crxo 4 Posted September 18, 2019 Share Posted September 18, 2019 Hi, in version 77 of Chrome chapter images load forever like there is no end of the file, but there are displayed correctly. When i open the direct link of the image the problem persists. The image will be displayed correctly, but will load forever. After some minutes of loading, some images abort with a http/2 protocol error. Here is a screenshot: I also tried this with the Microsoft Edge Browser where all images are loaded and displayed correctly. In Firefox 69 some images were loaded, but not displayed. My Emby Server is running behind a nginx reverse proxy. When accessing Emby in my LAN there are no such problems. Here is my nginx host config file: server { listen 443 ssl http2; listen [::]:443 ssl http2; gzip on; gzip_vary on; gzip_min_length 1024; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/json application/xml; gzip_disable "MSIE [1-6]\."; server_name *.*.de; ssl_certificate */fullchain.pem; ssl_certificate_key */privkey.pem; add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload" always; location / { proxy_pass http://localhost:8096; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } Is this a bug or is there some error in my nginx config? I'm running this config for about a year and this is the first time this is happening. Does anyone have a idea or can reproduce this? Thanks in advance! Link to comment Share on other sites More sharing options...
Luke 37028 Posted September 18, 2019 Share Posted September 18, 2019 Hi, they seem to be fine here. Have you tried it without nginx? Link to comment Share on other sites More sharing options...
crxo 4 Posted September 18, 2019 Author Share Posted September 18, 2019 Yes, without nginx there is no such problem... Link to comment Share on other sites More sharing options...
Luke 37028 Posted September 18, 2019 Share Posted September 18, 2019 I would suggest comparing your nginx config to @@pir8radio Link to comment Share on other sites More sharing options...
crxo 4 Posted September 18, 2019 Author Share Posted September 18, 2019 I've changed the config to pir8radio ones with no success. The chapter images are the only ones who load forever. Link to comment Share on other sites More sharing options...
crxo 4 Posted September 18, 2019 Author Share Posted September 18, 2019 The error doesn't happen when using an unencrypted connection over http with nginx. So i think this has something to do with https.. I also changed the config from nginx for emby to the absolute minimum with no success... Link to comment Share on other sites More sharing options...
Luke 37028 Posted September 18, 2019 Share Posted September 18, 2019 @@pir8radio have you seen this happen? Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted September 18, 2019 Share Posted September 18, 2019 (edited) post your SSL configuration section, you probably are too limiting in your SSL settings. also what build of nginx are you using? has to be built with open ssl 1.0.2 or later. you cant support tls 1.1 with http2 either. Edited September 18, 2019 by pir8radio Link to comment Share on other sites More sharing options...
crxo 4 Posted September 18, 2019 Author Share Posted September 18, 2019 Which configuration do you mean? I already posted my nginx host config. Thanks! Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted September 18, 2019 Share Posted September 18, 2019 (edited) Which configuration do you mean? I already posted my nginx host config. Thanks! Your config should have some ssl_xxxxx settings to setup ssl. I thought you used my config? Is this just in ver77 of chrome? Looks like its trying to pull in webp images as jpeg make sure tcp_nodelay on; is in your http section. Looks like something is hanging those image files up, not sending the last bit. Edited September 18, 2019 by pir8radio Link to comment Share on other sites More sharing options...
crxo 4 Posted September 18, 2019 Author Share Posted September 18, 2019 (edited) I also tried your settings with no success.. as i mentioned, it works with edge, Firefox but it’s not displaying the pictures and I also have the same error with chrome 76. Yes, it looks like something like this.. all other pictures are in webp format and are loaded correctly. Edit: Thank you, I will try this setting and will report back. Edited September 18, 2019 by crxo Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted September 18, 2019 Share Posted September 18, 2019 (edited) I also tried your settings with no success.. as i mentioned, it works with edge, Firefox but it’s not displaying the pictures and I also have the same error with chrome 76. Yes, it looks like something like this.. all other pictures are in webp format and are loaded correctly. click one of those jpeg images and post what it says the headers are. using chrome developer tools.. Edited September 18, 2019 by pir8radio Link to comment Share on other sites More sharing options...
