Reverse Proxy Basic Auth

[Luc. 0]

Hi All,

 

I have successfully setup my nginx reverse proxy for my remote server. However it seems that the Emby app doesn't work with the username:password@@Server.tld method of authentication.

 

I have a server with several local users amongst which a child one for which I don't want to set a pin code, but doing so let this account accessible to anyone finding the url to my server.

 

I tried checking the box to only allow the pin code use on my "local network" (I added my home IP address to the local pool one). But no matter the IP address I'm accessing my server, I can connect to any account with the pin code method.

 

I don't want to use the guest method as I would have to manually login on my Roku for each user.

 

Any help would be appreciated.

 

Funny thing: the remote app Yatse can access the server using username:password@@Server.tld method of authentication

 

 

 

 

 

 

 

 

[Luke 37251]

Hi,  yes this is correct. We do not officially support basic auth at this time.

[Luc. 0]

Thanks. Any workaround to have a local account with a blank pin that isn't accessible to the whole internet?

[Luke 37251]

I think you'll need to configure the http headers from the reverse proxy so that the server sees the original remote ip address. Without this information, the server will end up thinking that all requests are originating locally, and therefore it will allow the pin login to be used.

@@pir8radio may have some tips on that.

[pir8radio 1293]

what kind of reverse proxy, and can you post the RP config?

[Luc. 0]

I am using NGINX.

 

That's my config

 

 

 

 

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 ;
        listen       [::]:80 ;
        server_name  localhost;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    rewrite ^(.*) https://superserver.tld$1permanent;

    }

server {
    server_name superserver.tld
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen localhost:443  ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/superserver.tld/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/superserver.tld/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
     
         location / {
        proxy_pass http://127.0.0.1:8096;  
        #auth_basic "Restricted Content";
        #auth_basic_user_file /etc/nginx/.htpasswd;
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        }

 

 

Thanks for your help.

[pir8radio 1293]

I am using NGINX.

 

That's my config

 

 

That looks correct...   So when someone connects remotely what ip shows up under your emby dashboard? your router, or their actual IP?

unless something is overriding something in the server block..  what do these two configs look like?

 

include /etc/nginx/default.d/*.conf;

include /etc/nginx/conf.d/*.conf;

Edited December 28, 2018 by pir8radio