Jump to content
garrettjones331

Reverse Proxy - ERR_TOO_MANY_REDIRECTS

Recommended Posts

garrettjones331

Hello,

 

I used Swynol's guide on setting up a reverse proxy in attempt to set up my own (Reference Post #5 - https://emby.media/community/index.php?/topic/47508-how-to-nginx-reverse-proxy/). In terms of NGINX config set up, I essentially copy and pasted his last post replacing his domains and sub-domains with my own.  For the Emby server set up I have the public https port to 443, the external domain set, and the secure connection mode set to "Reverse Proxy".  I have manually checked the server config xml and verified that "requirehttps" is false.  I also have my 80 and 443 ports forwarded to the NGINX server on my router.

 

The issue I'm getting is that when I try to access my server I get a "ERR_TOO_MANY_REDIRECTS" in chrome.

 

I've exhausted my google-fu techniques and come to seek knowledge from others who may be more savvy with NGINX and reverse proxies.

Share this post


Link to post
Share on other sites
pir8radio

Hello,

 

I used Swynol's guide on setting up a reverse proxy in attempt to set up my own (Reference Post #5 - https://emby.media/community/index.php?/topic/47508-how-to-nginx-reverse-proxy/). In terms of NGINX config set up, I essentially copy and pasted his last post replacing his domains and sub-domains with my own.  For the Emby server set up I have the public https port to 443, the external domain set, and the secure connection mode set to "Reverse Proxy".  I have manually checked the server config xml and verified that "requirehttps" is false.  I also have my 80 and 443 ports forwarded to the NGINX server on my router.

 

The issue I'm getting is that when I try to access my server I get a "ERR_TOO_MANY_REDIRECTS" in chrome.

 

I've exhausted my google-fu techniques and come to seek knowledge from others who may be more savvy with NGINX and reverse proxies.

 

I'm just asking to be sure, but did you go get a ssl cert and place the public and private keys in the locations you have in nginx?

SSL/cert.pem

SSL/private.key

Share this post


Link to post
Share on other sites
garrettjones331

Yes, I've done that and verified by looking at the error log file that nginx is actually running.

Share this post


Link to post
Share on other sites
pir8radio

Yes, I've done that and verified by looking at the error log file that nginx is actually running.

 

post your actual config, maybe remove your domain name. 

Share this post


Link to post
Share on other sites
garrettjones331

worker_processes 2;


events {
worker_connections 8192;
}


http {
include mime.types;
default_type application/octet-stream;
server_tokens off;

gzip on;
gzip_disable "msie6";

gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
image/svg+xml;

tcp_nodelay on;

sendfile off;

server_names_hash_bucket_size 128;
map_hash_bucket_size 64;

## Start: Timeouts ##
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 30;
send_timeout 10;
keepalive_requests 10;
## End: Timeouts ##



## Default Listening ##

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;

return 301 https://$host$request_uri;
}

##EMBY Server##

server {
listen [::]:80;
listen 80;
listen [::]:443 ssl;
listen 443 ssl;
server_name mydomain.com; #your subdomain.domainname.com here

ssl_session_timeout 30m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_certificate SSL/cert.pem;
ssl_certificate_key SSL/private.key;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

proxy_hide_header X-Powered-By;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header 'Referrer-Policy' 'no-referrer';

add_header Content-Security-Policy "frame-ancestors mydomain.com;"; #add your domainname and all subdomains listed on your cert


location / {
proxy_pass http://127.0.0.1:8096; # Local emby ip and non SSL port

proxy_hide_header X-Powered-By;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#Next three lines allow websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}


}

Share this post


Link to post
Share on other sites
pir8radio

looks ok, pm me your emby domain name if you want.  

Share this post


Link to post
Share on other sites
garrettjones331

PM'd

Share this post


Link to post
Share on other sites
pir8radio

comment out this line:      #add_header Content-Security-Policy "frame-ancestors mydomain.com;"; #add your domain name and all subdomains listed on your cert

restart nginx and see what happens..    you left this set to "mydomain.com" and "emby.mydomain.com"    just comment it out until you get things working. 

Share this post


Link to post
Share on other sites
garrettjones331

I actually had that corrected in my version, I just changed it back for what I uploaded.  I commented it out anyway and it's still not working.

Share this post


Link to post
Share on other sites
pir8radio

I actually had that corrected in my version, I just changed it back for what I uploaded.  I commented it out anyway and it's still not working.

 

You can get rid of the redirect for now so we can test. comment out the redirect section:

#server {
#    listen 80 default_server;
#    listen [::]:80 default_server;
#    server_name _;
#	  
#	  return 301 https://$host$request_uri;
#}

I'm still receiving it:  

Content-Security-Policy:
frame-ancestors mydomain.com emby.mydomain.com;

Share this post


Link to post
Share on other sites
garrettjones331

Ok, I did it

Share this post


Link to post
Share on other sites
pir8radio

Ok, I did it

 

its still redirecting, changes don't stick until you restart the nginx server software.  are you doing that after changes?

Share this post


Link to post
Share on other sites
garrettjones331

Yep

Share this post


Link to post
Share on other sites
garrettjones331

Actually, I'm stopping and starting the service, is that restarting it?

Share this post


Link to post
Share on other sites
pir8radio

should yea.   pm me your actual config.  something is not right.  but you already know that..  :-)

Share this post


Link to post
Share on other sites
garrettjones331

5b10c7be11909_Capture.png

Here's my server config as well

Share this post


Link to post
Share on other sites
tmirzaian

How did you guys resolve this?  My external users just started getting this error today.

Share this post


Link to post
Share on other sites
Luke

How did you guys resolve this?  My external users just started getting this error today.

Hi you may want to post your nginx config for others to review. Thanks.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...