Jump to content


Photo

Emby behind ngnix reverse proxy?


  • Please log in to reply
19 replies to this topic

#1 chudak OFFLINE  

chudak

    Advanced Member

  • Members
  • 234 posts

Posted 11 January 2019 - 09:55 AM

Hello all
 
I setup emby behind ngnix reverse proxy by adding to  /etc/nginx/sites-enabled/default:
 
 
        ## Emby ##
        location /emby {
             rewrite /emby/(.*) /$1 break;
             proxy_pass http://127.0.0.1:8096;
             proxy_redirect off;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             #auth_basic "Restricted";
             #auth_basic_user_file "/etc/nginx/.htpasswd";
        }
     }
 
 
Now I can open Emby by hitting URL as - <hostname>/emby
 
Wonder if I want to modify URL somehow say emby.<hostname> how do so ?
 
Thx

Edited by chudak, 11 January 2019 - 11:03 AM.


#2 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 126941 posts
  • Local time: 09:29 AM

Posted 11 January 2019 - 11:01 AM

@pir8radio may have some tips.

#3 Codeh OFFLINE  

Codeh

    Advanced Member

  • Members
  • 35 posts
  • Local time: 09:29 AM

Posted 11 January 2019 - 11:46 AM

## Emby ##
server {
   listen 80;
   server_name emby.(domain_here);
   
        location / {
             proxy_pass http://127.0.0.1:8096;
             proxy_redirect off;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             #auth_basic "Restricted";
             #auth_basic_user_file "/etc/nginx/.htpasswd";
        }
     }

  • chudak likes this

#4 chudak OFFLINE  

chudak

    Advanced Member

  • Members
  • 234 posts

Posted 11 January 2019 - 11:59 AM

## Emby ##
server {
   listen 80;
   server_name emby.(domain_here);
   
        location / {
             proxy_pass http://127.0.0.1:8096;
             proxy_redirect off;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             #auth_basic "Restricted";
             #auth_basic_user_file "/etc/nginx/.htpasswd";
        }
     }

 

 

Thanks

 

Something I am still missing

If I have several servers in /etc/nginx/sites-enabled/default should I have separate clauses ?

E.g.:

 

## Emby ##
server {
listen 80;
server_name emby.(domain_here);

location / {
proxy_pass http://127.0.0.1:8096;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#auth_basic "Restricted";
#auth_basic_user_file "/etc/nginx/.htpasswd";
}
}

 

 

## Sonarr ##
server {
listen 80;
server_name sonarr.(domain_here);

location / {
proxy_pass http://127.0.0.1:9191;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#auth_basic "Restricted";
#auth_basic_user_file "/etc/nginx/.htpasswd";
}
}

 

etc?


Edited by chudak, 11 January 2019 - 12:00 PM.


#5 Codeh OFFLINE  

Codeh

    Advanced Member

  • Members
  • 35 posts
  • Local time: 09:29 AM

Posted 11 January 2019 - 12:05 PM

Exactly. Each subdomain (emby.domain, sonarr.domain, ... ) needs it's own server block. (server{})



#6 chudak OFFLINE  

chudak

    Advanced Member

  • Members
  • 234 posts

Posted 11 January 2019 - 12:29 PM

Exactly. Each subdomain (emby.domain, sonarr.domain, ... ) needs it's own server block. (server{})

 

@Cedeh

 

Still no love :(

# SONARR
#
server {
listen 80 default_server;
listen [::]:80 default_server;
 
root /var/www/html;
 
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
 
server_name sonarr.wawona.lan;
 
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
 
 
        ## Sonarr ##
        location /sonarr {
             proxy_pass http://127.0.0.1:8989;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}
 
# EMBY
#
server {
listen 80 default_server;
listen [::]:80 default_server;
 
root /var/www/html;
 
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
 
server_name emby.wawona.lan;
 
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
 
        location /emby {
             rewrite /emby/(.*) /$1 break;
             proxy_pass http://127.0.0.1:8096;
             proxy_redirect off;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             #auth_basic "Restricted";
             #auth_basic_user_file "/etc/nginx/.htpasswd";
        }
}


#7 chudak OFFLINE  

chudak

    Advanced Member

  • Members
  • 234 posts

Posted 11 January 2019 - 12:33 PM

What's interesting that this worked as <domain>/emby

https://pastebin.com/30kA1qQs



#8 Codeh OFFLINE  

Codeh

    Advanced Member

  • Members
  • 35 posts
  • Local time: 09:29 AM

Posted 11 January 2019 - 12:37 PM

# SONARR #
server {
  listen 80;
  listen [::]:80;
  server_name sonarr.wawona.lan;

  location /{
    proxy_pass http://127.0.0.1:8989;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}


