Emby wants me to login everytime the browser refreshes

[scott0830 1]

Yesterday I updated to 3.2.32.0 on my Ubuntu 16.04  running Nginx with proxypass box.  Now whenever I (or other users) login to the web interface it prompts to enter the credentials.  I figured it was just from pushing the update, but anytime you access or refresh the browser (Chrome, FF, Edge) it pushes you to the login screen.  I've dumped the cache on the browsers and nothing changes.  I even removed all my plugins, restarted the server and still nothing changes.

 

Anyone else experiencing this or have experienced this?

 

Thanks!

[Luke 37008]

Hi, it sounds like browsing data is being cleared. that's the only thing that would cause this.

[scott0830 1]

Thats kinda what I was thinking as well.  Any ideas as to what could cause this?

[Luke 37008]

The only thing I can think of would be a browser setting or security software you may have configured to clear that out at certain times.

[SkyBehind 23]

I've experienced the same thing since update to 3.2.32.0

[pir8radio 1292]

are you both using nginx as your reverse proxy?  Post that config, leave out your domain name. 

[scott0830 1]

I'm glad I'm not the only experiencing this, makes me feel better.

 

Here's my config for my proxy pass nginx

 

#proxy for Emby Server

 

location /emby {

proxy_pass http://127.0.0.1:8096;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-Proto $remote_addr;

proxy_set_header X-Forwarded-Protocol $scheme;

proxy_redirect off;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

}

[Luke 37008]

@@pir8radio have you seen this?

[pir8radio 1292]

 

I'm glad I'm not the only experiencing this, makes me feel better.

 

Here's my config for my proxy pass nginx

 

#proxy for Emby Server

 

location /emby {

proxy_pass http://127.0.0.1:8096;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-Proto $remote_addr;

proxy_set_header X-Forwarded-Protocol $scheme;

proxy_redirect off;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

}

 

 

can you post your whole config?  include the HTTP and SERVER sections please?  If we cant figure it out via your config, you can PM me your server address I can probably spot whats going on, maybe create a temp test account with no real access.

Also I don't think you need these lines in your particular setup:

proxy_set_header X-Forwarded-Proto $remote_addr;

proxy_set_header X-Forwarded-Protocol $scheme;

proxy_redirect off;

 

@@pir8radio have you seen this?

 

No not on my server. 

Edited September 26, 2017 by pir8radio

[scott0830 1]

Sure!  I've been using this same config for a year and half, even with those portions you said  I shouldn't need (used this as a guide: https://gist.github.com/flip-bs/e2f8453000b3d345777897055c906647 FYI).  Haven't experienced any issues with emby until this latest patch and this isn't a major issue IMO just a slight inconvenience. 

 

#http redirect

server {

    listen "port";

    server_name subdomain.domain.com;

    root /usr/share/nginx/html;

    index index.html index.htm;

 

location / {

        if ($scheme = http) {

            return 301 https://$server_name$request_uri;

        }

    }

 

}

 

# HTTPS server

#

 

server {

 

# root services

 

        listen "port";

 

        server_name subdomain.domain.com;

 

 

root /usr/share/nginx/html;

 

        index index.html index.htm;

#proxy for Emby Server

 

location /emby {

proxy_pass http://127.0.0.1:8096;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-Proto $remote_addr;

proxy_set_header X-Forwarded-Protocol $scheme;

proxy_redirect off;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

}

# SSL Stuff

 

        ssl on;

ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem; # managed by Certbot

ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem; # managed by Certbot

 

add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";

ssl_stapling on;

ssl_stapling_verify on;

    # Your favorite resolver may be used instead of the Google one below

resolver 8.8.8.8;

 

        ssl_session_timeout 5m;

 

 

 

        #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

 

 

ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

 

        #ssl_prefer_server_ciphers on;

 

        # random seed for TLS. 

 

        ssl_dhparam /etc/nginx/ssl/dhparams.pem;

 

location ~ /.well-known {

                allow all;

        }

 

add_header X-Content-Type-Options "nosniff" always;

 

add_header X-Frame-Options "SAMEORIGIN" always;

 

add_header X-Xss-Protection "1";

 

#add_header Content-Security-Policy "default-src 'self'; script-src 'self' *.domain.com"; 

 

 

}

 

Edited September 26, 2017 by scott0830

[pir8radio 1292]

Ok you can remove any of that info from your previous post you want to remain hidden. 

 

what happens when you remove the /emby from  location /emby {   and just make it  location / {     reload the nginx on that box. 

[scott0830 1]

I was pretty sure I took out any of the personal stuff out of my the config (now i see i missed my ports).

 

Anyways, I'd prefer not to remove /emby as I have other applications running on that box as well, just cut those out of the config before posting.  I can do that and test if I need to though.  

