Luc. 0 Posted December 27, 2018 Share Posted December 27, 2018 Hi All, I have successfully setup my nginx reverse proxy for my remote server. However it seems that the Emby app doesn't work with the username:password@@Server.tld method of authentication. I have a server with several local users amongst which a child one for which I don't want to set a pin code, but doing so let this account accessible to anyone finding the url to my server. I tried checking the box to only allow the pin code use on my "local network" (I added my home IP address to the local pool one). But no matter the IP address I'm accessing my server, I can connect to any account with the pin code method. I don't want to use the guest method as I would have to manually login on my Roku for each user. Any help would be appreciated. Funny thing: the remote app Yatse can access the server using username:password@@Server.tld method of authentication Link to comment Share on other sites More sharing options...
Luke 37251 Posted December 27, 2018 Share Posted December 27, 2018 Hi, yes this is correct. We do not officially support basic auth at this time. Link to comment Share on other sites More sharing options...
Luc. 0 Posted December 27, 2018 Author Share Posted December 27, 2018 Thanks. Any workaround to have a local account with a blank pin that isn't accessible to the whole internet? Link to comment Share on other sites More sharing options...
Luke 37251 Posted December 27, 2018 Share Posted December 27, 2018 I think you'll need to configure the http headers from the reverse proxy so that the server sees the original remote ip address. Without this information, the server will end up thinking that all requests are originating locally, and therefore it will allow the pin login to be used. @@pir8radio may have some tips on that. Link to comment Share on other sites More sharing options...
pir8radio 1293 Posted December 28, 2018 Share Posted December 28, 2018 what kind of reverse proxy, and can you post the RP config? Link to comment Share on other sites More sharing options...
Luc. 0 Posted December 28, 2018 Author Share Posted December 28, 2018 I am using NGINX. That's my config user nginx;worker_processes auto;error_log /var/log/nginx/error.log;pid /run/nginx.pid;include /usr/share/nginx/modules/*.conf;events { worker_connections 1024;}http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; server { listen 80 ; listen [::]:80 ; server_name localhost; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } rewrite ^(.*) https://superserver.tld$1permanent; }server { server_name superserver.tld listen [::]:443 ssl ipv6only=on; # managed by Certbot listen localhost:443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/superserver.tld/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/superserver.tld/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot location / { proxy_pass http://127.0.0.1:8096; #auth_basic "Restricted Content"; #auth_basic_user_file /etc/nginx/.htpasswd; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } Thanks for your help. Link to comment Share on other sites More sharing options...
pir8radio 1293 Posted December 28, 2018 Share Posted December 28, 2018 (edited) I am using NGINX. That's my config That looks correct... So when someone connects remotely what ip shows up under your emby dashboard? your router, or their actual IP? unless something is overriding something in the server block.. what do these two configs look like? include /etc/nginx/default.d/*.conf; include /etc/nginx/conf.d/*.conf; Edited December 28, 2018 by pir8radio Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now