Jump to content


Photo

Nginx limit download speed


  • Please log in to reply
11 replies to this topic

#1 plexman OFFLINE  

plexman

    Advanced Member

  • Members
  • 333 posts
  • Local time: 05:37 PM
  • LocationSpain

Posted 20 March 2018 - 01:38 PM

Emby has the amazing feature to allow users to download content. This is pretty cool but when an user downloads content it uses all available bandwith of your server. Adding this location block in your nginx config will limit the speed of the download and the number of simultaneous downloads per IP address.

# Add this outside of you server block
limit_conn_zone $binary_remote_addr zone=addr:10m;

# Bandwith limit (inside server block)
location ~ /emby/Items/(.*)/Download$ {
       # Send traffic to the backend
       proxy_pass http://localhost:8096;
       proxy_set_header Range $http_range;
       proxy_set_header If-Range $http_if_range;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

       # Send websocket data to the backend aswell
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";

       limit_rate 1700k; # Speed limit (here is on kb/s)
       limit_conn addr 3; # Number of simultaneous downloads per IP
       limit_conn_status 460;
       proxy_buffering on;
}

# Error page
error_page 460 http://your-page-telling-your-limit/;

So in this case 3 parallel downloads at 1,7 Mb/s (note that Nginx takes speed values, not bandwith) are allowed, the "460 error" (you can specify whatever error number you want) redirects the user to a custom page when he tries to download the 4th item. In my case I have a webpage telling something like "Ops... You are downloading too much... Wait until your current downloads are completed"

 

Hope it helps somebody!

 

References:

https://emby.media/c...-reverse-proxy/

https://www.nginx.co...limiting-nginx/


Edited by plexman, 17 September 2018 - 01:46 PM.

  • Swynol, Spaceboy, pir8radio and 5 others like this

#2 mastrmind11 OFFLINE  

mastrmind11

    Advanced Member

  • Members
  • 2837 posts
  • Local time: 11:37 AM
  • LocationLong Island, NY

Posted 20 March 2018 - 04:44 PM

well done.


  • plexman likes this

#3 Jdiesel OFFLINE  

Jdiesel

    Advanced Member

  • Members
  • 2745 posts
  • Local time: 10:37 AM
  • LocationRegina, SK

Posted 20 March 2018 - 05:01 PM

Very nice


  • plexman likes this

#4 plexman OFFLINE  

plexman

    Advanced Member

  • Members
  • 333 posts
  • Local time: 05:37 PM
  • LocationSpain

Posted 17 September 2018 - 01:47 PM

I've edited the location regex with a cleaner one.


  • Maximus Naxsus likes this

#5 Justy OFFLINE  

Justy

    Member

  • Members
  • 19 posts
  • Local time: 05:37 PM
  • LocationGermany

Posted 25 April 2019 - 04:21 PM

Hi,

 

I'm following this community since almost one year. It's amazing and you can find many answers to almost every question.

But now I'm stuck.

 

Is this config still working with actual emby 4.1.0.26? i put it in my nginx, but does not seem to have any effect.

Thanks in advance



#6 Justy OFFLINE  

Justy

    Member

  • Members
  • 19 posts
  • Local time: 05:37 PM
  • LocationGermany

Posted 06 July 2019 - 07:57 AM

Hi @plexman,

 

please see my configs below. I think I placed your code at the wrong places. Can you check/help?
FYI: I build my config by several post i.e. by Swynol's .

And I'm a newbie in nginx and linux.

My emby server is running on openmediavault 4; no docker;


nginx.conf

user www-data;
worker_processes 2;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;



events {
	worker_connections 1024;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

#timeout
    #proxy_connect_timeout 1h;
    #proxy_send_timeout 1h;
    #proxy_read_timeout 1h;
    #limit_conn_zone $binary_remote_addr zone=addr:10m;


	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}




sites-available

limit_conn_zone $binary_remote_addr zone=addr:10m;

server {
    
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate     /etc/ssl/certs/openmediavault.crt;
    ssl_certificate_key /etc/ssl/private/openmediavault.key;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    server_name emby.emby4ever.de;
    index index.html;
    access_log /var/log/nginx/1c5b4f27-66bb-4384-a5c0-access.log;
    error_log  /var/log/nginx/1c5b4f27-66bb-4384-a5c0-error.log;
    large_client_header_buffers 4 8k;
    server_tokens off;
    	