# EMBY #
server {
  listen 80;
  listen [::]:80;

  server_name emby.wawona.lan;
  location /{
    proxy_pass http://127.0.0.1:8096;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #auth_basic "Restricted";
    #auth_basic_user_file "/etc/nginx/.htpasswd";
  }
}


#9 chudak OFFLINE  

chudak

    Advanced Member

  • Members
  • 234 posts

Posted 11 January 2019 - 12:50 PM

@Codeh

 

No love :(

Pulling my hear out ....


Edited by chudak, 11 January 2019 - 12:50 PM.


#10 chudak OFFLINE  

chudak

    Advanced Member

  • Members
  • 234 posts

Posted 11 January 2019 - 12:54 PM

when I hit 

 

<domain>/sonarr it works

sonarr.<domain> - does not work

<domain>.emby goes to <domain>/sonarr/emby



#11 Codeh OFFLINE  

Codeh

    Advanced Member

  • Members
  • 35 posts
  • Local time: 09:29 AM

Posted 11 January 2019 - 12:59 PM

Post your entire configuration please.



#12 chudak OFFLINE  

chudak

    Advanced Member

  • Members
  • 234 posts

Posted 11 January 2019 - 01:03 PM

Post your entire configuration please.

 https://pastebin.com/WxAk8aS0

 

only what you posted

 

it's all in /etc/nginx/sites-enabled/default file


Edited by chudak, 11 January 2019 - 01:08 PM.


#13 chudak OFFLINE  

chudak

    Advanced Member

  • Members
  • 234 posts

Posted 11 January 2019 - 05:11 PM

# SONARR #
server {
  listen 80;
  listen [::]:80;
  server_name sonarr.wawona.lan;

  location /{
    proxy_pass http://127.0.0.1:8989;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}


# EMBY #
server {
  listen 80;
  listen [::]:80;

  server_name emby.wawona.lan;
  location /{
    proxy_pass http://127.0.0.1:8096;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #auth_basic "Restricted";
    #auth_basic_user_file "/etc/nginx/.htpasswd";
  }
}

 

 

Are you sure this is correct?

Don't we need to listen on port 80 and have multiple locations ?

 

If you agree with that then back to square root 

 

This is works https://pastebin.com/30kA1qQs if request looks like:

<domain>/emby

<domain>/sabnzbn

<domain>/sonarr

 

But any try to overwrite final URL are failing 

 

WTH ?



#14 pir8radio OFFLINE  

pir8radio

    Advanced Member

  • Members
  • 2693 posts
  • Local time: 08:29 AM

Posted 11 January 2019 - 07:11 PM

Are you sure this is correct?

Don't we need to listen on port 80 and have multiple locations ?

 

If you agree with that then back to square root 

 

This is works https://pastebin.com/30kA1qQs if request looks like:

<domain>/emby

<domain>/sabnzbn

<domain>/sonarr

 

But any try to overwrite final URL are failing 

 

WTH ?

 

 

yes that is correct, you listen on port 80 multiple times.    Remove the default server section when you try that config though... or at least comment it out. 

 

the default server is whats messing with you...

 

also you are not posting your whole config...  i think you have another config somewhere that has an "include" to include the config you have posted...   the other config should have an http {} section...   attached is a basic emby config for nginx, i commented out the https stuff.  you can give it a try. then we can work on adding sonar and what not.      I have a feeling you are using that hokey version of nginx someone tried to "make easy" that has a different config for each site in a sites folder.   its horrible...  you should only need one config on a small system.

Attached Files


Edited by pir8radio, 11 January 2019 - 07:18 PM.


#15 chudak OFFLINE  

chudak

    Advanced Member

  • Members
  • 234 posts

Posted 11 January 2019 - 08:34 PM

@pir8radio

 

this file won't let me start and I don;t have enough knowledge to debug it  

 

thx



#16 SkyBehind OFFLINE  

SkyBehind

    Advanced Member

  • Members
  • 139 posts
  • Local time: 09:29 AM
  • LocationSouth Carolina

Posted 11 January 2019 - 10:12 PM

Hate to ask such a simple question, but did you configure DNS to point each subdomain to the correct IP address?  You can also use a wildcard so that every subdomain goes to the IP of the domain and the reverse proxy will direct it to the correct place.



