chudak 23 Posted January 11, 2019 Share Posted January 11, 2019 (edited) Hello all I setup emby behind ngnix reverse proxy by adding to /etc/nginx/sites-enabled/default: ## Emby ## location /emby { rewrite /emby/(.*) /$1 break; proxy_pass http://127.0.0.1:8096; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #auth_basic "Restricted"; #auth_basic_user_file "/etc/nginx/.htpasswd"; } } Now I can open Emby by hitting URL as - <hostname>/emby Wonder if I want to modify URL somehow say emby.<hostname> how do so ? Thx Edited January 11, 2019 by chudak Link to comment Share on other sites More sharing options...
Luke 37071 Posted January 11, 2019 Share Posted January 11, 2019 @@pir8radio may have some tips. Link to comment Share on other sites More sharing options...
Codeh 7 Posted January 11, 2019 Share Posted January 11, 2019 ## Emby ## server { listen 80; server_name emby.(domain_here); location / { proxy_pass http://127.0.0.1:8096; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #auth_basic "Restricted"; #auth_basic_user_file "/etc/nginx/.htpasswd"; } } 1 Link to comment Share on other sites More sharing options...
chudak 23 Posted January 11, 2019 Author Share Posted January 11, 2019 (edited) ## Emby ## server { listen 80; server_name emby.(domain_here); location / { proxy_pass http://127.0.0.1:8096; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #auth_basic "Restricted"; #auth_basic_user_file "/etc/nginx/.htpasswd"; } } Thanks Something I am still missing If I have several servers in /etc/nginx/sites-enabled/default should I have separate clauses ? E.g.: ## Emby ## server { listen 80; server_name emby.(domain_here); location / { proxy_pass http://127.0.0.1:8096; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #auth_basic "Restricted"; #auth_basic_user_file "/etc/nginx/.htpasswd"; } } ## Sonarr ## server { listen 80; server_name sonarr.(domain_here); location / { proxy_pass http://127.0.0.1:9191; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #auth_basic "Restricted"; #auth_basic_user_file "/etc/nginx/.htpasswd"; } } etc? Edited January 11, 2019 by chudak Link to comment Share on other sites More sharing options...
Codeh 7 Posted January 11, 2019 Share Posted January 11, 2019 Exactly. Each subdomain (emby.domain, sonarr.domain, ... ) needs it's own server block. (server{}) Link to comment Share on other sites More sharing options...
chudak 23 Posted January 11, 2019 Author Share Posted January 11, 2019 Exactly. Each subdomain (emby.domain, sonarr.domain, ... ) needs it's own server block. (server{}) @Cedeh Still no love # SONARR # server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name sonarr.wawona.lan; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } ## Sonarr ## location /sonarr { proxy_pass http://127.0.0.1:8989; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } # EMBY # server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name emby.wawona.lan; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } location /emby { rewrite /emby/(.*) /$1 break; proxy_pass http://127.0.0.1:8096; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #auth_basic "Restricted"; #auth_basic_user_file "/etc/nginx/.htpasswd"; } } Link to comment Share on other sites More sharing options...
chudak 23 Posted January 11, 2019 Author Share Posted January 11, 2019 What's interesting that this worked as <domain>/emby https://pastebin.com/30kA1qQs Link to comment Share on other sites More sharing options...
Codeh 7 Posted January 11, 2019 Share Posted January 11, 2019 # SONARR # server { listen 80; listen [::]:80; server_name sonarr.wawona.lan; location /{ proxy_pass http://127.0.0.1:8989; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } # EMBY # server { listen 80; listen [::]:80; server_name emby.wawona.lan; location /{ proxy_pass http://127.0.0.1:8096; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #auth_basic "Restricted"; #auth_basic_user_file "/etc/nginx/.htpasswd"; } } Link to comment Share on other sites More sharing options...
chudak 23 Posted January 11, 2019 Author Share Posted January 11, 2019 (edited) @@Codeh No love Pulling my hear out .... Edited January 11, 2019 by chudak Link to comment Share on other sites More sharing options...
chudak 23 Posted January 11, 2019 Author Share Posted January 11, 2019 when I hit <domain>/sonarr it works sonarr.<domain> - does not work <domain>.emby goes to <domain>/sonarr/emby Link to comment Share on other sites More sharing options...
Codeh 7 Posted January 11, 2019 Share Posted January 11, 2019 Post your entire configuration please. Link to comment Share on other sites More sharing options...
chudak 23 Posted January 11, 2019 Author Share Posted January 11, 2019 (edited) Post your entire configuration please. https://pastebin.com/WxAk8aS0 only what you posted it's all in /etc/nginx/sites-enabled/default file Edited January 11, 2019 by chudak Link to comment Share on other sites More sharing options...
