Transparent 2 Posted February 18, 2022 Share Posted February 18, 2022 (edited) On 17/02/2022 at 01:15, Luke said: Are you sure you used the correct remote address? that error message just means it can't reach your domain. Hi Luke, yeah I am sure. I suspect my router (which is provided by my ISP) may be limiting the kind of traffic on port 443 maybe? Becouse I went back to basics and tried MikeB's earlier approach using ZeroSSL and the .bat technique and I have everything running smoothly know with a secure encryption (it also forces connections from 8096 to 8920). It's not the best/elegant solution (I still have to reset logs 4 times a year) but I can live with that at least for now and troubleshoot why things went wrong with this method in the future. Edited February 18, 2022 by Transparent Link to comment Share on other sites More sharing options...
pwhodges 1669 Posted February 19, 2022 Share Posted February 19, 2022 You know you can tell Caddy to use ZeroSSL instead of Let's Encrypt, do you? In fact ZeroSSL provides significant sponsorship to Caddy. Paul Link to comment Share on other sites More sharing options...
muzicman0 63 Posted February 23, 2022 Share Posted February 23, 2022 If anyone is interested in any other features of Caddy, I am listing my config file below for something that is not Emby related. Caddy provides a utility to hash a password, which is what I used. (from the command line, it is 'caddy.exe hash-password') basicauth allows you to require a username and password to access whatever site it is referencing. See above on how to specify a hashed password. This is the one thing that I am 99.999% sure would NOT work with Emby. log allows you to log connections. @allowed is a list of IP addresses or ranges that are allowed to access the server handle tells Caddy v2 what to do with allowed traffic (in my case, reverse proxy to localhost:8090) respond 403 is how Caddy will handle 'un-allowed' traffic (IE: it doesn't fall within the allowed specified IP range). monitor.MyDomain.com { basicauth / { muzicman0 xxxxxxxxxxxxxxxxxxxxxHASHED_PASSWORDxxxxxxxxxxxxxxxxxxxxxx } log { output file E:\Caddy\logs\openvpn_monitor_access.log { roll true # Rotate logs, enabled by default roll_size_mb 10 # Set max size X MB roll_gzip true # Whether to compress rolled files roll_local_time true # Use localhost time roll_keep 3 # Keep at most X log files roll_keep_days 7 # Keep log files for X days } } @allowed { remote_ip 10.3.0.0/24 2xx.xx.xx.xx/28 10.9.0.0/24 } handle @allowed { reverse_proxy localhost:8090 } respond 403 } Link to comment Share on other sites More sharing options...
arrbee99 1622 Posted November 23, 2022 Share Posted November 23, 2022 If I go to Caddy, v2 and click on download there's a big list of files. Which do I pick ? Link to comment Share on other sites More sharing options...
seanbuff 957 Posted November 23, 2022 Share Posted November 23, 2022 1 hour ago, arrbee99 said: If I go to Caddy, v2 and click on download there's a big list of files. Which do I pick ? Depends on which OS you want to install it on? Windows? Just go with the default amd64 version with "standard features" Link to comment Share on other sites More sharing options...
arrbee99 1622 Posted November 23, 2022 Share Posted November 23, 2022 Thanks. Its just an application, not zipped, that you put in a folder with a caddyfile like this { email myemail@gmail.com } media.mydomain.net { reverse_proxy localhost:8096 } from MikeB111. Link to comment Share on other sites More sharing options...
seanbuff 957 Posted November 23, 2022 Share Posted November 23, 2022 1 hour ago, arrbee99 said: reverse_proxy localhost:8096 Yup. If Emby is running on the same host as Caddy then this is correct, otherwise use the specific IP address for your Emby Server. Also, if you have any LG TV clients, I suggest using ZeroSSL instead of LetsEncrypt (due to the previous LE root cert that expired) Specified by adding this line to your Caddyfile: { acme_ca https://acme.zerossl.com/v2/DV90 email myemail@address.com } Link to comment Share on other sites More sharing options...
arrbee99 1622 Posted November 23, 2022 Share Posted November 23, 2022 Thank you. I'm sure there'll be more really really basic questions along fairly soon... Link to comment Share on other sites More sharing options...
arrbee99 1622 Posted November 23, 2022 Share Posted November 23, 2022 In the first post, for router setup, it says 'Then in your router, forward ports 80 and 443 to the computer in your home network that will be running the reverse proxy server. Port 80 is the default for HTTP, 443 is the default for HTTPS. You do not want to forward any other ports, don't forward 8096 or 8920.' Does that mean something like (forward IP is address of main PC with Emby on it, same as given on Emby dashboard page) - and similar for Port 80 ? Link to comment Share on other sites More sharing options...
seanbuff 957 Posted November 23, 2022 Share Posted November 23, 2022 4 minutes ago, arrbee99 said: Does that mean something like (forward IP is address of main PC with Emby on it, same as given on Emby dashboard page) 'Forward IP' should be the PC with Caddy on it. If Emby is also on the same host, even easier as you just use 'localhost:8096' in your Caddyfile 5 minutes ago, arrbee99 said: and similar for Port 80 ? Yes, same for both Link to comment Share on other sites More sharing options...
