deiniol39 18 Posted November 28, 2017 Share Posted November 28, 2017 (edited) A few potential things. If you haven't setup nginx, nginx won't forward automatically to Emby. If organizr is listening on 443, what port is nginx listening on? Org A fairly recent change means that if you are using a reverse proxy with the Require "https for external connections" checked you will need to forward traffic from your reverse proxy to Emby's https port. Earlier instructions said to pass traffic to the regular non-SSL http port. Not sure how to set up Nginx, can't find any decent qnap instructions. Have tried copying Swynol settings to the conf file I could find and I get this when I connect to port 89 and 443 See below.. Welcome to nginx! If you see this page, the nginx web server is successfully installed and working. Further configuration is required. For online documentation and support please refer to nginx.org. Commercial support is available at nginx.com. Thank you for using nginx. I have setup Organizr internal only.. I have setup emby with the tick. I know my problem is the whole Nginx setup is all wrong.. :-( Edited November 28, 2017 by deiniol39 Link to comment Share on other sites More sharing options...
Swynol 375 Posted November 29, 2017 Author Share Posted November 29, 2017 So... Can't get past the Verification stage for generating a validated SSL cert. Self-signed is in place now but it doesn't work for external connections even though port 8920 is forwarded. Is there no way to get an SSL cert without having access to some DNS or HTTP stuff? I don't have any of that, just a dynamic DNS address pointing to my IP. At https://zerossl.com/free-ssl/#crt my only options are HTTP or DNS verification. I don't have or want an HTTP server (only emby) and I have no idea where one would edit or place a DNS record. Hi Xen0sys. Do you own your domain name or are you using a free DDNS service like no-ip, dyn-dns etc? if its one of the free ones you wont be able to get a proper cert because you can only get a cert for a domain you own. If you own a domain name then you have to do the verification to prove that you own the domain name. 1 Link to comment Share on other sites More sharing options...
Swynol 375 Posted November 29, 2017 Author Share Posted November 29, 2017 Not sure how to set up Nginx, can't find any decent qnap instructions. Have tried copying Swynol settings to the conf file I could find and I get this when I connect to port 89 and 443 See below.. Welcome to nginx! If you see this page, the nginx web server is successfully installed and working. Further configuration is required. For online documentation and support please refer to nginx.org. Commercial support is available at nginx.com. Thank you for using nginx. I have setup Organizr internal only.. I have setup emby with the tick. I know my problem is the whole Nginx setup is all wrong.. :-( not used a QNAP before so not sure how to set it up. If your getting the above then it looks like NGINX is working but is using the default config. I'm not sure if the file structure is the same as windows but if you go into the NGINX folder, there should be another folder called conf. in here you put your nginx.conf file. if you are accessing organizr using port 443 you will have to change this, not sure how you have organizr setup but you can put it inside NGINX and use NGINX to serve Organizr. Link to comment Share on other sites More sharing options...
deiniol39 18 Posted November 29, 2017 Share Posted November 29, 2017 not used a QNAP before so not sure how to set it up. If your getting the above then it looks like NGINX is working but is using the default config. I'm not sure if the file structure is the same as windows but if you go into the NGINX folder, there should be another folder called conf. in here you put your nginx.conf file. if you are accessing organizr using port 443 you will have to change this, not sure how you have organizr setup but you can put it inside NGINX and use NGINX to serve Organizr. I've switched of Organizr for now, been looking through folder last night. Can't find one called conf. I might try and create one top level and see what that does.. I have adjusted your big config file to match up with my system. SO I will play more this evening or if I get a chance at lunch time.. Great little tutorial though Swynol Diolch ti.. Link to comment Share on other sites More sharing options...
Swynol 375 Posted November 29, 2017 Author Share Posted November 29, 2017 (edited) looks like the conf goes here - .qpkg/QNginx/etc/nginx/nginx.conf Looks like setting up NGINX on a QNAP is a pain in the ar*e. looking at this guide - https://forum.qnap.com/viewtopic.php?t=11184 I was wondering from the name if you were Welsh or live in Wales Edited November 29, 2017 by Swynol 1 Link to comment Share on other sites More sharing options...
