jeffsand121 1 Posted July 15, 2019 Share Posted July 15, 2019 Thank you @@pir8radio. Although my config is organized differently (due to the docker image I am using) it now includes all of the information that is in the config @@Luke recommended. I am new to using a reverse proxy and climbing the learning curve. The upside is A ratings from the test sites I have checked. As time permits, I am checking everything from my router to the last line in the configuration to try to find the road block that we have. Link to comment Share on other sites More sharing options...
Paint 7 Posted July 16, 2019 Share Posted July 16, 2019 having users complain about the same issue with the most recent roku firmware and emby beta app Link to comment Share on other sites More sharing options...
Luke 37064 Posted July 16, 2019 Share Posted July 16, 2019 having users complain about the same issue with the most recent roku firmware and emby beta app Hi there, can we look at an example? Thanks ! Link to comment Share on other sites More sharing options...
Paint 7 Posted July 16, 2019 Share Posted July 16, 2019 Hi there, can we look at an example? Thanks ! sure, what would you like me to do? Link to comment Share on other sites More sharing options...
Paint 7 Posted July 16, 2019 Share Posted July 16, 2019 (edited) <delete> Edited July 16, 2019 by diamantj Link to comment Share on other sites More sharing options...
Luke 37064 Posted July 16, 2019 Share Posted July 16, 2019 @ can we please look at the emby server log from an example session? Thanks ! Link to comment Share on other sites More sharing options...
speechles 1917 Posted July 16, 2019 Share Posted July 16, 2019 (edited) Yes please. I will have both a Roku express and Roku TV to personally test these oddball models against LiveTV and any other issues. It won't be the responsibility of users with these devices to help us test our fixes/changes for these devices much longer. We will be able to do them and code for them directly when implementing changes. This will let us code directly for any nuances any of these devices may exhibit with anything the app is doing. I intend to run the Roku through its paces and I need a fuller complement of devices to see which devices are up to the task. We are sorry you have having difficulties. Please help us by allowing us to investigate your logs. Both ffmpeg and server logs. We need these to find where this problem is happening. It may also be possible something outside of your control is influence everything. Seeing the logs would definitely help point out suspects for you to eliminate. We await your reply. Thanks, team Emby. Go team! Edited July 16, 2019 by speechles Link to comment Share on other sites More sharing options...
Paint 7 Posted July 17, 2019 Share Posted July 17, 2019 (edited) @ can we please look at the emby server log from an example session? Thanks ! @@Luke, I am PMing you the pastebin links to my ffmpeg transcode and embyserver.txt logs. The server streams for a few seconds and then freezes on the roku Edited July 17, 2019 by diamantj Link to comment Share on other sites More sharing options...
Luke 37064 Posted July 17, 2019 Share Posted July 17, 2019 @@Luke, I am PMing you the pastebin links to my ffmpeg transcode and embyserver.txt logs. The server streams for a few seconds and then freezes on the roku What exactly happened? The logs look OK to me. Thanks. Link to comment Share on other sites More sharing options...
Paint 7 Posted July 17, 2019 Share Posted July 17, 2019 What exactly happened? The logs look OK to me. Thanks. Basically the roku streams for about 10 seconds and then goes to the loading screen. Emby server continues to stream/transcode the video to the client, which is what the logs show. Link to comment Share on other sites More sharing options...
ebr 14913 Posted July 17, 2019 Share Posted July 17, 2019 But you can back out of that screen fine, correct? This looks like whatever is being fed to the Roku player, it cannot actually handle and, in these situations it appears to just get hung. We could just abort in that case, but that isn't really going to solve anything. Link to comment Share on other sites More sharing options...
Paint 7 Posted July 17, 2019 Share Posted July 17, 2019 But you can back out of that screen fine, correct? This looks like whatever is being fed to the Roku player, it cannot actually handle and, in these situations it appears to just get hung. We could just abort in that case, but that isn't really going to solve anything. yes, I can back out of the screen. The roku isnt frozen Link to comment Share on other sites More sharing options...
ebr 14913 Posted July 17, 2019 Share Posted July 17, 2019 And this problem does NOT occur if the reverse proxy is taken out of the equation? Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted July 17, 2019 Share Posted July 17, 2019 (edited) What type of file format are you playing? It is a reverse proxy issue, I had the same issue a long time ago. But I don't see you mention if you use a reverse proxy or not? Edited July 17, 2019 by pir8radio 1 Link to comment Share on other sites More sharing options...