[morpheus65535 3]

Got the same problem with Apache reverse proxy:

ProxyPass /embywebsocket ws://10.0.0.5:8096/embywebsocket
ProxyPassReverse /embywebsocket wss://10.0.0.5:8096/embywebsocket

ProxyPass /emby http://10.0.0.5:8096/emby
ProxyPassReverse /emby http://10.0.0.5:8096/emby

I've using this config for almost 2 years.

[pir8radio 1292]

I was pretty sure I took out any of the personal stuff out of my the config (now i see i missed my ports).

 

Anyways, I'd prefer not to remove /emby as I have other applications running on that box as well, just cut those out of the config before posting.  I can do that and test if I need to though.  

 

if you use a sub domain setup XXXX.yourdomain.com you don't need the /emby no matter how many other servers you are running, they should all use different ports.     The nginx server contacts the back end servers based on ip:port in your current config.  Remove it everything should still work as it does, hopefully without the auto logout. Let us know how it goes.

 

Reverse proxy users, you should always try NOT to use /emby to the back end server if you can.  you dont need it if you use a sub domain like emby.yourdomain.com, if you use a SUB DIRECTORY   yourdomain.com/emby   for the entry address then you can still strip off the /emby before passing the url to the backend server. /emby breaks things, and I bet emby software depreciates it eventually, I wouldn't rely on it, it always creates issues.

 

For subdirectory users that want to learn how to strip the /emby from the backend see this post: https://emby.media/community/index.php?/topic/45351-sync-with-reverse-proxy-not-working-correctly/?p=425907

Edited September 27, 2017 by pir8radio

[Happy2Play 8242]

I see the same issue on a standard Windows install connecting remotely.  Sure I can select remember me and avoid the issue but without that option selected, if you refresh in any browser you are bounced to login page.  Http and https same results. 

[pir8radio 1292]

I see the same issue on a standard Windows install connecting remotely.  Sure I can select remember me and avoid the issue but without that option selected, if you refresh in any browser you are bounced to login page.  Http and https same results. 

 

Using the /emby url?     Didn't it always log you out if you didnt have remember me checked?  If not then that is probably the issue..   

Edited September 27, 2017 by pir8radio

[arrbee99 1551]

I see the same issue on a standard Windows install connecting remotely.  Sure I can select remember me and avoid the issue but without that option selected, if you refresh in any browser you are bounced to login page.  Http and https same results. 

 

As is this ? https://emby.media/community/index.php?/topic/50662-chrome-thing/

[Happy2Play 8242]

As is this ? https://emby.media/community/index.php?/topic/50662-chrome-thing/

 

Yes that issue, but locally it is fine it is only Remote connection (never mentioned in topic).

 

 

Using the /emby url?     Didn't it always log you out if you didnt have remember me checked?  If not then that is probably the issue..   

 

Well default connection on at lease Windows via WANIP or DDNS (http://xxxxxxxxxxx.homeserver.com:8096 or http://xxxxxxxx.homeserver.com:8096/emby) get same results.

[pir8radio 1292]

@@scott0830 Even if there is another underlying issue, I would still setup nginx correctly since you are using a sub domain, and strip the /emby sync, and other app features will work incorrectly otherwise. 

Edited September 27, 2017 by pir8radio

[mwongjay 64]

I've also not seen this issue with local or remote clients. I use nginx as a reverse proxy for external clients using ssl. I'm on v3.2.32.7. I've posted my nginx config below.

location /emby {
    proxy_pass              https://192.168.20.14:8920;
    proxy_set_header        X-Real-IP               $remote_addr;
    proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
    proxy_set_header        Host                    $host;
    proxy_set_header        X-Forwarded-Proto       $remote_addr;
    proxy_set_header        X-Forwarded-Protocol    $scheme;
    proxy_redirect          off;

    proxy_http_version      1.1;
    proxy_set_header        Upgrade                 $http_upgrade;
    proxy_set_header        Connection              "upgrade";
}

[scott0830 1]

@pir8radio

 

I ripped out /emby and that does seem to resolve my logout issue.  Thanks for the fix!

 

Thanks for the help!

[morpheus65535 3]

@@pir8radio

 

Removing the /emby in my Apache reverse proxy fixed the problem for my subdomain configuration:

ProxyPass /embywebsocket ws://10.0.0.5:8096/embywebsocket
ProxyPassReverse /embywebsocket wss://10.0.0.5:8096/embywebsocket

ProxyPass /emby http://10.0.0.5:8096
ProxyPassReverse /emby http://10.0.0.5:8096

Thanks!

[pir8radio 1292]

@@scott0830 @@morpheus65535  Thanks for considering the solution guys, I know it seems strange especially considering it had been working for years...  I've always ran into random issues with the /emby  I bet its hard for the emby team to maintain that "reverse proxy fix" through all platforms and changes they are doing.    But not having it in there provides a little cleaner/transparent reverse proxy setup as well.

Edited September 27, 2017 by pir8radio