Roku app never finishes Loading or Retrieving when behind reverse proxy

[jeffsand121 1]

Thank you @@pir8radio. Although my config is organized differently (due to the docker image I am using) it now includes all of the information that is in the config @@Luke recommended. I am new to using a reverse proxy and climbing the learning curve. The upside is A ratings from the test sites I have checked. As time permits, I am checking everything from my router to the last line in the configuration to try to find the road block that we have.

[Paint 7]

having users complain about the same issue with the most recent roku firmware and emby beta app

[Luke 37064]

having users complain about the same issue with the most recent roku firmware and emby beta app

Hi there, can we look at an example? Thanks !

[Paint 7]

Hi there, can we look at an example? Thanks !

 

sure, what would you like me to do? 

[Paint 7]

<delete>

Edited July 16, 2019 by diamantj

[Luke 37064]

@ can we please look at the emby server log from an example session? Thanks !

[speechles 1917]

Yes please. I will have both a Roku express and Roku TV to personally test these oddball models against LiveTV and any other issues. It won't be the responsibility of users with these devices to help us test our fixes/changes for these devices much longer. We will be able to do them and code for them directly when implementing changes. This will let us code directly for any nuances any of these devices may exhibit with anything the app is doing. I intend to run the Roku through its paces and I need a fuller complement of devices to see which devices are up to the task. We are sorry you have having difficulties. Please help us by allowing us to investigate your logs. Both ffmpeg and server logs. We need these to find where this problem is happening. It may also be possible something outside of your control is influence everything. Seeing the logs would definitely help point out suspects for you to eliminate. We await your reply. Thanks, team Emby. Go team!

Edited July 16, 2019 by speechles

[Paint 7]

@ can we please look at the emby server log from an example session? Thanks !

 

@@Luke, I am PMing you the pastebin links to my ffmpeg transcode and embyserver.txt logs. 

 

The server streams for a few seconds and then freezes on the roku

Edited July 17, 2019 by diamantj

[Luke 37064]

@@Luke, I am PMing you the pastebin links to my ffmpeg transcode and embyserver.txt logs. 

 

The server streams for a few seconds and then freezes on the roku

 

What exactly happened? The logs look OK to me. Thanks.

[Paint 7]

What exactly happened? The logs look OK to me. Thanks.

 

Basically the roku streams for about 10 seconds and then goes to the loading screen. Emby server continues to stream/transcode the video to the client, which is what the logs show. 

[ebr 14913]

But you can back out of that screen fine, correct?

 

This looks like whatever is being fed to the Roku player, it cannot actually handle and, in these situations it appears to just get hung.  We could just abort in that case, but that isn't really going to solve anything.

[Paint 7]

But you can back out of that screen fine, correct?

 

This looks like whatever is being fed to the Roku player, it cannot actually handle and, in these situations it appears to just get hung.  We could just abort in that case, but that isn't really going to solve anything.

 

yes, I can back out of the screen. The roku isnt frozen

[ebr 14913]

And this problem does NOT occur if the reverse proxy is taken out of the equation?

[pir8radio 1292]

What type of file format are you playing?   It is a reverse proxy issue, I had the same issue a long time ago.   But I don't see you mention if you use a reverse proxy or not?  

Edited July 17, 2019 by pir8radio

[Paint 7]

And this problem does NOT occur if the reverse proxy is taken out of the equation?

 

That is correct. Emby without a reverse proxy works fine.

 

With either my reverse proxy or Emby directly work fine with firesticks, android, and browsers work fine - this only happens with Roku.

 

What type of file format are you playing?   It is a reverse proxy issue, I had the same issue a long time ago.

 

This is an MKV file. Typically I only play/stream MKVs or MP4s

Edited July 17, 2019 by diamantj

[pir8radio 1292]

That is correct. Emby without a reverse proxy works fine.

 

With either my reverse proxy or Emby directly work fine with firesticks, android, and browsers work fine - this only happens with Roku.

 

 

This is an MKV file. Typically I only play/stream MKVs or MP4s

 

Ok, you are a different user than the OP, can you post your nginx config?     make sure you at least have these lines in your config too:

	proxy_set_header Range $http_range;  ## Allows specific chunks of a file to be requested.
	proxy_set_header If-Range $http_if_range;  ## Allows specific chunks of a file to be requested.
	proxy_set_header X-Real-IP $remote_addr;  ## Passes the real client IP to the backend server.
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  ## Adds forwarded IP to the list of IPs that were forwarded to the backend server.

