vaise 304 Posted August 20, 2020 Share Posted August 20, 2020 My 2c worth - there are so many different options and ways to do this that is is just daunting for anyone who just wants a real easy solution - which is where some people like plex. Maybe plex=iphone and Emby=android is a good analogy. I personally am in the cloudflare/nginx camp - I did use an nginx / letsencrypt docker container first, but now pure cloudflare. Link to comment Share on other sites More sharing options...
sross44 233 Posted October 12, 2020 Share Posted October 12, 2020 On 8/20/2020 at 6:47 PM, vaise said: My 2c worth - there are so many different options and ways to do this that is is just daunting for anyone who just wants a real easy solution - which is where some people like plex. Maybe plex=iphone and Emby=android is a good analogy. I personally am in the cloudflare/nginx camp - I did use an nginx / letsencrypt docker container first, but now pure cloudflare. I agree 100% that there are so many options for this. I for one truly would like a really simple method to make this happen. Honestly I'm shocked that Emby doesn't do this natively like Plex does. I know there's somethings that go in to that, but truly in today's world with security being at the forefront of everyone's mind, I'd think this is something that should happen. I'm curious if this is on the radar at Emby or not. If they could somehow do it so things don't pass through their end I know that would make a lot of people happy. 1 Link to comment Share on other sites More sharing options...
Spaceboy 2493 Posted October 12, 2020 Share Posted October 12, 2020 https://blog.awelswynol.co.uk/2018-01-setting-up-cloudflare-with-emby/ it is very straightforward. required zero admin in the 3 years or so i've been running this setup Link to comment Share on other sites More sharing options...
sross44 233 Posted October 12, 2020 Share Posted October 12, 2020 1 hour ago, Spaceboy said: https://blog.awelswynol.co.uk/2018-01-setting-up-cloudflare-with-emby/ it is very straightforward. required zero admin in the 3 years or so i've been running this setup I'm not saying it's straightforward and relatively simple, but it is time consuming to set up. Just stating that some people would like the option for it to be implemented automatically. Link to comment Share on other sites More sharing options...
Carlo 4330 Posted October 12, 2020 Share Posted October 12, 2020 The difference is that Emby allows you to set it up the way you want to suit your needs and requirements vs a canned setup. Emby let's you access your server via IP, ddns, domain name, Emby Connect, with or without SSL or just used internally only on your LAN. With that freedom of setup comes a bit of setup which can be as simple as checking a checkbox to allow remote access and allowing Emby to open ports on your router to very advanced setup using CDNs and Reverse Proxy Servers. Your media, your way! What a lot of Plex users don't know or understand is that Plex often TUNNELS your media and the amount of tunnel space given for remote access can be as low a 1Mb for non Plex Pass users or 2MB for Plex Pass users. Emby on the other hand NEVER does anything with tunnels and never limits your ability to use the pipe size you want. 1 Link to comment Share on other sites More sharing options...
tekfranz 6 Posted October 12, 2020 Share Posted October 12, 2020 3 hours ago, Spaceboy said: https://blog.awelswynol.co.uk/2018-01-setting-up-cloudflare-with-emby/ it is very straightforward. required zero admin in the 3 years or so i've been running this setup Thanks, that looks like a nice service Cloudflare is offering at no charge. Link to comment Share on other sites More sharing options...
sooty234 266 Posted October 18, 2020 Share Posted October 18, 2020 I'm looking for a little guidance. I finally broke down and switched from using a VPN to using SSL. I went the cloudflare route. The domain is set and all appears correct on that side. But I'm getting an SSL Handshake Failed 525 from cloudflare. Checking through my config, it all looks correct....?? I grabbed the certs and made a pfx, but the server dashboard is telling me the domain is still HTTP. I feel like I'm missing something. Bad pfx? Link to comment Share on other sites More sharing options...
t1m 8 Posted October 18, 2020 Share Posted October 18, 2020 (edited) 43 minutes ago, sooty234 said: I'm looking for a little guidance. I finally broke down and switched from using a VPN to using SSL. I went the cloudflare route. The domain is set and all appears correct on that side. But I'm getting an SSL Handshake Failed 525 from cloudflare. Checking through my config, it all looks correct....?? I grabbed the certs and made a pfx, but the server dashboard is telling me the domain is still HTTP. I feel like I'm missing something. Bad pfx? Search your server log for pfx and see is there an error. Have you forward the correct port on your firewall? If the server dashboard is saying only http then there's likely some error with the cert. It will say what in the logs. Ive had issues using passwordless certs so Edited October 18, 2020 by t1m Link to comment Share on other sites More sharing options...
