Cloudflare CDN and Websockets

[jscoys 143]

Yep because you need nat loopback for that to work without your own dns server, some routers don't have this.

 

On Linux I use dnsmasq internally - not sure what's out there for Windows.

Hum didn’t do anything it finally worked from inside I’m able to reach my domain.com... ahhhh Windows ;-)

 

Marry Christmas geek guys!

 

 

Sent from my iPhone using Tapatalk

[jscoys 143]

You do not no - have you set up the dynamic dns I sent you the link to? Maybe your ip has changed...

Hey! I used the program you sent (Cloudflareddnsupdater), work great as an app but crashes when I try to put it as a service. So I used nssm to run it as a service and now it’s working! I just tested forcing an WAN Ip change and it updated it correctly in Cloudflare!

 

Thx a lot!

 

 

Sent from my iPhone using Tapatalk

[jscoys 143]

Hum weird thing here: it seems to work, everything is parametered but when I try to reach my server from outside, even if it seems smoother and faster, i don’t see any stats... is it normal?

 

 

 

Sent from my iPad using Tapatalk

[pir8radio 1292]

the stats are about 30 mins behind, but you should see something for the month.    If you cant figure it out, pm me your domain, we can see if it is even running through CF wich it looks like its not. 

 

 

Edited December 27, 2017 by pir8radio

[jscoys 143]

Ok finally figured out... it was "DNS ONLY"... thx for your help!

[jscoys 143]

Hum @pir8radio: I see your stats and they are high. Is CloudFlare caching videos too or just images?

[pir8radio 1292]

Hum @pir8radio: I see your stats and they are high. Is CloudFlare caching videos too or just images?

 

Just images...   My stats are for the month.   You can see video is not being cached,  I moved 233GB last month but only 5.14GB was cached (images, javascript, css, html) the other 228GB was video streams. 

Edited December 28, 2017 by pir8radio

[virtualtinker 8]

Yes @@dcrdev is correct, you have to either setup your emby server to use standard HTTP/HTTPS ports (80/443) or use one of their supported ports he listed above. 

 

So you bought a domain, you changed your domain DNS servers to use the cloudflare DNS servers right?   You then create an A record in cloudflare that is your base domain name that points to your server IP address. 

 

 

You should then update your emby server to use port 80 and 443 ideally, and update the emby "External Domain" to show your domain name. 

If you don't want to change your emby local ports, you can port forward from 80/443 in your router to your existing local emby ports. 

 

Once you get that far let us know.  THere are a few cloudflare settings you should add that are emby specific, but those additional settings only improve the efficiency when using cloudflare. 

 

@@pir8radio, you had mentioned about Cloudflare settings that should be done that were Emby specific, can you elaborate on them? I know in past threads, you mentioned adding the page rule that explicitly forces the caching of the images directory, which I've added. However even after adding this, the performance of my web server via Cloudflare is pretty terrible. I can't even get any of the static content to load up, When it does, it takes multiple refreshes and a lot of time and luck, and I'm not even to the point where I am attempting to stream anything; this is strictly just getting navigation through the GUI working. If I hit my media server directly by IP and bypass the CDN, the performance is fine, it's only an issue when going through Cloudflare. Was there anything else special you needed to do beyond the page rule to get the performance opitmal?

 

Some other things I've done, my SSL is set to full (strict) using their shared cert, and the generated origin CA. I also don't have any of those performance things available like minify or rocket loader. I also went ahead and rebuilt my image cache on my server, then flushed the CDN in hopes that maybe i had something corrupt that was affecting it to no avail. There is also no nginx in this setup; it's just Cloudflare pointing to my WAN IP which is NAT'd to my Windows media server directly.

 

Do you or anyone else have any suggestions I could try? I'm kind of at a loss at this point as I thought I've tinkered with just about every setting I can use in the free plan. About the only thing I have left to try is to upgrade to the Pro plan and see if my problems go away magically like some other posters mentioned in the past. I'd like to try avoiding that if possible as it's not a real solution for me to have to upgrade my plan to get this working when others apparently can make things run fine with the free plan.

 

Any suggestions would be appreciated. Thanks!

[jscoys 143]

Hum i had the same issue (reloading multiple times...) but it was without ssl. Once I put the ssl on it worked better! What is you « crypto » setting and how did you generate your ssl?