[Paint 7]

Ok, you are a different user than the OP, can you post your nginx config?     make sure you at least have these lines in your config too:

	proxy_set_header Range $http_range;  ## Allows specific chunks of a file to be requested.
	proxy_set_header If-Range $http_if_range;  ## Allows specific chunks of a file to be requested.
	proxy_set_header X-Real-IP $remote_addr;  ## Passes the real client IP to the backend server.
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  ## Adds forwarded IP to the list of IPs that were forwarded to the backend server.

 

Yep, those are in there. 

 

 

Here are my configs: 

 

nginx.conf:

 

user www-data;
pid /run/nginx.pid;


# you must set worker processes based on your CPU cores, nginx does not benefit from setting more than that
worker_processes auto; #some last versions calculate it automatically
worker_cpu_affinity auto;

# number of file descriptors used for nginx
# the limit for the maximum FDs on the server is usually set by the OS.
# if you don't set FD's then OS settings will be used which is by default 2000
worker_rlimit_nofile 100000;

# only log critical errors
error_log /var/log/nginx/error.log crit;

# provides the configuration file context in which the directives that affect connection processing are specified.
events {
    # determines how much clients will be served per worker
    # max clients = worker_connections * worker_processes
    # max clients is also limited by the number of socket connections available on the system (~64k)
    #worker_connections 8192;
    worker_connections 4000;

    # optmized to serve many clients with each thread, essential for linux -- for testing environment
    use epoll;

    # accept as many connections as possible, may flood worker connections if set too low -- for testing environment
    multi_accept on;
}

http {
        # cache informations about FDs, frequently accessed files
        # can boost performance, but you need to test those values
        open_file_cache max=200000 inactive=20s;
        open_file_cache_valid 30s;
        open_file_cache_min_uses 2;
        open_file_cache_errors on;

        ##
        # Basic Settings
        ##
        # copies data between one FD and other from within the kernel
        # faster then read() + write()
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        #keepalive_timeout 65;
        types_hash_max_size 2048;
        proxy_headers_hash_max_size 51200;
        proxy_headers_hash_bucket_size 6400;
        server_tokens off;
        proxy_connect_timeout 1h;
        proxy_send_timeout 1h;
        proxy_read_timeout 1h;
        etag on;

        log_format  emby  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port "$http_x_emby_authorizat                                                                                                                        ion"';

        log_format default '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port';

        #geoip_country /etc/nginx/geoip/GeoIP.dat; # the country IP database
        #geoip_city /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;
        server_names_hash_bucket_size 128;
        map_hash_bucket_size 64;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1.2 TLSv1.1 TLSv1; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;
        #ssl_session_cache shared:SSL:5m;
        #ssl_session_timeout 1h;

        ##
        # Logging Settings
        ##

        # to boost I/O on HDD we can disable access logs
        access_log off;
        #access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Timeouts
        ##

        client_header_timeout  3m;
        client_body_timeout    3m;
        send_timeout           3m;

        ##
        # Gzip Settings
        ##
        gzip on;
        gzip_disable "MSIE [1-6]\.";
        gzip_min_length   1100;
        gzip_vary         on;
        gzip_proxied      expired no-cache no-store private auth;
        gzip_buffers      16 8k;
        gzip_comp_level   6;
        gzip_http_version 1.1;
        gzip_types        text/plain text/css text/js applciation/json application/javascript application/x-javascript text/xml application/xml application/rss+xml text/javascript images/svg+xml application/x-font-ttf font/opentype application/vnd.ms-fontobject; /xml+rss text/javascript;
        reset_timedout_connection on;

        # request timed out -- default 60
        client_max_body_size         32m; # increased to allow for ddwrt firmware upgrades

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

emby:

server {
        listen 8920 ssl http2 reuseport;
        listen [::]:8920 ssl http2 reuseport;
        server_name <REDACTED> <REDACTED>;

        # Global Headers
        add_header 'Referrer-Policy' 'origin-when-cross-origin';
        add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-XSS-Protection "1; mode=block" always;
        proxy_hide_header X-Powered-By;  ## Hides nginx server version from bad guys.

        error_log /var/log/nginx/emby_error.log error;
        access_log /var/log/nginx/emby_access.log emby buffer=16k;

        # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
        ssl_certificate             /etc/ssl/ca/acme/<redacted>.fullchain;
        ssl_certificate_key         /etc/ssl/ca/acme/<redacted>.key;
        ssl_session_timeout 1h;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;

        # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
        ssl_dhparam                 /etc/ssl/dh/RSA4096.pem;

        # intermediate configuration. tweak to your needs.
        ssl_protocols TLSv1.3 TLSv1.2;
        ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
        ssl_prefer_server_ciphers   on;

        # OCSP Stapling ---
        # fetch OCSP records from URL in ssl_certificate and cache them
        ssl_stapling on;
        ssl_stapling_verify on;

        ## verify chain of trust of OCSP response using Root CA and Intermediate certs
        ssl_trusted_certificate      /etc/ssl/ca/acme/<redacted>.ca;

        resolver 192.168.1.1 8.8.4.4 8.8.8.8 valid=300s;
        #resolver 192.168.1.1;
        resolver_timeout 10s;

        underscores_in_headers on;
        proxy_intercept_errors on;
        recursive_error_pages  on;

        location / {
                proxy_pass http://192.168.1.40:8096;  ## Enter the IP and port of the backend emby server here.

                proxy_hide_header X-Powered-By;  ## Hides nginx server version from bad guys.
                proxy_set_header Range $http_range;  ## Allows specific chunks of a file to be requested.
                proxy_set_header If-Range $http_if_range;  ## Allows specific chunks of a file to be requested.
                proxy_set_header X-Real-IP $remote_addr;  ## Passes the real client IP to the backend server.
                proxy_set_header Host $host;  ## Passes the requested domain name to the backend server.
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  ## Adds forwarded IP to the list of IPs that were forwarded to the backend server.

                ## ADDITIONAL SECURITY SETTINGS ##
                ## Optional settings to improve security ##
                ## add these after you have completed your testing and ssl setup ##
                add_header 'Referrer-Policy' 'origin-when-cross-origin';
                add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload" always;
                add_header X-Frame-Options "SAMEORIGIN" always;
                add_header X-Content-Type-Options "nosniff" always;
                add_header X-XSS-Protection "1; mode=block" always;

                ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client.
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $http_connection;
    }

}

Edited July 17, 2019 by diamantj

[pir8radio 1292]

Other than sendfile being on, which I dont "think" is your issue, I dont see anything crazy in your config.   I might suggest trying my single config first, though it looks like alot of your config is already mine..    But I hate split configs using include.....      lol, just as a test use my config, and see if it works, you can also connect to my server and see if your roku works there. 

Edited July 18, 2019 by pir8radio

[jeffsand121 1]

I found the issue that was causing the same problem with Roku playing remotely. The "default" in the config I am using was not listening on port 80. Once I included that command and did a 301 redirect, I have no playback problems.

[pir8radio 1292]

I found the issue that was causing the same problem with Roku playing remotely. The "default" in the config I am using was not listening on port 80. Once I included that command and did a 301 redirect, I have no playback problems.

 

Yea its good practice to listen on 80 as well   good find...

 

HSTS should of taken care of that, you shouldn't see the 301 getting used much if at all, if you use HSTS. 

[Paint 7]

What should I add to my nginx to do a 301 redirect besides adding listening lines on port 80

[jeffsand121 1]

I am using HSTS and thought it would have taken care of it too. Just happy it is working again. Thanks to all that helped!!

[pir8radio 1292]

What should I add to my nginx to do a 301 redirect besides adding listening lines on port 80

server {

listen 80 default_server;

listen [::]:80 default_server;

server_name example.com;

return 301 https://$server_name$request_uri;

}

 

 

Sent from my iPhone using Tapatalk

[Paint 7]

server {

listen 80 default_server;

listen [::]:80 default_server;

server_name example.com;

return 301 https://$server_name$request_uri;

}

 

 

Sent from my iPhone using Tapatalk

Added this to my config. Will test again.

 

Since I am running on a custom SSL port, I had to use this config:

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com;
return 301 https://$server_name:1234$request_uri;
}

And added this to my ssl server section

 

error_page 497 https://$host:1234$request_uri;

Edited July 18, 2019 by diamantj

[pir8radio 1292]

 

Added this to my config. Will test again.

 

Since I am running on a custom SSL port, I had to use this config:

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com;
return 301 https://$server_name:1234$request_uri;
}

And added this to my ssl server section

 

error_page 497 https://$host:1234$request_uri;

 

 

yea sorry forgot you were using a goofy port..  :-)   Good work, hope it works.