jon_ 23 Posted February 6, 2019 Share Posted February 6, 2019 (edited) Hi All I've been scratching my head as to why sync wouldn't work via reverse proxy for the past few weeks, and with Luke and Pir8Radio's help we finally figured it out. If you are using a LetsEncrypt certificate, then you need to follow some additional steps for it to fully work: For Apache Reverse Proxy, you need to make sure you have the SSLCertificateChainFile defined (where domain.tld is your domain) SSLEngine on SSLCertificateFile /etc/letsencrypt/live/domain.tld/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/domain.tld/chain.pem For nginx, you need to cat the main certificate and the chain file together: cat /etc/letsencrypt/live/domain.tld/cert.pem /etc/letsencrypt/live/domain.tld/chain.pem > /etc/letsencrypt/live/domain.tld/certbundle.pem (you will need to redo this step every time your letsencrypt certificate renews) In your nginx config, use the fullchain.pem bundle file in your SSL server definition in your config file: ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem If you don't do this Android clients (maybe others) will prompt you to accept a certificate at first login. Everything will then work (streaming, UI etc) *apart* from sync, which will fail with 'Download Unsuccessful'. Following the above steps should fix this. Edited April 2, 2019 by jon_ 1 Link to comment Share on other sites More sharing options...
neik 837 Posted March 19, 2019 Share Posted March 19, 2019 First of all thanks for writing this is up. I will have to check once I'm back home but iirc I don't have to this and sync works flawlessly on Android (Mi8 Pro / S7) and iOS (iPhone X). I'm on Ubuntu 18.04.2 LTS with nginx and my nginx config points directly to the Let's Encrypt folder. After renewing the certificates only think I have to do is reload them in nginx but no bundling is needed. Just as an information. Link to comment Share on other sites More sharing options...
parasven 2 Posted April 1, 2019 Share Posted April 1, 2019 You dont need to build the certbundle yourself with letsencrypt there already is a "fullchain.pem" file which inherits everything you need. To be precise it is exacly what you are building with this command: cat /etc/letsencrypt/live/domain.tld/cert.pem /etc/letsencrypt/live/domain.tld/chain.pem > /etc/letsencrypt/live/domain.tld/certbundle.pem 1 Link to comment Share on other sites More sharing options...
jon_ 23 Posted April 2, 2019 Author Share Posted April 2, 2019 Good spot - didn't realise there was one already made Link to comment Share on other sites More sharing options...
pwhodges 1538 Posted April 3, 2019 Share Posted April 3, 2019 (edited) Another way to get LetsEncrypt certs is to use the free Caddy Server as your reverse proxy. Caddy does it for you completely automatically, including updating certs silently as required. I use it to serve or proxy all my web sites, but to give an idea of how easy it is, this is the entire configuration for proxying Emby: emby.xxxxxx.org { proxy / http://streamer.xxxx.dom:8096 log .\Logs\EMaccess.log errors .\Logs\EMerror.log } And two of the four lines are defining logs (which are optional)! Also, contact using http:// will automatically be redirected to https:// as a built-in function of Caddy. Edited April 3, 2019 by pwhodges Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now