Sent from my iPhone using Tapatalk

Edited January 4, 2018 by jscoys

[horstepipe 356]

Just images...   My stats are for the month.   You can see video is not being cached,  I moved 233GB last month but only 5.14GB was cached (images, javascript, css, html) the other 228GB was video streams. 

 

I'm still not able to figure out to make cloudflare cache the images. maybe it's because I only have Kodi clients?

Anybody else here using only Kodi clients and got image caching working?

[virtualtinker 8]

Hum i had the same issue (reloading multiple times...) but it was without ssl. Once I put the ssl on it worked better! What is you « crypto » setting and how did you generate your ssl?

 

 

Sent from my iPhone using Tapatalk

My SSL is set to Full (strict). I'm using Cloudflare's shared SSL cert on their edge. My media server is using the free origin CA that you can generate via their gui. I had it originally generated as a .der and used that and the .key to convert it to a .pfx which I installed on my windows machine and pointed Emby to use. I'd need force HTTPs in Emby and put in my domain name with https:// in the advanced settings. I've tried different variations of the other security settings on the Crypto tab with regard to the TLS with no luck, although right now, it's as lax as it could be as I wanted to get it working before I started tightening the screws on it.

[dcrdev 251]

My SSL is set to Full (strict). I'm using Cloudflare's shared SSL cert on their edge. My media server is using the free origin CA that you can generate via their gui. I had it originally generated as a .der and used that and the .key to convert it to a .pfx which I installed on my windows machine and pointed Emby to use. I'd need force HTTPs in Emby and put in my domain name with https:// in the advanced settings. I've tried different variations of the other security settings on the Crypto tab with regard to the TLS with no luck, although right now, it's as lax as it could be as I wanted to get it working before I started tightening the screws on it.

 

What are you getting in your browsers debug console - any errors?

 

Also you mentioned including the https:// scheme in the adcanced settings in Emby - you didn't put https://domain.com in the custom domain box did you? It should just be your root domain/dubdomain i.e. domain.com or emby.domain.com.

[virtualtinker 8]

What are you getting in your browsers debug console - any errors?

 

Also you mentioned including the https:// scheme in the adcanced settings in Emby - you didn't put https://domain.com in the custom domain box did you? It should just be your root domain/dubdomain i.e. domain.com or emby.domain.com.

I provided a screenshot of what the console looked like in Chrome when I tried to go to https://mydomain.com/web/index.html. Nothing even loaded up for me as the screen was black.

 

Regarding the domain, I'm pretty sure you can put it both days in that custom domain box, as I had it with the https:// initially, and didn't have any problems when using a let's encrypt cert and pointing to my WAN address directly; the problems only arise when I put myself behind the CDN/proxy. Just the same, I took the https out and confirmed I am still experiencing the same issues.

 

[virtualtinker 8]

So this morning I went ahead and checked the debug console again from my computer at work and this time, I saw 522 errors being thrown. Cloudflare had this link regarding it.

 

https://support.cloudflare.com/hc/en-us/articles/200171906-Error-522-Connection-timed-out

 

In looking at that, I discovered that it looks like the firewall on my Asus router looks like it's the culprit and is blocking or rate limiting the requests. When I turned off the firewall functionality on my router, magically everything seems to be working properly. Unfortunately, it looks like Asus's firmware doesn't have any functionality that I see to allow me to whitelist incoming internet traffic, which just seems silly. I was trying to avoid it this time, but it looks like I am going to need to change out the firmware for something else.  Does anyone have any suggestions? I've used DD-WRT in the past, but it's been so long, I'm not all that sure if there's any others out there that might be worth a look these days. If it makes any difference, I use an Asus RT-AC66U router.

 

@@dcrdev, thanks for the suggestion on checking the console debug logs!

[dcrdev 251]

So this morning I went ahead and checked the debug console again from my computer at work and this time, I saw 522 errors being thrown. Cloudflare had this link regarding it.

 

https://support.cloudflare.com/hc/en-us/articles/200171906-Error-522-Connection-timed-out

 

In looking at that, I discovered that it looks like the firewall on my Asus router looks like it's the culprit and is blocking or rate limiting the requests. When I turned off the firewall functionality on my router, magically everything seems to be working properly. Unfortunately, it looks like Asus's firmware doesn't have any functionality that I see to allow me to whitelist incoming internet traffic, which just seems silly. I was trying to avoid it this time, but it looks like I am going to need to change out the firmware for something else.  Does anyone have any suggestions? I've used DD-WRT in the past, but it's been so long, I'm not all that sure if there's any others out there that might be worth a look these days. If it makes any difference, I use an Asus RT-AC66U router.

