur0k 143 Posted November 25, 2018 Share Posted November 25, 2018 (edited) Do on the public Internet you would want a DNS A record that points to your home’s public Internet IP address. Often domain hosts have a program that can be installed on a computer in your home that allows you to dynamically update a synthetic record to your public Internet IP address. Have you done anything like this? Sent from my iPhone using Tapatalk Edited November 25, 2018 by Tur0k Link to comment Share on other sites More sharing options...
KeithA 0 Posted November 25, 2018 Share Posted November 25, 2018 (edited) The problem I am having is that my server isn't accessible from the internet. I have tried the HTTPS way and the reverse proxy method. It is clearly something I am doing wrong, this is completely foreign to me. I added an A record and used my current IP as found using "whatsmyip". I added a cname "emby" as most of the posts have directed. It is directed towards my domain xxxxxx.xxx. When I ping emby.xxxxxx.xxx I get a response from my public IP address (vpn exit IP). I setup emby with the cert, added my domain emby.xxxxxx.xxx and used a port that is known to be forwarded through my vpn. Emby shows https://emby.xxxxxx.xxx:forwarded port after a restart. I have tried accessing it from both inside and outside my home network and neither works. Windows has the port open for both udp and tcp. I am sure I just missed a step..... Thanks Edited November 25, 2018 by KeithA Link to comment Share on other sites More sharing options...
KeithA 0 Posted November 25, 2018 Share Posted November 25, 2018 I think my issue maybe the vpn. I cant use any port I want so the typical 443 wont be forwarded to the vpn. It generates a random port that must be used. Link to comment Share on other sites More sharing options...
Tur0k 143 Posted November 25, 2018 Share Posted November 25, 2018 The problem I am having is that my server isn't accessible from the internet. I have tried the HTTPS way and the reverse proxy method. It is clearly something I am doing wrong, this is completely foreign to me. I added an A record and used my current IP as found using "whatsmyip". I added a cname "emby" as most of the posts have directed. It is directed towards my domain xxxxxx.xxx. When I ping emby.xxxxxx.xxx I get a response from my public IP address (vpn exit IP). I setup emby with the cert, added my domain emby.xxxxxx.xxx and used a port that is known to be forwarded through my vpn. Emby shows https://emby.xxxxxx.xxx:forwarded port after a restart. I have tried accessing it from both inside and outside my home network and neither works. Windows has the port open for both udp and tcp. I am sure I just missed a step..... Thanks What is the deal with trying to host the connection through your VPN? Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
KeithA 0 Posted November 25, 2018 Share Posted November 25, 2018 I guess I don't know any better. My computer has a vpn client and is normally on 24/7. All of my traffic goes through it. Is there another way to be more anonymous online? It hasn't been an issue until I tried this. I certainly am open to other ideas. Thanks Link to comment Share on other sites More sharing options...
Tur0k 143 Posted November 25, 2018 Share Posted November 25, 2018 (edited) I guess I don't know any better. My computer has a vpn client and is normally on 24/7. All of my traffic goes through it. Is there another way to be more anonymous online? It hasn't been an issue until I tried this. I certainly am open to other ideas. Thanks Fair, I have a very similar setup. Really, I want my browsing to be private. I don’t mind access from the public Internet to my Emby environment being hosted through my WAN IP. I set access to the Internet from my Emby server through my VPN. When browsing the Internet the source IP is the source IP of my VPN service. Access from the Internet to my Emby front end is handled via my reverse proxy and is facilitated via the wan public IP with my ISP. That said, I address security with in a few ways. 1. I have implemented an IP reputation blocking tool installed on my internet facing firewall. It synchronizes with multiple lists that are publicly maintained. It blocks communication to and from malicious sources. 2. Additionally, I augment this with countermeasures that block at 8 bad password attempts from public Internet sources. Sent from my iPhone using Tapatalk Edited November 25, 2018 by Tur0k Link to comment Share on other sites More sharing options...
KeithA 0 Posted November 26, 2018 Share Posted November 26, 2018 Thanks for your reply! How do you give access around the VPN? I connect using the app provided from the provider. It is pretty basic and doesn't allow special openvpn arguments. I would like to set it up similar to what you are doing. Thanks again for your help.... Link to comment Share on other sites More sharing options...
Tur0k 143 Posted November 26, 2018 Share Posted November 26, 2018 (edited) Thanks for your reply! How do you give access around the VPN? I connect using the app provided from the provider. It is pretty basic and doesn't allow special openvpn arguments. I would like to set it up similar to what you are doing. Thanks again for your help.... 1 Set your DDNS synthetic A record subdomain to your home’s wan address. If you use a small app to synch, don’t use it on your Emby Server as it will report that it is on its vpn Public IP. 2. Stand up a reverse proxy ( Nginx, HAProxy, caddy, etc) on another system on the same local network. A. Setup the proxy to handle Emby connections. B. Setup SSL offloading in the reverse proxy. 3. Port forward port 443 to your reverse proxy. Test Sent from my iPhone using Tapatalk Edited November 26, 2018 by Tur0k Link to comment Share on other sites More sharing options...
Luke 37113 Posted January 27, 2020 Share Posted January 27, 2020 Guys is there any interest in a Nginx Windows version compiled against OpenSSL 1.1.0 with http2 module enabled to check out latest cipher suites like CHACHA20_POLY1305? Since the official or several unofficial Win Binaries of Nginx do either not include http2 module or do not use OpenSSL 1.1.0, I decided to set up an Windows Build environment and try it myself from source. Latest Win Binary I use currently is latest Nginx 1.11.10 source with OpenSSL 1.1.0c. nginx version: nginx/1.11.10 built by cl 16.00.30319.01 for 80x86 built with OpenSSL 1.1.0c 10 Nov 2016 TLS SNI support enabled configure arguments: --with-cc=cl --builddir=objs --prefix= --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-temp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fastcgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsgi-temp-path=temp/uw sgi_temp --with-cc-opt=-DFD_SETSIZE=32768 --with-pcre=objs/lib/pcre-8.40 --with-zlib=objs/lib/zlib-1.2.11 --with-openssl=objs/lib/openssl-1.1.0c --with-select_module --with-http_realip_module --with-h ttp_addition_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_slice_module --with-mail --with-stream --with-http_ssl_module --with-mail_ssl_module --with-s tream_ssl_module --with-http_v2_module --add-module=objs/lib/nginx-rtmp-module-1.1.10 --with-openssl-opt=no-asm Emby Server 4.4 will have http2 support on Windows and Linux. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now