crxo 4 Posted September 18, 2019 Author Share Posted September 18, 2019 (edited) Please delete. Edited September 18, 2019 by crxo Link to comment Share on other sites More sharing options...
crxo 4 Posted September 18, 2019 Author Share Posted September 18, 2019 make sure tcp_nodelay on; is in your http section. This setting is already in my config. click one of those jpeg images and post what it says the headers are. using chrome developer tools.. Request URL: https://*.*.de/emby/Items/29066/Images/Chapter/7?maxWidth=400&tag=0f3721ba12720e4882a0f38de31e66dc&quality=90 Request Method: GET Status Code: 200 Remote Address: *:443 Referrer Policy: no-referrer-when-downgrade accept-ranges: bytes access-control-allow-headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, X-MediaBrowser-Token, X-Emby-Token, X-Emby-Authorization access-control-allow-methods: GET, POST, PUT, DELETE, PATCH, OPTIONS access-control-allow-origin: * age: 599551 cache-control: public, max-age=31536000 content-length: 8049 content-type: image/jpeg date: Wed, 18 Sep 2019 22:35:42 GMT etag: "2e1f1b7bf1891d966b5a97d589762d34" expires: Thu, 17 Sep 2020 22:35:42 GMT last-modified: Thu, 12 Sep 2019 00:03:10 GMT realtimeinfo.dlna.org: DLNA.ORG_TLAG=* server: nginx status: 200 strict-transport-security: max-age=15768000; includeSubdomains; preload transfermode.dlna.org: Interactive vary: Accept :authority: *.*.de :method: GET :path: /emby/Items/29066/Images/Chapter/7?maxWidth=400&tag=0f3721ba12720e4882a0f38de31e66dc&quality=90 :scheme: https accept: image/webp,image/apng,image/*,*/*;q=0.8 accept-encoding: gzip, deflate, br accept-language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7 cache-control: no-cache cookie: _ga=GA1.2.67999265.1549310435 pragma: no-cache referer: https://*.*.de/web/index.html sec-fetch-mode: no-cors sec-fetch-site: same-origin user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36 maxWidth: 400 tag: 0f3721ba12720e4882a0f38de31e66dc quality: 90 Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted September 18, 2019 Share Posted September 18, 2019 (edited) This setting is already in my config. What happens if you remove the gzip stuff in your nginx config? SHouldnt make a difference... unless you want to create a guest account and PM me the login info, i can see if I see anything... I already have your domain name.. gzip on; gzip_vary on; gzip_min_length 1024; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/json application/xml; gzip_disable "MSIE [1-6]\."; Edited September 18, 2019 by pir8radio Link to comment Share on other sites More sharing options...
crxo 4 Posted September 19, 2019 Author Share Posted September 19, 2019 I already tried this.. i will send you a pm. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted September 20, 2019 Share Posted September 20, 2019 (edited) I already tried this.. i will send you a pm. I dont see anything related to your nginx setup that you posted, want to post the whole config? Server and HTTP sections. Have you tried setting the server to US English see if you still have the issue... I couldn't recreate on my server but im on a beta version too. I do see the issue on my end using your server though. Edited September 20, 2019 by pir8radio Link to comment Share on other sites More sharing options...