arrbee99 1622 Posted November 23, 2022 Share Posted November 23, 2022 So yes they'll be on the same PC, and I use localhost:8096 in Caddyfile, but don't I still need to do that on the router (if what I showed was correct) ? Link to comment Share on other sites More sharing options...
seanbuff 957 Posted November 23, 2022 Share Posted November 23, 2022 (edited) 20 minutes ago, arrbee99 said: but don't I still need to do that on the router (if what I showed was correct) Yes you do, and yes it's correct. I was simply clarifying the point that you are forwarding to Caddy, not Emby itself. But as they're on the same host, you're all good to go Edited November 23, 2022 by seanbuff Link to comment Share on other sites More sharing options...
arrbee99 1622 Posted November 23, 2022 Share Posted November 23, 2022 Thanks for the info. If you're not sick of the sight of me, may I also enquire, does the caddyfile have a particular format ? I'm not sure if its actually 'caddy', 'caddyfile', a txt file, or has no extension, or... Link to comment Share on other sites More sharing options...
seanbuff 957 Posted November 23, 2022 Share Posted November 23, 2022 3 minutes ago, arrbee99 said: I'm not sure if its actually 'caddy', 'caddyfile', a txt file, or has no extension, or... Caddyfile (no extension) Link to comment Share on other sites More sharing options...
arrbee99 1622 Posted November 23, 2022 Share Posted November 23, 2022 Merci I have this - and not caddy.exe though Link to comment Share on other sites More sharing options...
seanbuff 957 Posted November 23, 2022 Share Posted November 23, 2022 (edited) 16 minutes ago, arrbee99 said: I have this - all good, don't think the name of the exe matters edit: although I do remember renaming mine to 'caddy.exe' for simplicity, but never tested without. So YMMV. Edited November 23, 2022 by seanbuff more info 1 Link to comment Share on other sites More sharing options...
arrbee99 1622 Posted November 23, 2022 Share Posted November 23, 2022 Erm, in the first post, anyone know how to set up that CNAME thing, if its necessary ? Link to comment Share on other sites More sharing options...
pwhodges 1669 Posted November 23, 2022 Share Posted November 23, 2022 (edited) In the control panel where you fill in the values for your domain name, the most likely things to fill in are the IP address records (types A for IPv4 and AAAA for IPv6); if you are just setting up a single name for the sole purpose of accessing Emby, that's all you'll need to do. Another option in the same control panel will be to set up a CNAME record saying "make this name represent the same address(es) as that name", which is something you'll only do if you know you want to do it. tl/dr - Don't overthink it. Paul Edited November 23, 2022 by pwhodges Link to comment Share on other sites More sharing options...
arrbee99 1622 Posted November 24, 2022 Share Posted November 24, 2022 Me and thinking...yes, well Link to comment Share on other sites More sharing options...
rbjtech 4612 Posted November 24, 2022 Share Posted November 24, 2022 A CNAME is typically just a DNS alias of an A Record. so lets say your A Record was 'arrbee99-this-is-a-long-name.mydomain.net' It's a bit of a handful to use - so you could create a CNAME dns entry called 'emby.mydomain.net' and that simply points to the A record. You can have more than one CNAME if you wish. Link to comment Share on other sites More sharing options...
arrbee99 1622 Posted November 24, 2022 Share Posted November 24, 2022 Thank you. I spotted the setting in Google Domains but still wasn't sure. Link to comment Share on other sites More sharing options...
PeteGul 20 Posted March 4, 2023 Share Posted March 4, 2023 Hi I have set up Caddy server reverse proxy, and set to use ZeroSSL. Works like a charm, but not on an Apple TV. I changed from standard ssl to ZeroSSL, because I think that would help. But did not. Isn't this strange, webplayer, Android player but no AppleTV works.. Link to comment Share on other sites More sharing options...
rbjtech 4612 Posted March 4, 2023 Share Posted March 4, 2023 (edited) 1 hour ago, pettergulbra said: Hi I have set up Caddy server reverse proxy, and set to use ZeroSSL. Works like a charm, but not on an Apple TV. I changed from standard ssl to ZeroSSL, because I think that would help. But did not. Isn't this strange, webplayer, Android player but no AppleTV works.. Fancy that - Apple not conforming with industry standards ... I believe the vast majority of the 'free' SSL providers will be using Lets Encrypt in one way or another - so I would be very surprised if Apple had an issue with their root cert. using something like ssllabs.com (SSL Server Test (Powered by Qualys SSL Labs)) - if you check your reverse proxy, does it all check out ok (must use https/443) ? Edited March 4, 2023 by rbjtech Link to comment Share on other sites More sharing options...
seanbuff 957 Posted March 4, 2023 Share Posted March 4, 2023 2 hours ago, pettergulbra said: I have set up Caddy server reverse proxy, and set to use ZeroSSL. Works like a charm, but not on an Apple TV. FWIW, I also use Caddy with ZeroSSL (for LG TV issues) and I have multiple remote Apple TVs that can connect without issue. 1 Link to comment Share on other sites More sharing options...
rbjtech 4612 Posted March 4, 2023 Share Posted March 4, 2023 15 minutes ago, seanbuff said: FWIW, I also use Caddy with ZeroSSL (for LG TV issues) and I have multiple remote Apple TVs that can connect without issue. Thanks, as I suspected, it's likely the RP configuration rather than Apple rejecting the cert. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now