aptalca 70 Posted November 29, 2017 Share Posted November 29, 2017 I've switched of Organizr for now, been looking through folder last night. Can't find one called conf. I might try and create one top level and see what that does.. I have adjusted your big config file to match up with my system. SO I will play more this evening or if I get a chance at lunch time.. Great little tutorial though Swynol Diolch ti.. On qnap you might want to go the docker route. Try linuxserver/letsencrypt Here is an article about it: https://www.linuxserver.io/2017/11/28/how-to-setup-a-reverse-proxy-with-letsencrypt-ssl-for-all-your-docker-apps/ And here's one about docker on qnap: https://www.linuxserver.io/2017/09/17/how-to-setup-containers-on-qnap/ Link to comment Share on other sites More sharing options...
deiniol39 18 Posted November 29, 2017 Share Posted November 29, 2017 looks like the conf goes here - .qpkg/QNginx/etc/nginx/nginx.conf Looks like setting up NGINX on a QNAP is a pain in the ar*e. looking at this guide - https://forum.qnap.com/viewtopic.php?t=11184 I was wondering from the name if you were Welsh or live in Wales I am Swynol, from Anglesey.. Born and Bred 1 Link to comment Share on other sites More sharing options...
deiniol39 18 Posted November 30, 2017 Share Posted November 30, 2017 (edited) Little update, Have apps running in Docker now, bit tricky because I was running and Qnap and not many instructions. Bit of a learning curve, but if anybody is stuck let me know and I will try and help.. Next playing with reverse proxy Thanks aptalca for the link would never would have got started without those.. Edited November 30, 2017 by deiniol39 Link to comment Share on other sites More sharing options...
deiniol39 18 Posted November 30, 2017 Share Posted November 30, 2017 On qnap you might want to go the docker route. Try linuxserver/letsencrypt Here is an article about it: https://www.linuxserver.io/2017/11/28/how-to-setup-a-reverse-proxy-with-letsencrypt-ssl-for-all-your-docker-apps/ And here's one about docker on qnap: https://www.linuxserver.io/2017/09/17/how-to-setup-containers-on-qnap/ Thanks aptalca for the link would never would have got started without those.. Link to comment Share on other sites More sharing options...
deiniol39 18 Posted December 1, 2017 Share Posted December 1, 2017 Any idea why I am getting this guys.. Followed swynol instructions. Got docker to work for my apps, but when it come time to encrypt and create the reverse proxy that you are serving files from the webroot path you provided. /var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory [cont-init.d] 50-config: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... usermod: no changes ------------------------------------- _ _ _ | |___| (_) ___ | / __| | |/ _ \ | \__ \ | | (_) | |_|___/ |_|\___/ |_| Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 1000 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d emby.mydomain.cymru -d radarr.mydomain.cymru -d sonarr.mydomain.cymru -d nzbget.mydomain.cymru E-mail address entered: me@.com Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for mydomain.cymru tls-sni-01 challenge for emby.mydomain.cymru tls-sni-01 challenge for radarr.mydomain.cymru tls-sni-01 challenge for sonarr.mydomain.cymru tls-sni-01 challenge for nzbget.mydomain.cymru Waiting for verification... Cleaning up challenges Failed authorization procedure. mydomain.cymru (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for mydomain.cymru, nzbget.mydomain.cymru (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain : : Connection refused, sonarr.mydomain.cymru (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused, radarr.mydomain.cymru (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connectio n refused, emby.mydomain.cymru (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused IMPORTANT NOTES: - The following errors were reported by the server: Domain: mydomain.cymru Type: unknownHost Detail: No valid IP addresses found for mydomain.cymru To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. - The following errors were reported by the server: Domain: nzbget.mydomain.cymru Type: connection Detail: Connection refused Domain: sonarr.mydomain.cymru Type: connection Detail: Connection refused Domain: radarr.mydomain.cymru Type: connection Detail: Connection refused Domain: emby.mydomain.cymru Type: connection Detail: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. /var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory [cont-init.d] 50-config: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. Link to comment Share on other sites More sharing options...
wp.rauchholz 5 Posted December 1, 2017 Share Posted December 1, 2017 I hope it works with a self-signed certificate too? Link to comment Share on other sites More sharing options...
Luke 37113 Posted December 1, 2017 Share Posted December 1, 2017 I hope it works with a self-signed certificate too? Most devices will reject self signed certs and that's going to result in connection failures. Link to comment Share on other sites More sharing options...
