gregaou 0 Posted October 10, 2019 Share Posted October 10, 2019 Hello everybody, I started to use Emby like every others services i use with docker. For that i use : nginx-proxy (generate automatically nginx config file see below) docker-letsencrypt-nginx-proxy-companion My docker compose for emby : version: '2' services: emby: container_name: emby image: emby/embyserver:latest restart: unless-stopped volumes: - ${LOCAL_DATA_DIR}:/config - ${LOCAL_MEDIA_DIR}/movies:/movies - ${LOCAL_MEDIA_DIR}/tvshows:/tvshows environment: GID: 1000 UID: 1000 VIRTUAL_HOST: emby.xxx.xxx VIRTUAL_PORT: 8096 LETSENCRYPT_HOST: emby.xxx.xxx LETSENCRYPT_EMAIL: my.mail@[member="xxx"].xxx networks: default: external: name: webproxy That's generate the following nginx configuration: # emby.xxx.xxx upstream emby.xxx.xxx { ## Can be connected with "webproxy" network # emby server 172.18.0.18:8096; } server { server_name emby.xxx.xxx; listen 80 ; access_log /var/log/nginx/access.log vhost; return 301 https://$host$request_uri; } server { server_name emby.xxx.xxx; listen 443 ssl http2 ; access_log /var/log/nginx/access.log vhost; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS'; ssl_prefer_server_ciphers on; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_certificate /etc/nginx/certs/emby.xxx.xxx.crt; ssl_certificate_key /etc/nginx/certs/emby.xxx.xxx.key; ssl_dhparam /etc/nginx/certs/emby.xxx.xxx.dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/certs/emby.xxx.xxx.chain.pem; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/vhost.d/default; location / { proxy_pass http://emby.xxx.xxx; } } But with configuration I have some trouble like Timeout for validating my license key, or like Check for plugin updates failed Connection to https://www.mb3admin.com/admin/service/EmbyPackages.json timed out at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod) at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsync(HttpRequestOptions options, String httpMethod) at Emby.Server.Implementations.Updates.InstallationManager.GetAvailablePackagesWithoutRegistrationInfo(Boolean enableCache, CancellationToken cancellationToken) at Emby.Server.Implementations.Updates.InstallationManager.GetAvailablePluginUpdates(Version applicationVersion, CancellationToken cancellationToken) at Emby.Server.Implementations.ScheduledTasks.PluginUpdateTask.Execute(CancellationToken cancellationToken, IProgress`1 progress) at Emby.Server.Implementations.ScheduledTasks.ScheduledTaskWorker.ExecuteInternal(TaskOptions options) Is there a way to avoid docker host network mode ? Thank in advance Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted October 10, 2019 Share Posted October 10, 2019 nope. your server has to be able to reach mb3admin.com in order to validate your premiere status. check your outbound firewall. Link to comment Share on other sites More sharing options...
gregaou 0 Posted October 10, 2019 Author Share Posted October 10, 2019 (edited) I think my container is able to reach mb3admin.com cause inside the container this command works. wget https://www.mb3admin.com/admin/service/EmbyPackages.json Server logs: 2019-10-10 15:21:04.622 Error HttpClient: Connection to https://emby.media/community/index.php?/blog/rss/1-media-browser-developers-blog timed out 2019-10-10 15:21:04.629 Error App: Error downloading news *** Error Report *** Version: 4.2.1.0 Command line: /system/EmbyServer.dll -programdata /config -ffdetect /bin/ffdetect -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3 Operating system: Unix 4.15.0.65 64-Bit OS: True 64-Bit Process: True User Interactive: True Runtime: file:///system/System.Private.CoreLib.dll Processor count: 4 Program data path: /config Application directory: /system MediaBrowser.Model.Net.HttpException: MediaBrowser.Model.Net.HttpException: Connection to https://emby.media/community/index.php?/blog/rss/1-media-browser-developers-blog timed out ---> System.OperationCanceledException: The operation was canceled. at System.Net.Http.HttpClient.HandleFinishSendAsyncError(Exception e, CancellationTokenSource cts) at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod) --- End of inner exception stack trace --- at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod) at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsync(HttpRequestOptions options, String httpMethod) at Emby.Server.Implementations.News.NewsEntryPoint.DownloadNews(String path) at Emby.Server.Implementations.News.NewsEntryPoint.OnTimerFired(Object state) Source: Emby.Server.Implementations TargetSite: Void MoveNext() InnerException: System.OperationCanceledException: The operation was canceled. Source: System.Net.Http TargetSite: Void HandleFinishSendAsyncError(System.Exception, System.Threading.CancellationTokenSource) at System.Net.Http.HttpClient.HandleFinishSendAsyncError(Exception e, CancellationTokenSource cts) at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod) 2019-10-10 15:21:06.783 Error HttpClient: Connection to https://www.mb3admin.com/admin/service/EmbyPackages.json timed out 2019-10-10 15:21:06.790 Error TaskManager: Error *** Error Report *** Version: 4.2.1.0 Command line: /system/EmbyServer.dll -programdata /config -ffdetect /bin/ffdetect -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartexitcode 3 Operating system: Unix 4.15.0.65 64-Bit OS: True 64-Bit Process: True User Interactive: True Runtime: file:///system/System.Private.CoreLib.dll Processor count: 4 Program data path: /config Application directory: /system MediaBrowser.Model.Net.HttpException: MediaBrowser.Model.Net.HttpException: Connection to https://www.mb3admin.com/admin/service/EmbyPackages.json timed out ---> System.OperationCanceledException: The operation was canceled. at System.Net.Http.HttpClient.HandleFinishSendAsyncError(Exception e, CancellationTokenSource cts) at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod) --- End of inner exception stack trace --- at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod) at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsync(HttpRequestOptions options, String httpMethod) at Emby.Server.Implementations.Updates.InstallationManager.GetAvailablePackagesWithoutRegistrationInfo(Boolean enableCache, CancellationToken cancellationToken) at Emby.Server.Implementations.Updates.InstallationManager.GetAvailablePluginUpdates(Version applicationVersion, CancellationToken cancellationToken) at Emby.Server.Implementations.ScheduledTasks.PluginUpdateTask.Execute(CancellationToken cancellationToken, IProgress`1 progress) at Emby.Server.Implementations.ScheduledTasks.ScheduledTaskWorker.ExecuteInternal(TaskOptions options) Source: Emby.Server.Implementations TargetSite: Void MoveNext() InnerException: System.OperationCanceledException: The operation was canceled. Source: System.Net.Http TargetSite: Void HandleFinishSendAsyncError(System.Exception, System.Threading.CancellationTokenSource) at System.Net.Http.HttpClient.HandleFinishSendAsyncError(Exception e, CancellationTokenSource cts) at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) at Emby.Server.Implementations.HttpClientManager.CoreHttpClientManager.SendAsyncInternal(HttpRequestOptions options, String httpMethod) Edited October 10, 2019 by gregaou Link to comment Share on other sites More sharing options...
