Jump to content


Photo

Configuring emby with nginx-proxy + let's encrypt

docker nginx-proxy letsencrypt emby

  • Please log in to reply
8 replies to this topic

#1 gregaou OFFLINE  

gregaou

    Newbie

  • Members
  • 4 posts
  • Local time: 06:00 AM

Posted 10 October 2019 - 11:11 AM

Hello everybody,

 

I started to use Emby like every others services i use with docker.

 

For that i use :

 

My docker compose for emby :

version: '2'

services:
   emby:
     container_name: emby
     image: emby/embyserver:latest
     restart: unless-stopped
     volumes:
       - ${LOCAL_DATA_DIR}:/config
       - ${LOCAL_MEDIA_DIR}/movies:/movies
       - ${LOCAL_MEDIA_DIR}/tvshows:/tvshows
     environment:
       GID: 1000
       UID: 1000
       VIRTUAL_HOST: emby.xxx.xxx
       VIRTUAL_PORT: 8096
       LETSENCRYPT_HOST: emby.xxx.xxx
       LETSENCRYPT_EMAIL: my.mail@xxx.xxx

networks:
    default:
       external:
         name: webproxy

That's generate the following nginx configuration:

# emby.xxx.xxx
upstream emby.xxx.xxx {
				## Can be connected with "webproxy" network
			# emby
			server 172.18.0.18:8096;
}
server {
	server_name emby.xxx.xxx;
	listen 80 ;
	access_log /var/log/nginx/access.log vhost;
	return 301 https://$host$request_uri;
}
server {
	server_name emby.xxx.xxx;
	listen 443 ssl http2 ;
	access_log /var/log/nginx/access.log vhost;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
	ssl_prefer_server_ciphers on;
	ssl_session_timeout 5m;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;
	ssl_certificate /etc/nginx/certs/emby.xxx.xxx.crt;
	ssl_certificate_key /etc/nginx/certs/emby.xxx.xxx.key;
	ssl_dhparam /etc/nginx/certs/emby.xxx.xxx.dhparam.pem;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /etc/nginx/certs/emby.xxx.xxx.chain.pem;
	add_header Strict-Transport-Security "max-age=31536000" always;
	include /etc/nginx/vhost.d/default;
	location / {
		proxy_pass http://emby.xxx.xxx;
	}
}

But with configuration I have some trouble like Timeout for validating my license key, or like

Check for plugin updates failed


Connection to https://www.mb3admin.com/admin/service/EmbyPackages.json timed out
at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsync(HttpRequestOptions options, String httpMethod)
at Emby.Server.Implementations.Updates.InstallationManager.GetAvailablePackagesWithoutRegistrationInfo(Boolean enableCache, CancellationToken cancellationToken)
at Emby.Server.Implementations.Updates.InstallationManager.GetAvailablePluginUpdates(Version applicationVersion, CancellationToken cancellationToken)
at Emby.Server.Implementations.ScheduledTasks.PluginUpdateTask.Execute(CancellationToken cancellationToken, IProgress`1 progress)
at Emby.Server.Implementations.ScheduledTasks.ScheduledTaskWorker.ExecuteInternal(TaskOptions options)

Is there a way to avoid docker host network mode ?

 

Thank in advance



#2 mastrmind11 OFFLINE  

mastrmind11

    Advanced Member

  • Members
  • 2800 posts
  • Local time: 11:00 PM
  • LocationLong Island, NY

Posted 10 October 2019 - 11:16 AM

nope.  your server has to be able to reach mb3admin.com in order to validate your premiere status.  check your outbound firewall.



#3 gregaou OFFLINE  

gregaou

    Newbie

  • Members
  • 4 posts
  • Local time: 06:00 AM

Posted 10 October 2019 - 11:30 AM

I think my container is able to reach mb3admin.com cause inside the container this command works.

wget https://www.mb3admin.com/admin/service/EmbyPackages.json

Server logs:

2019-10-10 15:21:04.622 Error HttpClient: Connection to https://emby.media/community/index.php?/blog/rss/1-media-browser-developers-blog timed out
2019-10-10 15:21:04.629 Error App: Error downloading news
	*** Error Report ***
	Version: 4.2.1.0
	Command line: /system/EmbyServer.dll -programdata /config -ffdetect /bin/ffdetect -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3
	Operating system: Unix 4.15.0.65
	64-Bit OS: True
	64-Bit Process: True
	User Interactive: True
	Runtime: file:///system/System.Private.CoreLib.dll
	Processor count: 4
	Program data path: /config
	Application directory: /system
	MediaBrowser.Model.Net.HttpException: MediaBrowser.Model.Net.HttpException: Connection to https://emby.media/community/index.php?/blog/rss/1-media-browser-developers-blog timed out ---> System.OperationCanceledException: The operation was canceled.
	   at System.Net.Http.HttpClient.HandleFinishSendAsyncError(Exception e, CancellationTokenSource cts)
	   at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
	   --- End of inner exception stack trace ---
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsync(HttpRequestOptions options, String httpMethod)
	   at Emby.Server.Implementations.News.NewsEntryPoint.DownloadNews(String path)
	   at Emby.Server.Implementations.News.NewsEntryPoint.OnTimerFired(Object state)
	Source: Emby.Server.Implementations
	TargetSite: Void MoveNext()
	InnerException: System.OperationCanceledException: The operation was canceled.
	Source: System.Net.Http
	TargetSite: Void HandleFinishSendAsyncError(System.Exception, System.Threading.CancellationTokenSource)
	   at System.Net.Http.HttpClient.HandleFinishSendAsyncError(Exception e, CancellationTokenSource cts)
	   at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
	