crxo 4 Posted September 21, 2019 Author Share Posted September 21, 2019 (edited) Hi, after replacing the whole nginx.conf from Synology with yours the error is gone. So the error must be related with some DSM Update. Do you know what i could change to fix the error? Here is the complete nginx.conf: # Copyright (c) 2000-2017 Synology Inc. All rights reserved. worker_processes auto; #worker_cpu_affinity auto; worker_rlimit_nofile 65535; include conf.d/main.conf; events { use epoll; multi_accept on; accept_mutex off; worker_connections 1024; include conf.d/events.conf; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log off; #access_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_access,nohostname main; error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_error,nohostname error; tcp_nopush on; tcp_nodelay on; sendfile on; server_tokens off; proxy_request_buffering off; fastcgi_request_buffering off; scgi_request_buffering off; proxy_buffering off; fastcgi_buffering off; scgi_buffering off; resolver_timeout 5s; client_header_timeout 10s; client_body_timeout 60s; send_timeout 60s; keepalive_timeout 65s 20s; client_max_body_size 0; server_names_hash_max_size 8192; server_names_hash_bucket_size 128; ssl_certificate /usr/syno/etc/certificate/system/default/fullchain.pem; ssl_certificate_key /usr/syno/etc/certificate/system/default/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; ssl_prefer_server_ciphers on; ssl_session_tickets off; ssl_session_cache shared:SSL:1m; ssl_session_timeout 3600s; real_ip_header X-Forwarded-For; real_ip_recursive on; set_real_ip_from 127.0.0.1; include /var/tmp/nginx/trusted_proxy/*.conf; map $http_upgrade $connection_upgrade { default upgrade; '' close; } server_tag "nginx"; gzip_disable "msie6"; gzip_min_length 1000; gzip_types text/plain text/css application/javascript application/json; gzip_vary on; gzip_static on; open_file_cache max=1000 inactive=60s; open_file_cache_valid 3s; open_file_cache_min_uses 2; open_file_cache_errors on; upstream synoscgi { server unix:/run/synoscgi.sock; } index index.html index.htm index.php; server { listen 5000 default_server; listen [::]:5000 default_server; server_name _; gzip on; include app.d/alias.*.conf; root /usr/syno/synoman; index index.cgi; ignore_invalid_headers off; include app.d/dsm.*.conf; include /usr/syno/share/nginx/conf.d/dsm.*.conf; include conf.d/dsm.*.conf; location = / { try_files $uri /index.cgi$is_args$query_string; } location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { internal; root /; open_file_cache off; include app.d/x-accel.*.conf; include conf.d/x-accel.*.conf; } location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { alias /usr/syno/share/OAuth/index_ds.php; default_type text/html; } location ~ \.cgi { include scgi_params; scgi_pass synoscgi; scgi_read_timeout 3600s; } error_page 403 404 500 502 503 504 @error_page; location @error_page { root /usr/syno/share/nginx; rewrite (.*) /error.html break; allow all; } location ~ ^/webman/modules/Indexer/ { deny all; } location ~ ^/webapi/lib/ { deny all; } location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { deny all; } location ~ /\. { access_log off; log_not_found off; deny all; } location ~* \.(?:js|css|png|jpg|gif|ico)$ { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { allow all; access_log off; log_not_found off; } } server { listen 80; listen [::]:80; server_name *.de; set $fqdn *.de; location ^~ /.well-known/acme-challenge { root /var/lib/letsencrypt; default_type text/plain; } location / { return 301 https://$server_name$request_uri; } } server { listen 5000; listen [::]:5000; server_name *.de; location / { return 404; } error_page 403 404 500 502 503 504 @error_page; location @error_page { root /usr/syno/share/nginx; rewrite (.*) /error.html break; allow all; } } server { listen 5001 default_server ssl http2; listen [::]:5001 default_server ssl http2; server_name _; gzip on; add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload" always; include app.d/alias.*.conf; root /usr/syno/synoman; index index.cgi; ignore_invalid_headers off; include app.d/dsm.*.conf; include /usr/syno/share/nginx/conf.d/dsm.*.conf; include conf.d/dsm.*.conf; location = / { try_files $uri /index.cgi$is_args$query_string; } location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { internal; root /; open_file_cache off; include app.d/x-accel.*.conf; include conf.d/x-accel.*.conf; } location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { alias /usr/syno/share/OAuth/index_ds.php; default_type text/html; } location ~ \.cgi { include scgi_params; scgi_pass synoscgi; scgi_read_timeout 3600s; } error_page 403 404 500 502 503 504 @error_page; location @error_page { root /usr/syno/share/nginx; rewrite (.*) /error.html break; allow all; } location ~ ^/webman/modules/Indexer/ { deny all; } location ~ ^/webapi/lib/ { deny all; } location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { deny all; } location ~ /\. { access_log off; log_not_found off; deny all; } location ~* \.