Carlo 4330 Posted October 18, 2020 Share Posted October 18, 2020 Turn on DEBUG info for logging and restart your Emby server. I don't think you'll get the status without DEBUG turned on. Once you verified if you have a password error or bad cert you can turn debug off again. BTW if using CloudFlare you only have a few ports that can be used and can't use the default Emby ports. Switch to using port 80 and port 443. Setup port forwarding for: WAN 80 to Emby 8096 WAN 443 to Emby 8920 Link to comment Share on other sites More sharing options...
sooty234 266 Posted October 18, 2020 Share Posted October 18, 2020 41 minutes ago, t1m said: Search your server log for pfx and see is there an error. Have you forward the correct port on your firewall? If the server dashboard is saying only http then there's likely some error with the cert. It will say what in the logs. Ive had issues using passwordless certs so Thanks for that. I think I had the password wrong. I recreated the certs and pfx, then the server was able to use it. I had a second issue. I have two routers to portforward through. My initial thought was I had reconfigured them incorrectly, so I had tried various combinations. Of course nothing would work because of the wrong password. With that resolved, I reconfigured both firewalls, and hey presto....encrypted Groovy 1 Link to comment Share on other sites More sharing options...
vaise 304 Posted October 19, 2020 Share Posted October 19, 2020 On 13/10/2020 at 01:42, Spaceboy said: https://blog.awelswynol.co.uk/2018-01-setting-up-cloudflare-with-emby/ it is very straightforward. required zero admin in the 3 years or so i've been running this setup Yep, I started with this walkthrough and enhanced it over time with nginx - never looked back. I love the country firewall rules at the cloudflare level also - no point opening up your emby system (and house) to countries where there are no users. I have one line that controls the countries, another that only allows uptimerobot access so I am alerted when emby goes down. My router (pfsense) handles the ddns updates fro cloudflares A record, and my other endpoints refer to that. If I am going on holiday, I just add that country while I am there. Setup cloudflare 2FA also for additional security. Link to comment Share on other sites More sharing options...
sross44 233 Posted October 20, 2020 Share Posted October 20, 2020 I'm going to try setting this up tomorrow as I have a few domains that I no longer use that are still active. Hopefully it's as straightforward as it seems! Link to comment Share on other sites More sharing options...
Carlo 4330 Posted October 20, 2020 Share Posted October 20, 2020 If you understand networking in general or at a high level and know what A & C records are in DNS then you'll be fine! Link to comment Share on other sites More sharing options...
sross44 233 Posted October 20, 2020 Share Posted October 20, 2020 I'm 99% sure I've gotten it up and running.... Seems to be working but is there a way to verify it? Link to comment Share on other sites More sharing options...
Carlo 4330 Posted October 20, 2020 Share Posted October 20, 2020 Yep, open a browser and go to your https domain name If you scroll down through say 10 pages of movie listings letting every pic fully load they should get cached as well on Cloudflare. Leave that library and come back. If you see super fast graphic loading times you know you got that right as well! Alternately setup a "cayars" account and PM me the password and I'll verify it for every day. LOL But if your A or C record points to Cloudflare and you don't get any cert errors using https you should be gold! 1 Link to comment Share on other sites More sharing options...