 

@@dcrdev, thanks for the suggestion on checking the console debug logs!

 

Really a firewall where you can't change the rules - that seems absurd?

 

Never uses dd-wrt but heard it's good, but can sometimes be a bit unstable. I WOULD however highly recommend pfsense, if you've got an old computer laying around or willing to fork out for either one of their embedded devices or one of those cheapo Japanese mini pcs. 

[Jdiesel 1114]

So this morning I went ahead and checked the debug console again from my computer at work and this time, I saw 522 errors being thrown. Cloudflare had this link regarding it.

 

https://support.cloudflare.com/hc/en-us/articles/200171906-Error-522-Connection-timed-out

 

In looking at that, I discovered that it looks like the firewall on my Asus router looks like it's the culprit and is blocking or rate limiting the requests. When I turned off the firewall functionality on my router, magically everything seems to be working properly. Unfortunately, it looks like Asus's firmware doesn't have any functionality that I see to allow me to whitelist incoming internet traffic, which just seems silly. I was trying to avoid it this time, but it looks like I am going to need to change out the firmware for something else. Does anyone have any suggestions? I've used DD-WRT in the past, but it's been so long, I'm not all that sure if there's any others out there that might be worth a look these days. If it makes any difference, I use an Asus RT-AC66U router.

 

@@dcrdev, thanks for the suggestion on checking the console debug logs!

Which model of Asus router do you own? I recommend trying the Merlin firmware build first.

 

https://asuswrt.lostrealm.ca

[virtualtinker 8]

Which model of Asus router do you own? I recommend trying the Merlin firmware build first.

 

https://asuswrt.lostrealm.ca

So I just tried to get the Merlin build installed and ran into problems. Due to some regulatory thing, you have to go into recovery mode to flash the firmware, but every time I tried, I could never get the dashboard to respond to ICMP. I ended up giving up and flashing back the stock Asus firmware which came back no problem, although I did have to re-do my settings. However after I quickly put my settings back to the way they were, I noticed that my media server was responding great via cloudflare in spite of the firewall being on.  I took a closer look and noticed that I didn't turn on the DoS protection feature this time. I turned it back on to test and can confirm that the performance goes to crap again. Turn it off and everything is great again. In retrospect, I had initially turned it on to protect my WAN IP, but I suppose it's probably not so much necessary if cloudflare is handling it.

 

However, this whole incident with getting hacked that prompted my wanting to tighten the screws on my media server has left me finding the built-in Asus firewall a bit lacking. I liked the suggestion dcrdev made about putting an edge router out with a dedicated firewall, so I'm going to look into that option more and see what I can budget over the next few months.

 

Thanks all that helped me get on the right path to troubleshooting my problem, hopefully this info about the Asus firewall might help someone else in the future!

[pir8radio 1292]

@@pir8radio, you had mentioned about Cloudflare settings that should be done that were Emby specific, can you elaborate on them? I know in past threads, you mentioned adding the page rule that explicitly forces the caching of the images directory, which I've added. However even after adding this, the performance of my web server via Cloudflare is pretty terrible. I can't even get any of the static content to load up, When it does, it takes multiple refreshes and a lot of time and luck, and I'm not even to the point where I am attempting to stream anything; this is strictly just getting navigation through the GUI working. If I hit my media server directly by IP and bypass the CDN, the performance is fine, it's only an issue when going through Cloudflare. Was there anything else special you needed to do beyond the page rule to get the performance opitmal?

 

Some other things I've done, my SSL is set to full (strict) using their shared cert, and the generated origin CA. I also don't have any of those performance things available like minify or rocket loader. I also went ahead and rebuilt my image cache on my server, then flushed the CDN in hopes that maybe i had something corrupt that was affecting it to no avail. There is also no nginx in this setup; it's just Cloudflare pointing to my WAN IP which is NAT'd to my Windows media server directly.