2019-10-10 15:21:06.783 Error HttpClient: Connection to https://www.mb3admin.com/admin/service/EmbyPackages.json timed out
2019-10-10 15:21:06.790 Error TaskManager: Error
	*** Error Report ***
	Version: 4.2.1.0
	Command line: /system/EmbyServer.dll -programdata /config -ffdetect /bin/ffdetect -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3
	Operating system: Unix 4.15.0.65
	64-Bit OS: True
	64-Bit Process: True
	User Interactive: True
	Runtime: file:///system/System.Private.CoreLib.dll
	Processor count: 4
	Program data path: /config
	Application directory: /system
	MediaBrowser.Model.Net.HttpException: MediaBrowser.Model.Net.HttpException: Connection to https://www.mb3admin.com/admin/service/EmbyPackages.json timed out ---> System.OperationCanceledException: The operation was canceled.
	   at System.Net.Http.HttpClient.HandleFinishSendAsyncError(Exception e, CancellationTokenSource cts)
	   at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
	   --- End of inner exception stack trace ---
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsync(HttpRequestOptions options, String httpMethod)
	   at Emby.Server.Implementations.Updates.InstallationManager.GetAvailablePackagesWithoutRegistrationInfo(Boolean enableCache, CancellationToken cancellationToken)
	   at Emby.Server.Implementations.Updates.InstallationManager.GetAvailablePluginUpdates(Version applicationVersion, CancellationToken cancellationToken)
	   at Emby.Server.Implementations.ScheduledTasks.PluginUpdateTask.Execute(CancellationToken cancellationToken, IProgress`1 progress)
	   at Emby.Server.Implementations.ScheduledTasks.ScheduledTaskWorker.ExecuteInternal(TaskOptions options)
	Source: Emby.Server.Implementations
	TargetSite: Void MoveNext()
	InnerException: System.OperationCanceledException: The operation was canceled.
	Source: System.Net.Http
	TargetSite: Void HandleFinishSendAsyncError(System.Exception, System.Threading.CancellationTokenSource)
	   at System.Net.Http.HttpClient.HandleFinishSendAsyncError(Exception e, CancellationTokenSource cts)
	   at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
	   at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod)


Edited by gregaou, 10 October 2019 - 11:34 AM.


#4 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 139861 posts
  • Local time: 11:00 PM

Posted 10 October 2019 - 12:43 PM

Hi there, have you compared your config to @pir8radio?

#5 gregaou OFFLINE  

gregaou

    Newbie

  • Members
  • 4 posts
  • Local time: 06:00 AM

Posted 10 October 2019 - 12:46 PM

This config : https://emby.media/c...nginx/?p=457670 ?

 

I've already saw this but i saw nothing relevant


Edited by gregaou, 10 October 2019 - 12:47 PM.


#6 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2925 posts
  • Local time: 10:00 PM
  • LocationChicago

Posted 10 October 2019 - 10:49 PM

yea that looks like an outbound issue, not an nginx issue. 



#7 gregaou OFFLINE  

gregaou

    Newbie

  • Members
  • 4 posts
  • Local time: 06:00 AM

Posted 11 October 2019 - 02:26 AM

@pir8radio Maybe i'm not sure, but i need to find a way to identify where my request is blocked. Do you have an idea ?



#8 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2925 posts
  • Local time: 10:00 PM
  • LocationChicago

Posted 12 October 2019 - 09:11 AM

can you ping it (mb3admin.com)?   if yes what does a trace route show?



#9 D34DC3N73R OFFLINE  

D34DC3N73R

    Advanced Member

  • Members
  • 90 posts
  • Local time: 08:00 PM

Posted 05 November 2019 - 11:24 PM

Not sure if this will help, but it's what I'm using for emby in bridge mode with a subdomain proxy.

version: '3'
services:
    letsencrypt:
        container_name: letsencrypt
        image: linuxserver/letsencrypt
        ports:
            - 443:443
            - 80:80
        cap_add:
            - NET_ADMIN
        restart: unless-stopped
        environment:
            - PGID=$PGID
            - PUID=$PUID
            - EMAIL=admin@domain.tld
            - URL=domain.tld
            - SUBDOMAINS=wildcard
            - TZ=$TZ
            - VALIDATION=dns
            - DNSPLUGIN=cloudflare
        volumes:
            - $HOME/.config/letsencrypt:/config

    emby:
        image: emby/embyserver:beta
        container_name: emby
        restart: unless-stopped
        ports:
            - 8096:8096
            - 8920:8920
        environment:
            - TZ=$TZ
            - UID=$PUID
            - GID=$PGID
            - GIDLIST=44
            - NVIDIA_VISIBLE_DEVICES=all
            - NVIDIA_DRIVER_CAPABILITIES=all
        volumes:
            - $HOME/.config/emby:/config
            - $HOME/media/Video:/media/Video
            - $HOME/media/Music:/media/Music
            - /dev/shm/emby:/transcode

nginx conf

server {
        listen 80;
        server_name emby.domain.tld;
        return 301 https://$server_name$request_uri;
}


server {
    listen 443 ssl http2;

    server_name emby.domain.tld;

        include /config/nginx/ssl.conf;

        client_max_body_size 0;
        add_header Content-Security-Policy "frame-ancestors domain.tld emby.domain.tld;";


    location / {
        proxy_pass http://192.168.1.111:8096;
        proxy_hide_header X-Powered-By;
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


        add_header 'Referrer-Policy' 'origin-when-cross-origin';
        add_header Strict-Transport-Security "max-age=15552000; preload" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-XSS-Protection "1; mode=block" always;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
    }
}








Also tagged with one or more of these keywords: docker, nginx-proxy, letsencrypt, emby

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users