Paint 7 Posted July 17, 2019 Share Posted July 17, 2019 (edited) And this problem does NOT occur if the reverse proxy is taken out of the equation? That is correct. Emby without a reverse proxy works fine. With either my reverse proxy or Emby directly work fine with firesticks, android, and browsers work fine - this only happens with Roku. What type of file format are you playing? It is a reverse proxy issue, I had the same issue a long time ago. This is an MKV file. Typically I only play/stream MKVs or MP4s Edited July 17, 2019 by diamantj Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted July 17, 2019 Share Posted July 17, 2019 That is correct. Emby without a reverse proxy works fine. With either my reverse proxy or Emby directly work fine with firesticks, android, and browsers work fine - this only happens with Roku. This is an MKV file. Typically I only play/stream MKVs or MP4s Ok, you are a different user than the OP, can you post your nginx config? make sure you at least have these lines in your config too: proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested. proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested. proxy_set_header X-Real-IP $remote_addr; ## Passes the real client IP to the backend server. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server. Link to comment Share on other sites More sharing options...
Paint 7 Posted July 17, 2019 Share Posted July 17, 2019 (edited) Ok, you are a different user than the OP, can you post your nginx config? make sure you at least have these lines in your config too: proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested. proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested. proxy_set_header X-Real-IP $remote_addr; ## Passes the real client IP to the backend server. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server. Yep, those are in there. Here are my configs: nginx.conf: user www-data; pid /run/nginx.pid; # you must set worker processes based on your CPU cores, nginx does not benefit from setting more than that worker_processes auto; #some last versions calculate it automatically worker_cpu_affinity auto; # number of file descriptors used for nginx # the limit for the maximum FDs on the server is usually set by the OS. # if you don't set FD's then OS settings will be used which is by default 2000 worker_rlimit_nofile 100000; # only log critical errors error_log /var/log/nginx/error.log crit; # provides the configuration file context in which the directives that affect connection processing are specified. events { # determines how much clients will be served per worker # max clients = worker_connections * worker_processes # max clients is also limited by the number of socket connections available on the system (~64k) #worker_connections 8192; worker_connections 4000; # optmized to serve many clients with each thread, essential for linux -- for testing environment use epoll; # accept as many connections as possible, may flood worker connections if set too low -- for testing environment multi_accept on; } http { # cache informations about FDs, frequently accessed files # can boost performance, but you need to test those values open_file_cache max=200000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; ## # Basic Settings ## # copies data between one FD and other from within the kernel # faster then read() + write() sendfile on; tcp_nopush on; tcp_nodelay on; #keepalive_timeout 65; types_hash_max_size 2048; proxy_headers_hash_max_size 51200; proxy_headers_hash_bucket_size 6400; server_tokens off; proxy_connect_timeout 1h; proxy_send_timeout 1h; proxy_read_timeout 1h; etag on; log_format emby '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port "$http_x_emby_authorizat ion"'; log_format default '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port'; #geoip_country /etc/nginx/geoip/GeoIP.dat; # the country IP database #geoip_city /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database # server_names_hash_bucket_size 64; # server_name_in_redirect off; server_names_hash_bucket_size 128; map_hash_bucket_size 64; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1.2 TLSv1.1 TLSv1; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; #ssl_session_cache shared:SSL:5m; #ssl_session_timeout 1h; ## # Logging Settings ## # to boost I/O on HDD we can disable access logs access_log off; #access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Timeouts ## client_header_timeout 3m; client_body_timeout 3m; send_timeout 3m; ## # Gzip Settings ## gzip on; gzip_disable "MSIE [1-6]\."; gzip_min_length 1100; gzip_vary on; gzip_proxied expired no-cache no-store private auth; gzip_buffers 16 8k; gzip_comp_level 6; gzip_http_version 1.1; gzip_types text/plain text/css text/js applciation/json application/javascript application/x-javascript text/xml application/xml application/rss+xml text/javascript images/svg+xml application/x-font-ttf font/opentype application/vnd.ms-fontobject; /xml+rss text/javascript; reset_timedout_connection on; # request timed out -- default 60 client_max_body_size 32m; # increased to allow for ddwrt firmware upgrades ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } emby: server { listen 8920 ssl http2 reuseport; listen [::]:8920 ssl http2 reuseport; server_name <REDACTED> <REDACTED>; # Global