 

Do you or anyone else have any suggestions I could try? I'm kind of at a loss at this point as I thought I've tinkered with just about every setting I can use in the free plan. About the only thing I have left to try is to upgrade to the Pro plan and see if my problems go away magically like some other posters mentioned in the past. I'd like to try avoiding that if possible as it's not a real solution for me to have to upgrade my plan to get this working when others apparently can make things run fine with the free plan.

 

Any suggestions would be appreciated. Thanks!

 

Sounds like you figured out your issue, firewall?    How are things working now?

 

 

 

I'm still not able to figure out to make cloudflare cache the images. maybe it's because I only have Kodi clients?

Anybody else here using only Kodi clients and got image caching working?

 

Maybe @@Angelblue05 Could say how images are grabbed from the server when using kodi, I'm not entirely sure how that process works..   does kodi grab images once and use local copies?  does kodi grab new images from the server each time..   Would server side caching of images even be of any use when using only kodi?

[Angelblue05 4130]

The add-on provides the urls to artwork to Kodi, which caches it locally. That is what is used within the library. If you change your artwork on the server, the add-on will delete the cached image and provide the new url to Kodi.

 

Artwork url is built using the server address at the time you synced your library.

Edited January 6, 2018 by Angelblue05

[pir8radio 1292]

The add-on provides the urls to artwork to Kodi, which caches it locally. That is what is used within the library. If you change your artwork on the server, the add-on will delete the cached image and provide the new url to Kodi.

 

Artwork url is built using the server address at the time you synced your library.

 

Thanks!    So what I read from that is once the images are pulled from emby, kodi caches them locally.  Which is why you don't see future requests @horstepipe   and cloudflare needs 2 or 3 back to back requests before it caches the image.

Edited January 6, 2018 by pir8radio

[horstepipe 356]

Thanks!    So what I read from that is once the images are pulled from emby, kodi caches them locally.  Which is why you don't see future requests @horstepipe   and cloudflare needs 2 or 3 back to back requests before it caches the image.

 

Thanks for trying to clarify, but as I described here some weeks ago, I did a full database reset in Kodi and forced-cached all images (you can do this within the Emby for Kodi addon) multiple times in a row without success (cf’s analytics overview still showed a way too low value for cached items)

[virtualtinker 8]

Sounds like you figured out your issue, firewall? How are things working now?

Things are great. I had a friend give it a go yesterday to test and she's says that it's even faster than before, which surprises me a bit to be honest. I knew the caching and better peering would have some sort of impact for those further away, but I didn't expect it would be so noticeable with only an hour's distance from my media server. Just the same like I mentioned earlier, I do want to look into getting a better firewall solution. The $150 pfsense edge router appliance looks interesting,but I need to see if I can get some more opinions on it to make sure it's the right solution before I invest.

[jscoys 143]

Things are great. I had a friend give it a go yesterday to test and she's says that it's even faster than before, which surprises me a bit to be honest. I knew the caching and better peering would have some sort of impact for those further away, but I didn't expect it would be so noticeable with only an hour's distance from my media server. Just the same like I mentioned earlier, I do want to look into getting a better firewall solution. The $150 pfsense edge router appliance looks interesting,but I need to see if I can get some more opinions on it to make sure it's the right solution before I invest.

Him today I ran into the same issue as you... I’m trying to activate/deactivate different things but it’s not working well anymore... what did you do to resolve your problem?

 

 

Sent from my iPhone using Tapatalk

[virtualtinker 8]

Him today I ran into the same issue as you... I’m trying to activate/deactivate different things but it’s not working well anymore... what did you do to resolve your problem?

 

 

Sent from my iPhone using Tapatalk

My problem was specific to my Asus router which had a setting that wasn't playing nice with Cloudflare's proxy setup. I had to turn off the DoS setting in order to get things working, see the screenshot below.  Beyond that, I had the typical settings I've read about setup in the Cloudflare interface (the page rule for for caching images that pir8tradio has mentioned in other threads, and disabling all of the performance settings such as the minify and the rocket loader).

 

[jscoys 143]

Ok hum i figured out. Yesterday I decided to change back my if address to the first one I had to do my Cloudflare tests. And it seems that with this up adress specifically my isp is reducing the bandwitdth or it is considering the ip as « under attack » and then it works badly... I forced to change my public ip by changing my MAC address and everything worked again! Thx for your encouragements!

 

 

Sent from my iPhone using Tapatalk