loeffelpan 12 Posted March 2, 2019 Share Posted March 2, 2019 I tried to set up apache as reverse proxy for my emby server. Web app works fine. But I can't connect with an Emby app (e. g. Kodi) and I get 404 on every /embywebsocket request. Should be 101 I think. I have running nextcloud on the same apache and try to use 8443 for Emby. Any help appreciated. <VirtualHost *:80> ServerName toothless.goip.de RewriteEngine on RewriteCond %{REQUEST_SCHEME} =http RewriteRule ^/?(.*)$ https://toothless.goip.de/$1 [R=301,L] RewriteCond %{REQUEST_SCHEME} =ws RewriteRule ^/?(.*)$ wss://toothless.goip.de:8443/$1 [R=301,L] ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling_cache(129600) ServerName toothless.goip.de <VirtualHost *:443> Protocols h2 http/1.1 DocumentRoot /var/www/nextcloud ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined <FilesMatch \.php$> SetHandler proxy:unix:/run/php/php7.2-fpm.sock|fcgi://localhost/ </FilesMatch> SSLEngine on SSLUseStapling on SSLCertificateFile /etc/letsencrypt/live/toothless.goip.de/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/toothless.goip.de/privkey.pem Include /etc/letsencrypt/mod_options-ssl-apache.conf Header set Strict-Transport-Security "max-age=31556926; includeSubDomains; preload" <Directory /var/www/nextcloud> Options +FollowSymlinks AllowOverride All </Directory> </VirtualHost> <VirtualHost *:8443> Protocols h2 http/1.1 ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLUseStapling on SSLCertificateFile /etc/letsencrypt/live/toothless.goip.de/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/toothless.goip.de/privkey.pem Include /etc/letsencrypt/mod_options-ssl-apache.conf ProxyPass / http://localhost:8096/ ProxyPassReverse / http://localhost:8096/ ProxyPass /embywebsocket ws://localhost:8096/embywebsocket ProxyPassReverse /embywebsocket ws://localhost:8096/embywebsocket Header set Connection "Upgrade" Header set Upgrade "websocket" RequestHeader setifempty Connection "Upgrade" RequestHeader setifempty Upgrade "websocket" </VirtualHost> Link to comment Share on other sites More sharing options...
Luke 37131 Posted March 3, 2019 Share Posted March 3, 2019 @@pir8radio how does this compare to your setup? Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted March 3, 2019 Share Posted March 3, 2019 I tried to set up apache as reverse proxy for my emby server. Web app works fine. But I can't connect with an Emby app (e. g. Kodi) and I get 404 on every /embywebsocket request. Should be 101 I think. I have running nextcloud on the same apache and try to use 8443 for Emby. Any help appreciated. Check out this post, make sure its not the same issue first: https://emby.media/community/index.php?/topic/64083-could-not-find-handler-for-embywebsocket/?p=636078 Link to comment Share on other sites More sharing options...
loeffelpan 12 Posted March 3, 2019 Author Share Posted March 3, 2019 (edited) This is one of several threads i've read before posting. Can't get this work using "ProxyPass" with proxy_wstunnel. Instead of that I used mod_rewrite for proxying the websocket traffic. After that worked I added some secure headers. <VirtualHost *:8443> Protocols h2 http/1.1 ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLUseStapling on SSLCertificateFile /etc/letsencrypt/live/toothless.goip.de/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/toothless.goip.de/privkey.pem Include /etc/letsencrypt/mod_options-ssl-apache.conf ProxyPass / http://localhost:8096/ ProxyPassReverse / http://localhost:8096/ RewriteEngine On RewriteCond %{HTTP:Connection} Upgrade [NC] RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteRule ^/?(.*)$ ws://localhost:8096/$1 [P,L] Header unset Server Header set Strict-Transport-Security "max-age=31556926; includeSubDomains; preload" Header set Referrer-Policy "strict-origin" Header set X-Frame-Options "sameorigin" Header set X-XSS-Protection "1; mode=block" Header set X-Content-Type-Options "nosniff" Header set Content-Security-Policy "default-src 'none'; child-src 'self'; font-src 'self' data:; connect-src 'self' wss: ws: https://mb3admin.com https://github.com/MediaBrowser/; media-src 'self' blob: data: https://github.com/MediaBrowser/; manifest-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; worker-src 'self' blob:; script-src 'self' https://www.gstatic.com; img-src data: https: http: ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/css" </VirtualHost> Edited March 20, 2019 by loeffelpan 1 Link to comment Share on other sites More sharing options...
castillo92 1 Posted March 29, 2020 Share Posted March 29, 2020 (edited) This is one of several threads i've read before posting. Can't get this work using "ProxyPass" with proxy_wstunnel. Instead of that I used mod_rewrite for proxying the websocket traffic. After that worked I added some secure headers. [...] RewriteEngine On RewriteCond %{HTTP:Connection} Upgrade [NC] RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteRule ^/?(.*)$ ws://localhost:8096/$1 [P,L] [...] Thats work for me too!! Thanks you very much!! I read severals post but the solution is yours: My vhost finally looks like: <VirtualHost *:443> ServerName my_server.com ServerAdmin webmaster@[member="Localhost"] DocumentRoot /var/www # La etiqueta env=!dontlog es una variable para que no se registren esos accesos: SetEnvIf Request_URI "^/emby/videos/*" dontlog SetEnvIf Request_URI "^/emby/Sessions/*" dontlog ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined env=!dontlog # Media Server Emby RewriteEngine On RewriteCond %{HTTP:Connection} Upgrade [NC] RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteRule ^/?(.*)$ ws://localhost:8096/$1 [P,L] ProxyPass /emby/ http://192.168.1.50:8096/ ProxyPassReverse /emby/ http://192.168.1.50:8096/ Redirect permanent /emby /emby/ <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" </IfModule> SSLCertificateFile /etc/letsencrypt/live/my_server.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/my_server.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> Could you explain me why you added some secure headers? Emby does not have integrated? Edited March 29, 2020 by castillo92 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now