mastrmind11 717 Posted August 14, 2017 Share Posted August 14, 2017 Using the standard Emby nginx config floating around here, when I point my ATV client at port 80, I get invalid username or password, but when I point it at 8096, I am able to log in using the same credentials. Any idea what might cause that? I don't have access to my nginx logs atm, just trying to get some ideas before I get home and can access my server. Thanks Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted August 14, 2017 Share Posted August 14, 2017 Using the standard Emby nginx config floating around here, when I point my ATV client at port 80, I get invalid username or password, but when I point it at 8096, I am able to log in using the same credentials. Any idea what might cause that? I don't have access to my nginx logs atm, just trying to get some ideas before I get home and can access my server. Thanks I have not ran into this myself, I don't recall are you using a subdomain or subdirectory path to your emby? Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted August 14, 2017 Author Share Posted August 14, 2017 I have not ran into this myself, I don't recall are you using a subdomain or subdirectory path to your emby? Technically a subdirectory, which happens to be the root directory. Just got home so I'm gonna start combing logs. I'll post when/if I figure it out. Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted August 14, 2017 Author Share Posted August 14, 2017 (edited) So I checked the logs. 301 redirect to a 401 authentication error every time: PUBLIC_IP - - [13/Aug/2017:12:52:17 -0400] "GET /emby/system/info/public?format=json HTTP/1.1" 301 178 "-" "Dalvik/2.1.0 (Linux; U; Android 7.0; BRAVIA 4K GB Build/NRD91N.S56)" PUBLIC_IP - - [13/Aug/2017:12:52:18 -0400] "GET /emby/system/info/public?format=json HTTP/2.0" 200 762 "-" "Dalvik/2.1.0 (Linux; U; Android 7.0; BRAVIA 4K GB Build/NRD91N.S56)" PUBLIC_IP - - [13/Aug/2017:12:52:18 -0400] "GET /emby/system/info/public?format=json HTTP/1.1" 301 178 "-" "Dalvik/2.1.0 (Linux; U; Android 7.0; BRAVIA 4K GB Build/NRD91N.S56)" PUBLIC_IP - - [13/Aug/2017:12:52:18 -0400] "GET /emby/system/info/public?format=json HTTP/2.0" 200 762 "-" "Dalvik/2.1.0 (Linux; U; Android 7.0; BRAVIA 4K GB Build/NRD91N.S56)" PUBLIC_IP - - [13/Aug/2017:12:52:18 -0400] "GET /emby/Users/Public?format=json HTTP/1.1" 301 178 "-" "Dalvik/2.1.0 (Linux; U; Android 7.0; BRAVIA 4K GB Build/NRD91N.S56)" PUBLIC_IP - - [13/Aug/2017:12:52:18 -0400] "GET /emby/Users/Public?format=json HTTP/2.0" 200 2022 "-" "Dalvik/2.1.0 (Linux; U; Android 7.0; BRAVIA 4K GB Build/NRD91N.S56)" PUBLIC_IP - - [13/Aug/2017:12:52:44 -0400] "POST /emby/Users/AuthenticateByName?format=json HTTP/1.1" 301 178 "-" "Dalvik/2.1.0 (Linux; U; Android 7.0; BRAVIA 4K GB Build/NRD91N.S56)" PUBLIC_IP - - [13/Aug/2017:12:52:44 -0400] "GET /emby/Users/AuthenticateByName?format=json HTTP/2.0" 401 127 "-" "Dalvik/2.1.0 (Linux; U; Android 7.0; BRAVIA 4K GB Build/NRD91N.S56)" PUBLIC_IP - - [13/Aug/2017:12:53:12 -0400] "GET /emby/system/info/public?format=json HTTP/1.1" 301 178 "-" "Dalvik/2.1.0 (Linux; U; Android 7.0; BRAVIA 4K GB Build/NRD91N.S56)" PUBLIC_IP - - [13/Aug/2017:12:53:12 -0400] "GET /emby/system/info/public?format=json HTTP/2.0" 200 762 "-" "Dalvik/2.1.0 (Linux; U; Android 7.0; BRAVIA 4K GB Build/NRD91N.S56)" PUBLIC_IP - - [13/Aug/2017:12:53:12 -0400] "GET /emby/Users/Public?format=json HTTP/1.1" 301 178 "-" "Dalvik/2.1.0 (Linux; U; Android 7.0; BRAVIA 4K GB Build/NRD91N.S56)" PUBLIC_IP - - [13/Aug/2017:12:53:12 -0400] "GET /emby/Users/Public?format=json HTTP/2.0" 200 2022 "-" "Dalvik/2.1.0 (Linux; U; Android 7.0; BRAVIA 4K GB Build/NRD91N.S56)" PUBLIC_IP - - [13/Aug/2017:12:53:33 -0400] "POST /emby/Users/AuthenticateByName?format=json HTTP/1.1" 301 178 "-" "Dalvik/2.1.0 (Linux; U; Android 7.0; BRAVIA 4K GB Build/NRD91N.S56)" PUBLIC_IP - - [13/Aug/2017:12:53:33 -0400] "GET /emby/Users/AuthenticateByName?format=json HTTP/2.0" 401 128 "-" "Dalvik/2.1.0 (Linux; U; Android 7.0; BRAVIA 4K GB Build/NRD91N.S56)" Here's my very basic scrubbed nginx config: server { # SSL configuration include /etc/nginx/proxy.conf; listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; include /etc/nginx/snippets/strong-ssl.conf; ssl_certificate /etc/letsencrypt/live/domain_XXX/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain_XXX/privkey.pem; # Root location root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.php index.nginx-debian.html; # Basic Auth to