Luke 37007 Posted October 10, 2019 Share Posted October 10, 2019 Hi there, have you compared your config to @@pir8radio? Link to comment Share on other sites More sharing options...
gregaou 0 Posted October 10, 2019 Author Share Posted October 10, 2019 (edited) This config : https://emby.media/community/index.php?/topic/48236-setting-up-emby-behind-a-reverse-proxy-nginx/?p=457670 ? I've already saw this but i saw nothing relevant Edited October 10, 2019 by gregaou Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted October 11, 2019 Share Posted October 11, 2019 yea that looks like an outbound issue, not an nginx issue. Link to comment Share on other sites More sharing options...
gregaou 0 Posted October 11, 2019 Author Share Posted October 11, 2019 @@pir8radio Maybe i'm not sure, but i need to find a way to identify where my request is blocked. Do you have an idea ? Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted October 12, 2019 Share Posted October 12, 2019 can you ping it (mb3admin.com)? if yes what does a trace route show? Link to comment Share on other sites More sharing options...
D34DC3N73R 18 Posted November 6, 2019 Share Posted November 6, 2019 Not sure if this will help, but it's what I'm using for emby in bridge mode with a subdomain proxy. version: '3' services: letsencrypt: container_name: letsencrypt image: linuxserver/letsencrypt ports: - 443:443 - 80:80 cap_add: - NET_ADMIN restart: unless-stopped environment: - PGID=$PGID - PUID=$PUID - EMAIL=admin@domain.tld - URL=domain.tld - SUBDOMAINS=wildcard - TZ=$TZ - VALIDATION=dns - DNSPLUGIN=cloudflare volumes: - $HOME/.config/letsencrypt:/config emby: image: emby/embyserver:beta container_name: emby restart: unless-stopped ports: - 8096:8096 - 8920:8920 environment: - TZ=$TZ - UID=$PUID - GID=$PGID - GIDLIST=44 - NVIDIA_VISIBLE_DEVICES=all - NVIDIA_DRIVER_CAPABILITIES=all volumes: - $HOME/.config/emby:/config - $HOME/media/Video:/media/Video - $HOME/media/Music:/media/Music - /dev/shm/emby:/transcode nginx conf server { listen 80; server_name emby.domain.tld; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name emby.domain.tld; include /config/nginx/ssl.conf; client_max_body_size 0; add_header Content-Security-Policy "frame-ancestors domain.tld emby.domain.tld;"; location / { proxy_pass http://192.168.1.111:8096; proxy_hide_header X-Powered-By; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header Strict-Transport-Security "max-age=15552000; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } } Link to comment Share on other sites More sharing options...
oneduality 8 Posted December 30, 2019 Share Posted December 30, 2019 It would be amazing if Emby just supported lets encrypt natively.. I was using LE certificates for a while but didn't want to deal with the renewals by hand anymore so I just bought a 4 year cert It seems building it in would be very simple to do, there are tons of opensource projects for generating certificates in many languages Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted January 3, 2020 Share Posted January 3, 2020 doc It would be amazing if Emby just supported lets encrypt natively.. I was using LE certificates for a while but didn't want to deal with the renewals by hand anymore so I just bought a 4 year cert It seems building it in would be very simple to do, there are tons of opensource projects for generating certificates in many languages certbot. Link to comment Share on other sites More sharing options...
BAlGaInTl 279 Posted January 4, 2020 Share Posted January 4, 2020 It would be amazing if Emby just supported lets encrypt natively.. I was using LE certificates for a while but didn't want to deal with the renewals by hand anymore so I just bought a 4 year cert It seems building it in would be very simple to do, there are tons of opensource projects for generating certificates in many languages doc certbot. Also Cloudflare.... You can generate a cert there and not have to worry about renewals at all. Plus you get the added feature of obscuring your WAN IP. Working great for me, and it's one less thing I have to worry about. Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted January 4, 2020 Share Posted January 4, 2020 +1 cloudflare Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now