(?:js|css|png|jpg|gif|ico)$ { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { allow all; access_log off; log_not_found off; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name *.de; set $fqdn *.de; location ^~ /.well-known/acme-challenge { root /var/lib/letsencrypt; default_type text/plain; } ssl_certificate /usr/syno/etc/certificate/system/FQDN/fullchain.pem; ssl_certificate_key /usr/syno/etc/certificate/system/FQDN/privkey.pem; gzip on; add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload" always; include app.d/alias.*.conf; root /usr/syno/synoman; index index.cgi; ignore_invalid_headers off; include app.d/dsm.*.conf; include /usr/syno/share/nginx/conf.d/dsm.*.conf; include conf.d/dsm.*.conf; location = / { try_files $uri /index.cgi$is_args$query_string; } location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { internal; root /; open_file_cache off; include app.d/x-accel.*.conf; include conf.d/x-accel.*.conf; } location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { alias /usr/syno/share/OAuth/index_ds.php; default_type text/html; } location ~ \.cgi { include scgi_params; scgi_pass synoscgi; scgi_read_timeout 3600s; } error_page 403 404 500 502 503 504 @error_page; location @error_page { root /usr/syno/share/nginx; rewrite (.*) /error.html break; allow all; } location ~ ^/webman/modules/Indexer/ { deny all; } location ~ ^/webapi/lib/ { deny all; } location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { deny all; } location ~ /\. { access_log off; log_not_found off; deny all; } include app.d/www.*.conf; include /usr/syno/share/nginx/conf.d/www.*.conf; include conf.d/www.*.conf; location ~* \.(?:js|css|png|jpg|gif|ico)$ { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { allow all; access_log off; log_not_found off; } } server { listen 5001 ssl http2; listen [::]:5001 ssl http2; server_name *.de; location / { return 404; } error_page 403 404 500 502 503 504 @error_page; location @error_page { root /usr/syno/share/nginx; rewrite (.*) /error.html break; allow all; } } server { listen 80 default_server; listen [::]:80 default_server; gzip on; server_name _; location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { internal; root /; open_file_cache off; include app.d/x-accel.*.conf; include conf.d/x-accel.*.conf; } include app.d/www.*.conf; include app.d/alias.*.conf; include /usr/syno/share/nginx/conf.d/www.*.conf; include conf.d/www.*.conf; location = /webdefault/images/logo.jpg { alias /usr/syno/share/nginx/logo.jpg; } error_page 403 404 500 502 503 504 @error_page; location @error_page { root /usr/syno/share/nginx; rewrite (.*) /error.html break; allow all; } location ^~ /.well-known/acme-challenge { root /var/lib/letsencrypt; default_type text/plain; } include app.d/.location.webstation.conf*; location / { rewrite ^ / redirect; } location ~ ^/$ { rewrite / http://$host:5000/ redirect; } } server { listen 443 default_server ssl; listen [::]:443 default_server ssl; gzip on; server_name _; location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { internal; root /; open_file_cache off; include app.d/x-accel.*.conf; include conf.d/x-accel.*.conf; } include app.d/www.*.conf; include app.d/alias.*.conf; include /usr/syno/share/nginx/conf.d/www.*.conf; include conf.d/www.*.conf; location = /webdefault/images/logo.jpg { alias /usr/syno/share/nginx/logo.jpg; } error_page 403 404 500 502 503 504 @error_page; location @error_page { root /usr/syno/share/nginx; rewrite (.*) /error.html break; allow all; } location ^~ /.well-known/acme-challenge { root /var/lib/letsencrypt; default_type text/plain; } include app.d/.location.webstation.conf*; location / { rewrite ^ / redirect; } location ~ ^/$ { rewrite / https://$host:5001/ redirect; } } include conf.d/http.*.conf; include app.d/server.*.conf; include sites-enabled/*; } Edited September 21, 2019 by crxo Link to comment Share on other sites More sharing options...
Solution crxo 4 Posted September 23, 2019 Author Solution Share Posted September 23, 2019 I found the issue. Setting proxy_buffering in the http section from off to on fixes the error. But this issue should affect all users who are running emby on their synology. 2 Link to comment Share on other sites More sharing options...
Luke 37028 Posted September 23, 2019 Share Posted September 23, 2019 Thanks for the feedback ! Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted September 24, 2019 Share Posted September 24, 2019 I found the issue. Setting proxy_buffering in the http section from off to on fixes the error. But this issue should affect all users who are running emby on their synology. Good job... Yea I never get why people put nginx options in a config without looking into what they do.. Synology setting everything to off, I would just leave those lines out, nginx defaults to ON. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now