KMBanana 84 Posted December 1, 2017 Share Posted December 1, 2017 @@deiniol39 Your docker container can't be reached from the outside internet. There's a lot of potential ways for this to break so you're going to have to check them one by one. Your DNS has to go to your WAN IP address. If you're running Emby from home check https://whatismyipaddress.com/ Port 443 has to be open on your router and forwarding to what's running docker. Your letsencrypt container has to be listening on the port that your router is forwarding to (In all likelihood also 443) The host firewall needs to be allowing the traffic to/from these ports. Link to comment Share on other sites More sharing options...
aptalca 70 Posted December 1, 2017 Share Posted December 1, 2017 Any idea why I am getting this guys.. Followed swynol instructions. Got docker to work for my apps, but when it come time to encrypt and create the reverse proxy that you are serving files from the webroot path you provided. /var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory [cont-init.d] 50-config: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... usermod: no changes ------------------------------------- _ _ _ | |___| (_) ___ | / __| | |/ _ \ | \__ \ | | (_) | |_|___/ |_|\___/ |_| Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 1000 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d emby.mydomain.cymru -d radarr.mydomain.cymru -d sonarr.mydomain.cymru -d nzbget.mydomain.cymru E-mail address entered: me@.com Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for mydomain.cymru tls-sni-01 challenge for emby.mydomain.cymru tls-sni-01 challenge for radarr.mydomain.cymru tls-sni-01 challenge for sonarr.mydomain.cymru tls-sni-01 challenge for nzbget.mydomain.cymru Waiting for verification... Cleaning up challenges Failed authorization procedure. mydomain.cymru (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for mydomain.cymru, nzbget.mydomain.cymru (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain : : Connection refused, sonarr.mydomain.cymru (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused, radarr.mydomain.cymru (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connectio n refused, emby.mydomain.cymru (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused IMPORTANT NOTES: - The following errors were reported by the server: Domain: mydomain.cymru Type: unknownHost Detail: No valid IP addresses found for mydomain.cymru To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. - The following errors were reported by the server: Domain: nzbget.mydomain.cymru Type: connection Detail: Connection refused Domain: sonarr.mydomain.cymru Type: connection Detail: Connection refused Domain: radarr.mydomain.cymru Type: connection Detail: Connection refused Domain: emby.mydomain.cymru Type: connection Detail: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. /var/run/s6/etc/cont-init.d/50-config: line 127: cd: /config/keys/letsencrypt: No such file or directory [cont-init.d] 50-config: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. You need to add a dns A record Link to comment Share on other sites More sharing options...
deiniol39 18 Posted December 1, 2017 Share Posted December 1, 2017 You need to add a dns A record How will that work if I don't have a static address.. My IP will change thats why I have created a DNS link with noip Link to comment Share on other sites More sharing options...
KMBanana 84 Posted December 1, 2017 Share Posted December 1, 2017 How will that work if I don't have a static address.. My IP will change thats why I have created a DNS link with noip Using a dynamic DNS service should be fine. A dynamic DNS still uses an A record though and you need to make sure it's correct, the dynamic means the service to allow you to quickly and automatically update it. Since you probably shouldn't share your DNS here with us you can check it with this site. http://viewdns.info/dnsrecord/ Make sure the A Record correctly matches the IP address from https://whatismyipaddress.com As an additional note on DDNS services, you probably want to set it up so it updates automatically. My router does this for me, but there are other tools available. I found this with about 30seconds of googling, looks OK but I can't personally vouch for it. https://github.com/coppit/docker-no-ip Link to comment Share on other sites More sharing options...
aptalca 70 Posted December 2, 2017 Share Posted December 2, 2017 Using a dynamic DNS service should be fine. A dynamic DNS still uses an A record though and you need to make sure it's correct, the dynamic means the service to allow you to quickly and automatically update it. Since you probably shouldn't share your DNS here with us you can check it with this site. http://viewdns.info/dnsrecord/ Make sure the A Record correctly matches the IP address from https://whatismyipaddress.com As an additional note on DDNS services, you probably want to set it up so it updates automatically. My router does this for me, but there are other tools available. I found this with about 30seconds of googling, looks OK but I can't personally vouch for it. https://github.com/coppit/docker-no-ip I just want to add, I personally use duckdns, which is a great service, and we happen to have a docker for that as well. Sign up for duckdns, you get 5 free subdomains forever, no restrictions. Then you can set up our docker on your qnap, enter your duckdns token and it will make sure your ip is up to date https://hub.docker.com/r/linuxserver/duckdns/ You can either forward your own domain to the duckdns subdomain, or you can get a letsencrypt cert directly for the duckdns subdomain. Use the full url as the domain, ie. "customsubdomain.duckdns.org" and you can get it to cover sub-subdomains such as emby.customsubdomain.duckdns.org 1 Link to comment Share on other sites More sharing options...