	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
	



location ^~ /swagger {   ## Disables access to swagger interface
        return 404;
}




location ~ /emby/Items/(.*)/Download$ {

proxy_pass http://192.168.178.24:8096; # Local emby ip and non SSL port
proxy_hide_header X-Powered-By;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


add_header 'Referrer-Policy' 'no-referrer';
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff"  always;
add_header X-Xss-Protection "1; mode=block" always;
add_header Content-Security-Policy "default-src 'none'; child-src 'self'; font-src 'self' data:; connect-src 'self' wss: ws: https://mb3admin.com https://github.com/MediaBrowser/; media-src 'self' blob: data: https://github.com/MediaBrowser/; manifest-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; worker-src 'self' blob:; script-src 'self' https://www.gstatic.com; img-src data: https: http: ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/css" always;



#Next three lines allow websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "";


limit_rate 1700k; # Speed limit (here is on kb/s)
limit_conn addr 3; # Number of simultaneous downloads per IP
limit_conn_status 460;
proxy_buffering on;

}

}

thanks in advance

 

Justy
 


Edited by Justy, 18 July 2019 - 03:36 PM.


#7 plexman OFFLINE  

plexman

    Advanced Member

  • Members
  • 333 posts
  • Local time: 05:37 PM
  • LocationSpain

Posted 09 July 2019 - 02:41 PM

I don't see any error in your config, what does the command "nginx -t" say?

 

The only thing I see, not relative to the download, limit is this line in websockets:

proxy_set_header Connection "";

Should it be?:

proxy_set_header Connection "upgrade";


#8 Justy OFFLINE  

Justy

    Member

  • Members
  • 19 posts
  • Local time: 05:37 PM
  • LocationGermany

Posted 09 July 2019 - 03:00 PM

where did you find "nginx -t"?

Can't find it.

 

proxy_set_header Connection "";

I have it from here:

https://emby.media/c...se-proxy-nginx/

post #96

 

-------------------------

 

but I forgot something:
Shouldn' there be also a line like this

location / {
proxy_pass http://192.168.178.24:8096; # Local emby ip and non SSL port

before

location ~ /emby/Items/(.*)/Download$ {
 

or both locations???



#9 Justy OFFLINE  

Justy

    Member

  • Members
  • 19 posts
  • Local time: 05:37 PM
  • LocationGermany

Posted 09 July 2019 - 03:33 PM

Ah, I checked it :

 

root@omv:~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
 


Edited by Justy, 09 July 2019 - 03:33 PM.


#10 Justy OFFLINE  

Justy

    Member

  • Members
  • 19 posts
  • Local time: 05:37 PM
  • LocationGermany

Posted 09 July 2019 - 05:07 PM

Hi plexman,

I was thinking about the problem this evening. Maybe this is not correct for me:

location ~ /emby/Items/(.*)/Download$ {

nginx does not find anything here :unsure: ??

 



#11 Justy OFFLINE  

Justy

    Member

  • Members
  • 19 posts
  • Local time: 05:37 PM
  • LocationGermany

Posted 25 July 2019 - 03:16 PM

Hi @plexman,

 

I figured it out!

I don't know why, but my path is

https://emby.mydomain.de/web/index.html#!/itemdetails.html?id=43802&serverId=xyz


it should be (If I add /emby/ between it already works)
 

https://emby.mydomain.de/emby/web/index.html#!/itemdetails.html?id=43802&serverId=xyz


So first option is to change/correct path here

location ~ /emby/Items/(.*)/Download$ {


or to correct

 

https://emby.mydomain.de/web/index.html#!/itemdetails.html?id=43802&serverId=xyz


But how can I achieve this? Can you help? why is the /emby missing???

Thanks in advance

 

justy


Edited by Justy, 25 July 2019 - 03:19 PM.


#12 Justy OFFLINE  

Justy

    Member

  • Members
  • 19 posts
  • Local time: 05:37 PM
  • LocationGermany

Posted 06 August 2019 - 03:20 PM

Hi,

 

so I finally got it. Just for information for everyone:

location  ~ /Items/(.*)/Download$ {


proxy_pass http://192.168.178.24:8096; # Local emby ip and non SSL port

proxy_hide_header X-Powered-By;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;


#Next three lines allow websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";



limit_rate 2500k; 			# Speed limit (here is on kb/s)
limit_conn addr 1;			# Number of simultaneous downloads per IP
limit_conn_status 460;                  # custom error page
proxy_buffering on;

}

error_page 460 /460.html;               # for a custom local hosted error page (named 460.html)
        location = /460.html {
          root /var/www/html;           # path to the local error page
           internal;
       }

and in  http {

 

limit_conn_zone $binary_remote_addr zone=addr:10m;

just one question for the pro's:

What do I have to change, because the error page does not show up after clicking for second download at once. it shows instead file not available 404. After a refresh it shows the custom error page?

 


Edited by Justy, 06 August 2019 - 03:24 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users