Dazik 44 Posted October 23, 2020 Share Posted October 23, 2020 (edited) Honestly, I just use NGINX as a local reverse proxy, on a Raspberry PI (controls all inbound to my network). Here is the config to make it work, using default ports, then translating that to SSL. End result is https://YOUR.DOMAIN.COM local proxy to 192.168.1.2:8096. Config: 192.168.1.2 = my LAN IP of the Emby server. server { server_name YOUR.DOMAIN.COM; location / { proxy_pass http://192.168.1.2:8096; proxy_set_header Host YOUR.DOMAIN.COM; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Next three lines allow websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { listen 8096; server_name YOUR.DOMAIN.COM; location / { proxy_pass http://192.168.1.2:8096; proxy_set_header Host YOUR.DOMAIN.COM; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Next three lines allow websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } From there you just install certbot, create the certificates for www. and the bare sub/domain. It will auto-renew every 3 months. Never have to touch it again. Plus you have a buffer in front of Emby that allows you to record some data on the web front that Emby doesn't record. Just to note, I use this on my local network, then I also use CloudFlare, just to hide the IP from a few people I don't fully trust knowing my home range. Edited October 23, 2020 by Dazik Link to comment Share on other sites More sharing options...
LiamThomso 0 Posted November 2, 2020 Share Posted November 2, 2020 Pretty interesting, thank you! Link to comment Share on other sites More sharing options...
schnappi 0 Posted November 10, 2020 Share Posted November 10, 2020 There is a lot more to a port 443 Nginx reverse proxy for Emby (SSL certificates, port 80 forwarding), that being said I just wanted to add the relevant Nginx section and note that it has never worked if the location says anything other than "/emby/" (bolded below). To be clear, if you use "/emby2/" or "/media/" the reverse proxy will not work. This is an Emby issue, not Nginx issue. Emby location /emby/ { proxy_pass http://127.0.0.1:8096; rewrite ^/emby(/.*)$ $1 break; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } Link to comment Share on other sites More sharing options...
Carlo 4330 Posted November 10, 2020 Share Posted November 10, 2020 It's not an Emby issue but an admin issue doing that. You are far better off using a sub domain such as "emby.domain.ext" as this will easily work for web and apps. Link to comment Share on other sites More sharing options...
schnappi 0 Posted November 11, 2020 Share Posted November 11, 2020 (edited) To clarify. If you choose use yourdomain.com/emby/ instead of a subdomain like media.yourdomain.com, it is an Emby issue. It has nothing to do with Nginx, Apache, or any other webserver) that the directory has to be named /emby/ (with end slash required). Edited November 11, 2020 by schnappi Link to comment Share on other sites More sharing options...
Carlo 4330 Posted November 11, 2020 Share Posted November 11, 2020 Using /emby won't work reliably. Using a subdomain on the other hand will work. This isn't an Emby issue either way when you have a 3rd party product "rewriting" the URL. Link to comment Share on other sites More sharing options...
schnappi 0 Posted November 12, 2020 Share Posted November 12, 2020 Using “/emby” does not work reliably...you MUST use ”/emby/“ (end dash included). To anyone reading this just be clear that these issues are not Nginx or Apache issues, in that no reverse proxy configuration will ever solve the issue. Also, if using Emby with SSL natively (without reverse proxy) the available ciphers are not all secure as of last time that checked. If a browser can force an insecure cipher (or if using an old browser) it could be an issue. I’m sure the developers just keep the insecure ciphers though for things like Windows XP IE compatibility, which isn’t any different than most products. Just things to be aware of and understand before making best choice for yourself. Link to comment Share on other sites More sharing options...
pwhodges 1530 Posted November 12, 2020 Share Posted November 12, 2020 8 hours ago, schnappi said: Using “/emby” does not work reliably...you MUST use ”/emby/“ (end dash included). To anyone reading this just be clear that these issues are not Nginx or Apache issues, in that no reverse proxy configuration will ever solve the issue. I know nothing about nginx (it always seems unnecessarily complex to me), but with correct configuration this is simply not an issue with Apache or Caddy, so I presume the same is true for nginx. Paul Link to comment Share on other sites More sharing options...
schnappi 0 Posted November 13, 2020 Share Posted November 13, 2020 I’d be happy to be proven wrong, but I’m giving a warning regarding an issue. Link to comment Share on other sites More sharing options...
MrGenius1 3 Posted November 25, 2020 Share Posted November 25, 2020 What are people using other than ZeroSSL for Windows installs? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now