Econaut 1 Posted December 12, 2017 Share Posted December 12, 2017 Hi Xen0sys. Do you own your domain name or are you using a free DDNS service like no-ip, dyn-dns etc? if its one of the free ones you wont be able to get a proper cert because you can only get a cert for a domain you own. If you own a domain name then you have to do the verification to prove that you own the domain name. Ahh... The former. I figured it might have that limitation. Link to comment Share on other sites More sharing options...
anujpuri85 1 Posted December 12, 2017 Share Posted December 12, 2017 Alright, so there are a few problems I'm having which I can't figure out. Hoping someone can help (and I apologize if these issues have been brought up previously, but I couldn't find anything on them). I went through the initial 5 steps and purchased a domain off namecheap.com. I should note that I did not purchase a .com, but rather a .media domain name, so not sure if that's the cause of all my issues. I then setup the A+ dynamic IP and used dns as the host. I went to sslforfree.com and created the ssl for the main domain and the dns.mydomain.media, converted the files to .pem and loaded it into Emby. I set the secure port to 443 (for both internal and external). What I could NOT get working was setting up a CNAME for dns, as when I then typed dns.mydomain.media in a browser, nothing loaded and it gave me a dns error. I fiddled with it so many times, but could not get it working. My port 443 is forwarded to my computer. I then decided to try setting up a URL Redirect Record in namecheap instead of using the CNAME. I used @ as the host, so that just mydomain.media would forward, and i set https://dns.mydomain.media as the redirect url. This worked. My emby server loaded and it was secure. So this is the first issue I ran into: that CNAME would not work. Regardless, it was a workaround that seemed to work and proved that port 443 was in fact open and forwarding to my computer. Now, I also have services like Sickrage and Radarr setup on my computer, so I decided to remove the pem file from Emby and try the nginx process. I set my nginx conf file up as shared by multiple people (with separate ports for each service), and nginx seems to be running (as there are three nginx.exe showing in my task manager). Problem is now no url is resolving. Not quite sure what I should setup in the DNS on namecheap. What I've done is added a separate A+ dynamic ip record for each subdomain I want (ie emby.mydomain.media, sickrage.mydomain.media, radarr.mydomain.media). I then tryed the CNAMEs again, using emby as a host, then sickrage, and radarr, each pointing to it's specific A+ url. That never worked. I then tried URL Redirects for each... doesn't work either. And yes, I did update the ssl certificate and added all of the subdomains. Any thoughts on how to get this working? Link to comment Share on other sites More sharing options...
Swynol 375 Posted December 12, 2017 Author Share Posted December 12, 2017 @@anujpuri85 quite alot going on there. I think we first need to get CNAMEs working. remove @ URL redirect. So on namecheap you have a A+ Dynamic DNS record. Host = dns value = xxx.xxx.xxx.xxx (your WAN IP) create a CNAME with Host = emby value = dns.mydomain.media give it 10 - 15 mins to replicate. then ping emby.mydomain.media. it should reply with your WAN IP. if after 30mins it still doesnt work, contact the online namecheap chat and ask them to check their servers as its probably not replicating correctly. You need to forward both port 80 and port 443 to NGINX machine. You need to change the ports on emby server back to original so HTTP is 8096 and HTTPS is 8920, restart Emby, then check the listening ports in NGINX and restart that. So NGINX will bind to ports 80 and 443. 1 Link to comment Share on other sites More sharing options...