Headers add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; proxy_hide_header X-Powered-By; ## Hides nginx server version from bad guys. error_log /var/log/nginx/emby_error.log error; access_log /var/log/nginx/emby_access.log emby buffer=16k; # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate ssl_certificate /etc/ssl/ca/acme/<redacted>.fullchain; ssl_certificate_key /etc/ssl/ca/acme/<redacted>.key; ssl_session_timeout 1h; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits ssl_dhparam /etc/ssl/dh/RSA4096.pem; # intermediate configuration. tweak to your needs. ssl_protocols TLSv1.3 TLSv1.2; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; ssl_prefer_server_ciphers on; # OCSP Stapling --- # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify on; ## verify chain of trust of OCSP response using Root CA and Intermediate certs ssl_trusted_certificate /etc/ssl/ca/acme/<redacted>.ca; resolver 192.168.1.1 8.8.4.4 8.8.8.8 valid=300s; #resolver 192.168.1.1; resolver_timeout 10s; underscores_in_headers on; proxy_intercept_errors on; recursive_error_pages on; location / { proxy_pass http://192.168.1.40:8096; ## Enter the IP and port of the backend emby server here. proxy_hide_header X-Powered-By; ## Hides nginx server version from bad guys. proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested. proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested. proxy_set_header X-Real-IP $remote_addr; ## Passes the real client IP to the backend server. proxy_set_header Host $host; ## Passes the requested domain name to the backend server. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server. ## ADDITIONAL SECURITY SETTINGS ## ## Optional settings to improve security ## ## add these after you have completed your testing and ssl setup ## add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client. proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } } Edited July 17, 2019 by diamantj Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted July 17, 2019 Share Posted July 17, 2019 (edited) Other than sendfile being on, which I dont "think" is your issue, I dont see anything crazy in your config. I might suggest trying my single config first, though it looks like alot of your config is already mine.. But I hate split configs using include..... lol, just as a test use my config, and see if it works, you can also connect to my server and see if your roku works there. Edited July 18, 2019 by pir8radio Link to comment Share on other sites More sharing options...
jeffsand121 1 Posted July 18, 2019 Share Posted July 18, 2019 I found the issue that was causing the same problem with Roku playing remotely. The "default" in the config I am using was not listening on port 80. Once I included that command and did a 301 redirect, I have no playback problems. 1 Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted July 18, 2019 Share Posted July 18, 2019 I found the issue that was causing the same problem with Roku playing remotely. The "default" in the config I am using was not listening on port 80. Once I included that command and did a 301 redirect, I have no playback problems. Yea its good practice to listen on 80 as well good find... HSTS should of taken care of that, you shouldn't see the 301 getting used much if at all, if you use HSTS. Link to comment Share on other sites More sharing options...
Paint 7 Posted July 18, 2019 Share Posted July 18, 2019 What should I add to my nginx to do a 301 redirect besides adding listening lines on port 80 Link to comment Share on other sites More sharing options...
jeffsand121 1 Posted July 18, 2019 Share Posted July 18, 2019 I am using HSTS and thought it would have taken care of it too. Just happy it is working again. Thanks to all that helped!! Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted July 18, 2019 Share Posted July 18, 2019 What should I add to my nginx to do a 301 redirect besides adding listening lines on port 80 server { listen 80 default_server; listen [::]:80 default_server; server_name example.com; return 301 https://$server_name$request_uri; } Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Paint 7 Posted July 18, 2019 Share Posted July 18, 2019 (edited) server { listen 80 default_server; listen [::]:80 default_server; server_name example.com; return 301 https://$server_name$request_uri; } Sent from my iPhone using Tapatalk Added this to my config. Will test again. Since I am running on a custom SSL port, I had to use this config: server { listen 80 default_server; listen [::]:80 default_server; server_name example.com; return 301 https://$server_name:1234$request_uri; } And added this to my ssl server section error_page 497 https://$host:1234$request_uri; Edited July 18, 2019 by diamantj 1 Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted July 18, 2019 Share Posted July 18, 2019 Added this to my config. Will test again. Since I am running on a custom SSL port, I had to use this config: server { listen 80 default_server; listen [::]:80 default_server; server_name example.com; return 301 https://$server_name:1234$request_uri; } And added this to my ssl server section error_page 497 https://$host:1234$request_uri; yea sorry forgot you were using a goofy port.. :-) Good work, hope it works. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now