chudak 23 Posted January 11, 2019 Author Share Posted January 11, 2019 # SONARR # server { listen 80; listen [::]:80; server_name sonarr.wawona.lan; location /{ proxy_pass http://127.0.0.1:8989; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } # EMBY # server { listen 80; listen [::]:80; server_name emby.wawona.lan; location /{ proxy_pass http://127.0.0.1:8096; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #auth_basic "Restricted"; #auth_basic_user_file "/etc/nginx/.htpasswd"; } } Are you sure this is correct? Don't we need to listen on port 80 and have multiple locations ? If you agree with that then back to square root This is works https://pastebin.com/30kA1qQs if request looks like: <domain>/emby <domain>/sabnzbn <domain>/sonarr But any try to overwrite final URL are failing WTH ? Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted January 11, 2019 Share Posted January 11, 2019 (edited) Are you sure this is correct? Don't we need to listen on port 80 and have multiple locations ? If you agree with that then back to square root This is works https://pastebin.com/30kA1qQs if request looks like: <domain>/emby <domain>/sabnzbn <domain>/sonarr But any try to overwrite final URL are failing WTH ? yes that is correct, you listen on port 80 multiple times. Remove the default server section when you try that config though... or at least comment it out. the default server is whats messing with you... also you are not posting your whole config... i think you have another config somewhere that has an "include" to include the config you have posted... the other config should have an http {} section... attached is a basic emby config for nginx, i commented out the https stuff. you can give it a try. then we can work on adding sonar and what not. I have a feeling you are using that hokey version of nginx someone tried to "make easy" that has a different config for each site in a sites folder. its horrible... you should only need one config on a small system. nginx config EXAMPLE.txt Edited January 11, 2019 by pir8radio Link to comment Share on other sites More sharing options...
chudak 23 Posted January 12, 2019 Author Share Posted January 12, 2019 @pir8radio this file won't let me start and I don;t have enough knowledge to debug it thx Link to comment Share on other sites More sharing options...
SkyBehind 23 Posted January 12, 2019 Share Posted January 12, 2019 Hate to ask such a simple question, but did you configure DNS to point each subdomain to the correct IP address? You can also use a wildcard so that every subdomain goes to the IP of the domain and the reverse proxy will direct it to the correct place. Link to comment Share on other sites More sharing options...
Karpana 9 Posted January 12, 2019 Share Posted January 12, 2019 First Question...Did you have have any 301 redirects in your file previously whereby your emby.<yourdomain> was redirected to <yourdomain>/emby ?I've had this problem.To validate this, open a private browsing session in your browser (or a competely different browser), and try accessing your site again.If it works the way you intend, then it means you have cached DNS records and you'll need to clear those before trying again.If this still doesn't resolve the issue .. let me know... and I'll share my configurations (as I've done very much the same as you .... multiple subdomains ... one for each app I want to expose). Link to comment Share on other sites More sharing options...
chudak 23 Posted January 12, 2019 Author Share Posted January 12, 2019 (edited) I finally made it work ! (did I need it or not? that's another question ) Here is the summary for the group benefits, I had several issues - mostly nginx skill ignorance , and DNS resolution that I realized 5 min before reading @@SkyBehind 's reply was on the list (embarrassing ) So at the end: - created separate files in /etc/nginx/sites-enabled for every services, e.g. "emby<domain>", "sonarr<domain>", "sabnzbd<domain>" server { listen 80; server_name emby.<domain>; location /emby { rewrite /emby/(.*) /$1 break; proxy_pass http://127.0.0.1:8096; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #auth_basic "Restricted"; #auth_basic_user_file "/etc/nginx/.htpasswd"; } access_log /var/log/nginx/emby; } ========= server { listen 80; server_name sonarr.<domain>; location / { proxy_pass http://127.0.0.1:8989; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; proxy_buffering off; } access_log /var/log/nginx/sonarr; } ========= server { listen 80; server_name sabnzbd.<domain>; location /sabnzbd { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:9090; } access_log /var/log/nginx/sabnzbd; } ========= -- make sure to resolve all names for "emby<domain>", "sonarr<domain>", "sabnzbd<domain>" via DNS, in my case I used pfSense router, added Host Overrides in DNS Resolver And after restating ngnix it works (`sudo service nginx restart` or `sudo nginx -s reload`)! Services can be accessed by URLs like http://emby.<domain>/emby I still don't know how to make it work without typing /emby at the end ? Thank you all for helping ! Edited January 12, 2019 by chudak Link to comment Share on other sites More sharing options...
Karpana 9 Posted January 12, 2019 Share Posted January 12, 2019 Looks like our configurations are very similar ... but mine doesn't require the /emby at the end...Only real difference is that externally, my reverse proxy will only present emby over HTTPS (on 443) and not over HTTP (on port 80)The Reverse Proxy is handling the certificates (as noted below) and it works with the various phone/ipad apps both inside and outside my network, as well as browsers, both inside and outside my network.My next step is to tighten up the SSL to remove/disable TLS protocols that are considered weak (disable TLS1.0 and TLS1.1 and enable TLS 1.3)In any case, for comparison: server { listen 443 http2 ssl; listen [::]:443 http2 ssl; server_name emby.<domain>; ssl_certificate <removed to protect the innocent>; ssl_certificate_key <removed to protect the innocent>; ssl_dhparam <removed to protect the innocent>; ######################################################################## # from https://cipherli.st/ # # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html # ######################################################################## ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; # Disable preloading HSTS for now. You can use the commented out header line that includes # the "preload" directive if you understand the implications. #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; ################################## # END https://cipherli.st/ BLOCK # ################################## location / { access_log /var/log/nginx/emby.access.log; error_log /var/log/nginx/emby.error.log; proxy_pass http://<internal_host>:8096/ ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-FOrwarded-Proto http; proxy_redirect off; } } Link to comment Share on other sites More sharing options...
SkyBehind 23 Posted January 17, 2019 Share Posted January 17, 2019 That's awesome, glad you got it figured out! You should be proud :-) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now