Jump to content

Cloudflare CDN and Websockets

graphixmaker

By graphixmaker
in Linux

 Share

Recommended Posts

jscoys

jscoys   143

Posted
Posted

Hello guys. I’m experiencing an issue: it works very nice for several hours and if I restart the Emby server app only (not the whole server machine, not the router), I can’t access my server via my domain.com anymore nor internally nor externally via my mobile phone. I have a windows server... I have to refresh several times to get it back... what is weird is that with the native apps from my iphone from externally (LTE), it works right away. I have Cloudflare, I tested every configs... nothing helped. Someone experiencing this with a windows server?

 

 

Sent from my iPad using Tapatalk

  • Like 1
Link to comment
Share on other sites
pir8radio

pir8radio   1292

Posted
Posted

Hello guys. I’m experiencing an issue: it works very nice for several hours and if I restart the Emby server app only (not the whole server machine, not the router), I can’t access my server via my domain.com anymore nor internally nor externally via my mobile phone. I have a windows server... I have to refresh several times to get it back... what is weird is that with the native apps from my iphone from externally (LTE), it works right away. I have Cloudflare, I tested every configs... nothing helped. Someone experiencing this with a windows server?

 

 

Sent from my iPad using Tapatalk

 

I do not. 

Link to comment
Share on other sites
virtualtinker

virtualtinker   8

Posted
Posted

Hello guys. I’m experiencing an issue: it works very nice for several hours and if I restart the Emby server app only (not the whole server machine, not the router), I can’t access my server via my domain.com anymore nor internally nor externally via my mobile phone. I have a windows server... I have to refresh several times to get it back... what is weird is that with the native apps from my iphone from externally (LTE), it works right away. I have Cloudflare, I tested every configs... nothing helped. Someone experiencing this with a windows server?

 

 

Sent from my iPad using Tapatalk

The only thing I can personally add from my past experience in getting cloudflare setup is that the Windows firewall stinks. I had initially setup a rule so that only cloudflare ip ranges would be allowed to access my server (my Asus firewall doesn't allow for incoming want rules) and it worked initially, but after restarting the Emby service, everything just stopped working. I ended up having to turn off the Windows firewall to get everything running correctly.

 

Currently I'm working on getting an edge firewall replacement for my Asus router so I can manage this rule on my firewall where it should have occurred in the first place. I'm still undecided though if I want to go with pfsense or Ubiquiti's USG as they both have their pros and cons. Anyway, not sure if you are experiencing the same issue, but that's my windows story. This is all on 8.1 btw.

Link to comment
Share on other sites
  • 1 month later...
skuuup

skuuup   24

Posted
Posted

Well, after some work I was able to achieve CloudFlare reverse proxy + websockets for my local Emby server using nginx on my router (OpenWRT).

 

I based my config off of the guide here and it works with CloudFlare "orange" proxied sites. My config only uses HTTPS, and CloudFlare is enforcing this redirect with all SSL options enabled. HSTS is enabled and working great as well.

 

Main improvements:
Updated security headers, ssl verification, http2, and more performance settings..

 

My nginx.conf and server config can be found here.

 

Happy to help anyone else still struggling to get this set up! I've tested and this works with Emby Theater for Windows and also Roku. :)

Link to comment
Share on other sites
skuuup

skuuup   24

Posted
Posted

Also, if you are attempting to do this off your router that is running OpenWRT (like I did) then you will need to compile a custom package of nginx for your router model that has the SSL & HTTP2 modules added..because these modules aren't enabled by default in the package offered by the opkg repo.

 

Let me know if you need any help with this. I don't recommend DD-WRT for this task..I was never able to get nginx working properly using it.

Link to comment
Share on other sites
  • 1 month later...
Canaletto

Canaletto   2

Posted
Posted (edited)
Hello,

 

I have a strange problem with CloudFlare. I am asking the question here because I think it's more of a Cloudflare problem than Windows.

 

Everything works perfectly on a Windows 2016 server. Then I switched over via Cloudflare, in SSL with a Cloudflare certificate, port 8443.

I blocked on the firewall so that only the Cloudflare IPs pass.

 

If I access via app.emby.media (browser or apps) everything happens normally.

 

If I try to access it via https; // emby.domain.tld: 8443 it does not pass.

 

Thanks for the ideas ...

 

EDIT : set Cloudflare crypto as FULL SSL (not as Flexible) and is OK

Edited by Canaletto
Link to comment
Share on other sites
pir8radio

pir8radio   1292

Posted
Posted

 

Hello,
 
I have a strange problem with CloudFlare. I am asking the question here because I think it's more of a Cloudflare problem than Windows.
 
Everything works perfectly on a Windows 2016 server. Then I switched over via Cloudflare, in SSL with a Cloudflare certificate, port 8443.
I blocked on the firewall so that only the Cloudflare IPs pass.
 
If I access via app.emby.media (browser or apps) everything happens normally.
 
If I try to access it via https; // emby.domain.tld: 8443 it does not pass.
 
Thanks for the ideas ...
 
EDIT : set Cloudflare crypto as FULL SSL (not as Flexible) and is OK

 

 

so you are good? Don't need additional assistance? 

Link to comment
Share on other sites
jscoys

jscoys   143

Posted
Posted

Hello guys. I’m experiencing an issue: it works very nice for several hours and if I restart the Emby server app only (not the whole server machine, not the router), I can’t access my server via my domain.com anymore nor internally nor externally via my mobile phone. I have a windows server... I have to refresh several times to get it back... what is weird is that with the native apps from my iphone from externally (LTE), it works right away. I have Cloudflare, I tested every configs... nothing helped. Someone experiencing this with a windows server?

 

 

Sent from my iPad using Tapatalk

Hello guys, sorry didn’t post anything since I resolved my issue. It seems the original firmware was just not working correctly.... I finally installed dd-wrt on my router and now https requests are handled correctly! My Emby server is totally responsive, night and day.

 

 

Sent from my iPad using Tapatalk

  • Like 1
Link to comment
Share on other sites
  • 3 weeks later...
horstepipe

horstepipe   356

Posted
Posted

Hey

as an alternative to fail2ban it came to my mind to simply block the login page of my Emby server with the cloudflare zone lockdown feature. As all my clients are Kodi devices which are logged in anyways, I don't need to have the login page accessible.

Do you guys think this is a reasonable step for security purposes? I guess attackers are still able to login through the API?

Link to comment
Share on other sites
horstepipe

horstepipe   356

Posted
Posted

@@Luke I'm wondering, why does the server redirect to a url with a server id

https://mydomain.biz/web/login.html?serverid=xxxxxxxx

although I don't use Emby Connect?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...