#17 Karpana OFFLINE  

Karpana

    Advanced Member

  • Members
  • 57 posts
  • Local time: 08:29 AM

Posted 12 January 2019 - 10:46 AM

First Question...
Did you have have any 301 redirects in your file previously whereby your emby.<yourdomain> was redirected to <yourdomain>/emby ?

I've had this problem.

To validate this, open a private browsing session in your browser (or a competely different browser), and try accessing your site again.
If it works the way you intend, then it means you have cached DNS records and you'll need to clear those before trying again.

If this still doesn't resolve the issue .. let me know... and I'll share my configurations (as I've done very much the same as you .... multiple subdomains ... one for each app I want to expose).



#18 chudak OFFLINE  

chudak

    Advanced Member

  • Members
  • 234 posts

Posted 12 January 2019 - 11:56 AM

I finally made it work ! (did I need it or not? that's another question  :D )

 

Here is the summary for the group benefits,

 

I had several issues - mostly nginx skill ignorance , and DNS resolution that I realized 5 min before reading @SkyBehind 's reply was on the list (embarrassing :ph34r:)

 

So at the end:

 

- created separate files in /etc/nginx/sites-enabled for every services, e.g. "emby<domain>", "sonarr<domain>", "sabnzbd<domain>"

 

server {
    listen         80;
    server_name    emby.<domain>;
 
    location /emby {
         rewrite /emby/(.*) /$1 break;
         proxy_pass http://127.0.0.1:8096;
         proxy_redirect off;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         #auth_basic "Restricted";
         #auth_basic_user_file "/etc/nginx/.htpasswd";
    }
    access_log /var/log/nginx/emby;
}

=========

server {
    listen         80;
    server_name    sonarr.<domain>;
 
    location / {
        proxy_pass        http://127.0.0.1:8989;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_redirect off;
        proxy_buffering off;
    }
    access_log /var/log/nginx/sonarr;

=========

server {
    listen         80;
    server_name    sabnzbd.<domain>;
 
    location /sabnzbd {
         proxy_redirect off;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_pass http://localhost:9090;
    }
    access_log /var/log/nginx/sabnzbd;
}

=========

 

-- make sure to resolve all names for "emby<domain>", "sonarr<domain>", "sabnzbd<domain>" via DNS, in my case I used pfSense router, added Host Overrides in DNS Resolver

 

And after restating ngnix it works (`sudo service nginx restart` or `sudo nginx -s reload`)!

 

Services can be accessed by URLs like 

 

http://emby.<domain>/emby

 

I still don't know how to make it work without typing /emby at the end ?

 

Thank you all for helping !


Edited by chudak, 12 January 2019 - 01:10 PM.


#19 Karpana OFFLINE  

Karpana

    Advanced Member

  • Members
  • 57 posts
  • Local time: 08:29 AM

Posted 12 January 2019 - 07:44 PM

Looks like our configurations are very similar ... but mine doesn't require the /emby at the end...
Only real difference is that externally, my reverse proxy will only present emby over HTTPS (on 443) and not over HTTP (on port 80)
The Reverse Proxy is handling the certificates (as noted below) and it works with the various phone/ipad apps both inside and outside my network, as well as browsers, both inside and outside my network.

My next step is to tighten up the SSL to remove/disable TLS protocols that are considered weak (disable TLS1.0 and TLS1.1 and enable TLS 1.3)


In any case, for comparison:

server {

    listen 443 http2 ssl;
    listen [::]:443 http2 ssl;
    server_name emby.<domain>;
    ssl_certificate <removed to protect the innocent>;
    ssl_certificate_key <removed to protect the innocent>;
    ssl_dhparam <removed to protect the innocent>;




    ########################################################################
    # from https://cipherli.st/                                            #
    # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html #
    ########################################################################


    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;
    # Disable preloading HSTS for now.  You can use the commented out header line that includes
    # the "preload" directive if you understand the implications.
    #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;


    ##################################
    # END https://cipherli.st/ BLOCK #
    ##################################


    location / {
        access_log /var/log/nginx/emby.access.log;
                error_log  /var/log/nginx/emby.error.log;


        proxy_pass http://<internal_host>:8096/ ;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-FOrwarded-Proto http;
        proxy_redirect off;
    }


}


#20 SkyBehind OFFLINE  

SkyBehind

    Advanced Member

  • Members
  • 139 posts
  • Local time: 09:29 AM
  • LocationSouth Carolina

Posted 16 January 2019 - 10:49 PM

That's awesome, glad you got it figured out!  You should be proud :-)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users