anujpuri85 1 Posted December 12, 2017 Share Posted December 12, 2017 @@Swynol Alright, so I did what you said and pinging it shows my ip, but I don't get a response. Pinging emby.mydomain.media shows PING dns.mydomain.media (XX.XXX.XXX.XX): 56 data bytes. It then continues to show timeouts. Both 80 and 443 ports are forwarding to my computer. I also set the ports within emby to defaults. Here's what my nginx.conf looks like: #user nobody; # multiple workers works ! worker_processes 2; events { worker_connections 8192; } http { #include /nginx/conf/naxsi_core.rules; include mime.types; default_type application/octet-stream; sendfile off; server_names_hash_bucket_size 128; map_hash_bucket_size 64; ## Start: Timeouts ## client_body_timeout 10; client_header_timeout 10; keepalive_timeout 30; send_timeout 10; keepalive_requests 10; ## End: Timeouts ## #gzip on; ##EMBY Server## server { listen [::]:80; listen 80; listen [::]:443 ssl; listen 443 ssl; server_name emby.mydomain.media; ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate SSL/cert.pem; ssl_certificate_key SSL/private.key; ssl_session_cache shared:SSL:10m; if ($scheme = http) { return 301 https://$server_name$request_uri; } location / { proxy_pass http://10.0.0.10:8096; # Local emby ip and non SSL port proxy_hide_header X-Powered-By; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Next three lines allow websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } ##Sickrage Server## server { listen [::]:80; listen 80; listen [::]:443 ssl; listen 443 ssl; server_name shows.mydomain.media; ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate SSL/cert.pem; ssl_certificate_key SSL/private.key; ssl_session_cache shared:SSL:10m; if ($scheme = http) { return 301 https://$server_name$request_uri; } location / { proxy_pass http://10.0.0.10:8088; proxy_hide_header X-Powered-By; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Next three lines allow websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } ##NZB Server## server { listen [::]:80; listen 80; listen [::]:443 ssl; listen 443 ssl; server_name down.mydomain.media; ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate SSL/cert.pem; ssl_certificate_key SSL/private.key; ssl_session_cache shared:SSL:10m; if ($scheme = http) { return 301 https://$server_name$request_uri; } location / { proxy_pass http://10.0.0.10:6868; proxy_hide_header X-Powered-By; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Next three lines allow websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } ##Radarr## server { listen [::]:80; listen 80; listen [::]:443 ssl; listen 443 ssl; server_name radarr.mydomain.media; ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate SSL/cert.pem; ssl_certificate_key SSL/private.key; ssl_session_cache shared:SSL:10m; if ($scheme = http) { return 301 https://$server_name$request_uri; } location / { proxy_pass http://10.0.0.10:7878; proxy_hide_header X-Powered-By; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ##Ombi## server { listen [::]:80; listen 80; listen [::]:443 ssl; listen 443 ssl; server_name ombi.mydomain.media; ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate SSL/cert.pem; ssl_certificate_key SSL/private.key; ssl_session_cache shared:SSL:10m; if ($scheme = http) { return 301 https://$server_name$request_uri; } location / { proxy_pass http://10.0.0.10:3579; proxy_hide_header X-Powered-By; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } } Link to comment Share on other sites More sharing options...
Swynol 375 Posted December 13, 2017 Author Share Posted December 13, 2017 ok so it sounds like the CNAMEs are working. can you get to any of your services? remove the below from your emby block if ($scheme = http) { return 301 https://$server_name$request_uri; } restart NGINX and then try connecting to emby using your domain name but use HTTP Link to comment Share on other sites More sharing options...
anujpuri85 1 Posted December 13, 2017 Share Posted December 13, 2017 Same result with the ping unfortunately. Going in a browser doesn't load anything and just gives me a dns error. If i do add the non-secure port at the end of the url in a browser, then emby loads. and I know the 443 port is forwarding, because setting up the ssl the other way (within emby) worked (although the cname didnt work, i had to do a URL forward to dns.mydomain.media). Link to comment Share on other sites More sharing options...
mediacowboy 438 Posted December 13, 2017 Share Posted December 13, 2017 Same result with the ping unfortunately. Going in a browser doesn't load anything and just gives me a dns error. If i do add the non-secure port at the end of the url in a browser, then emby loads. and I know the 443 port is forwarding, because setting up the ssl the other way (within emby) worked (although the cname didnt work, i had to do a URL forward to dns.mydomain.media).Have you verified that your ISP isn't blocking 443 and 80? I know my ISP blocks commonly used ports like that. Link to comment Share on other sites More sharing options...
anujpuri85 1 Posted December 13, 2017 Share Posted December 13, 2017 Yep, I checked that too and they are not blocking them. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now