protect the site # auth_basic "Restricted"; # auth_basic_user_file /etc/nginx/.htpasswd; # Change the client side error pages (4xx) to prevent some information disclosure error_page 401 403 404 /404.html; # First attempt to serve request as file, then as directory, # then fall back to displaying a 404. # location / { # try_files $uri $uri/ =404; # proxy_pass http://10.0.1.152:8088; #for root redirect to organizr # # } # Deny access to .htaccess files, if Apache's document # root concurs with nginx's one location ~ /\.ht { deny all; } # Let's Encrypt Webroot plugin location -- allow access location ^~ /.well-known/acme-challenge/ { auth_basic off; autoindex on; } # Authorization --- use for login redirect to another auth service location /auth-admin { internal; #rewrite ^ /auth.php?admin; proxy_pass http://10.0.1.152:8088/auth.php?admin; proxy_set_header Content-Length ""; } location / { #emby at root of webserver proxy_pass http://10.0.1.152:8096; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } Thanks for any insight. Edited August 14, 2017 by mastrmind11 Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted August 14, 2017 Share Posted August 14, 2017 (edited) @@mastrmind11 You said you were connecting your ATV using port 80, but your server is setup for HTTPS, I don't see where it is listening for port 80. A few of the clients FireTV included don't do redirects. Does it work if you use https://xxxxxxx:443 from your client? Edited August 14, 2017 by pir8radio Link to comment Share on other sites More sharing options...
Solution mastrmind11 717 Posted August 15, 2017 Author Solution Share Posted August 15, 2017 @@mastrmind11 You said you were connecting your ATV using port 80, but your server is setup for HTTPS, I don't see where it is listening for port 80. A few of the clients FireTV included don't do redirects. Does it work if you use https://xxxxxxx:443 from your client? That's a good point. I have 80 and 443 open, and when I go to domain:80 it redirects to https on all of my clients I've tried other than the remote ATVs. Not sure how that works now that you mention it since nginx isn't explicitly listening on 80.... unless it does 80 by default?? In any case, I have not tried 443 yet, since I just recently (long thread about it in the ATV section) got the clients connecting to the server. You're probably correct though, I'll bet 443 works. I'll give it a shot when I get access to the ATVs this weekend. Thanks for the help! 1 Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted August 22, 2017 Author Share Posted August 22, 2017 @@mastrmind11 You said you were connecting your ATV using port 80, but your server is setup for HTTPS, I don't see where it is listening for port 80. A few of the clients FireTV included don't do redirects. Does it work if you use https://xxxxxxx:443 from your client? Just to close this out, 443 works. Still not sure why 80 gets redirected w/o explicitly being listed in the server block, but whatever. Thanks again for the help. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted August 22, 2017 Share Posted August 22, 2017 (edited) Just to close this out, 443 works. Still not sure why 80 gets redirected w/o explicitly being listed in the server block, but whatever. Thanks again for the help. Np. Try it on a pc/browser that has never connected to your domain name. Is port 80 even open to nginx? Curious..... As I recall, hsts tells the browser to redirect on the client side. So if you previously went to the https version of your domain your browser will remember that the domain has hsts enabled (for the time frame you have set in the config) and automatically redirect to 443, never hitting your server on 80 even though you put 80/http in your browser. Edited August 22, 2017 by pir8radio Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted August 22, 2017 Author Share Posted August 22, 2017 Np. Try it on a pc/browser that has never connected to your domain name. Is port 80 even open to nginx? Curious..... As I recall, hsts tells the browser to redirect on the client side. So if you previously went to the https version of your domain your browser will remember that the domain has hsts enabled (for the time frame you have set in the config) and automatically redirect to 443, never hitting your server on 80 even though you put 80/http in your browser. Ah yeah, that's probably it. I was set up as 80 before I got 443 set up. Thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now