garrettjones331 1 Posted June 1, 2018 Posted June 1, 2018 Hello, I used Swynol's guide on setting up a reverse proxy in attempt to set up my own (Reference Post #5 - https://emby.media/community/index.php?/topic/47508-how-to-nginx-reverse-proxy/). In terms of NGINX config set up, I essentially copy and pasted his last post replacing his domains and sub-domains with my own. For the Emby server set up I have the public https port to 443, the external domain set, and the secure connection mode set to "Reverse Proxy". I have manually checked the server config xml and verified that "requirehttps" is false. I also have my 80 and 443 ports forwarded to the NGINX server on my router. The issue I'm getting is that when I try to access my server I get a "ERR_TOO_MANY_REDIRECTS" in chrome. I've exhausted my google-fu techniques and come to seek knowledge from others who may be more savvy with NGINX and reverse proxies.
pir8radio 1304 Posted June 1, 2018 Posted June 1, 2018 Hello, I used Swynol's guide on setting up a reverse proxy in attempt to set up my own (Reference Post #5 - https://emby.media/community/index.php?/topic/47508-how-to-nginx-reverse-proxy/). In terms of NGINX config set up, I essentially copy and pasted his last post replacing his domains and sub-domains with my own. For the Emby server set up I have the public https port to 443, the external domain set, and the secure connection mode set to "Reverse Proxy". I have manually checked the server config xml and verified that "requirehttps" is false. I also have my 80 and 443 ports forwarded to the NGINX server on my router. The issue I'm getting is that when I try to access my server I get a "ERR_TOO_MANY_REDIRECTS" in chrome. I've exhausted my google-fu techniques and come to seek knowledge from others who may be more savvy with NGINX and reverse proxies. I'm just asking to be sure, but did you go get a ssl cert and place the public and private keys in the locations you have in nginx? SSL/cert.pem SSL/private.key
garrettjones331 1 Posted June 1, 2018 Author Posted June 1, 2018 Yes, I've done that and verified by looking at the error log file that nginx is actually running.
pir8radio 1304 Posted June 1, 2018 Posted June 1, 2018 Yes, I've done that and verified by looking at the error log file that nginx is actually running. post your actual config, maybe remove your domain name.
garrettjones331 1 Posted June 1, 2018 Author Posted June 1, 2018 worker_processes 2; events { worker_connections 8192; } http { include mime.types; default_type application/octet-stream; server_tokens off; gzip on; gzip_disable "msie6"; gzip_comp_level 6; gzip_min_length 1100; gzip_buffers 16 8k; gzip_proxied any; gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/rss+xml image/svg+xml; tcp_nodelay on; sendfile off; server_names_hash_bucket_size 128; map_hash_bucket_size 64; ## Start: Timeouts ## client_body_timeout 10; client_header_timeout 10; keepalive_timeout 30; send_timeout 10; keepalive_requests 10; ## End: Timeouts ## ## Default Listening ## server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301 https://$host$request_uri; } ##EMBY Server## server { listen [::]:80; listen 80; listen [::]:443 ssl; listen 443 ssl; server_name mydomain.com; #your subdomain.domainname.com here ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate SSL/cert.pem; ssl_certificate_key SSL/private.key; ssl_session_cache shared:SSL:10m; ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; proxy_hide_header X-Powered-By; add_header X-Xss-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header 'Referrer-Policy' 'no-referrer'; add_header Content-Security-Policy "frame-ancestors mydomain.com;"; #add your domainname and all subdomains listed on your cert location / { proxy_pass http://127.0.0.1:8096; # Local emby ip and non SSL port proxy_hide_header X-Powered-By; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Next three lines allow websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } }
pir8radio 1304 Posted June 1, 2018 Posted June 1, 2018 looks ok, pm me your emby domain name if you want.
pir8radio 1304 Posted June 1, 2018 Posted June 1, 2018 comment out this line: #add_header Content-Security-Policy "frame-ancestors mydomain.com;"; #add your domain name and all subdomains listed on your cert restart nginx and see what happens.. you left this set to "mydomain.com" and "emby.mydomain.com" just comment it out until you get things working.
garrettjones331 1 Posted June 1, 2018 Author Posted June 1, 2018 I actually had that corrected in my version, I just changed it back for what I uploaded. I commented it out anyway and it's still not working.
pir8radio 1304 Posted June 1, 2018 Posted June 1, 2018 I actually had that corrected in my version, I just changed it back for what I uploaded. I commented it out anyway and it's still not working. You can get rid of the redirect for now so we can test. comment out the redirect section: #server { # listen 80 default_server; # listen [::]:80 default_server; # server_name _; # # return 301 https://$host$request_uri; #} I'm still receiving it: Content-Security-Policy: frame-ancestors mydomain.com emby.mydomain.com;
pir8radio 1304 Posted June 1, 2018 Posted June 1, 2018 Ok, I did it its still redirecting, changes don't stick until you restart the nginx server software. are you doing that after changes?
garrettjones331 1 Posted June 1, 2018 Author Posted June 1, 2018 Actually, I'm stopping and starting the service, is that restarting it?
pir8radio 1304 Posted June 1, 2018 Posted June 1, 2018 should yea. pm me your actual config. something is not right. but you already know that.. :-)
tmirzaian 3 Posted April 11, 2019 Posted April 11, 2019 How did you guys resolve this? My external users just started getting this error today.
Luke 39631 Posted April 11, 2019 Posted April 11, 2019 How did you guys resolve this? My external users just started getting this error today. Hi you may want to post your nginx config for others to review. Thanks.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now