Jump to content

Recommended Posts

pwhodges
Posted

The dot at the end of the name in the CNAME record is normal (and required); it indicates that the URL is complete.

(sorry, no time to look at the rest at this moment)

Paul

justinrh
Posted

@iPhoneMaxProTry changing your media subdomain to an A record and point it to your IP address.  This would be similar to your www subdomain.  I think either is valid, actually, as long as the mydomain.com DNS info is correctly configured.

You might need to look at Google's documentation to make sure you are entering the information correctly.  Test your config with an nslookup or some online utility; you don't have to test with Caddy 🙂

I don't know if SNI is required in Caddy for your case, but I use it:  (in the global block)

     default_sni mydomain.com

 

iPhoneMaxPro
Posted

  GNU nano 5.4                        Caddyfile                                 
{
email myemail@gmail.com
http_port 49000
https_port 57000
}
media.mydomain.com {
   reverse_proxy 192.168.0.2:49000
}

 

mydomain.com A 1 ora
000.00.00.000
mydomain.com AAAA 1 ora
0000:000:0000:0:0000:0000:0000:0000
media.mydomain.com A 1 ora
000.00.00.000
www.mydomain.com A 1 ora
000.00.00.000
wwww.mydomain.com AAAA 1 ora
0000:000:0000:0:0000:0000:0000:0000

 

 

this is my current setup but i can't can anyone help me please? I've been trying for a week :(

pwhodges
Posted

The ACME specification used for automated certificates requires the use of ports 80 and 443.

You can get automated certificates another way, for use with different ports.  In Caddy, this can be done using "DNS challenge", as I told you previously.  For that you will need to download Caddy compiled with the addition of the caddy-dns/googleclouddns plugin, which can be selected on the Caddy download page.

The main documentation for using DNS challenge in Caddy is here:

https://caddy.community/t/how-to-use-dns-provider-modules-in-caddy-2/8148

Unless anyone else here is doing this (I am not), then the Caddy forums are the place to get help with it.

Alternatively, maybe you could change the ports on your other server and reverse-proxy to it from Caddy; you would only need http (because it's internal) so the other server would not need its own certificate - Caddy would deal with that on its behalf.  You'd need the other server and Emby to use different domain names, so that Caddy could separate out the traffic.

Paul

  • Agree 1
rbjtech
Posted (edited)
58 minutes ago, iPhoneMaxPro said:

  GNU nano 5.4                        Caddyfile                                 
{
email myemail@gmail.com
http_port 49000
https_port 57000
}
media.mydomain.com {
   reverse_proxy 192.168.0.2:49000
}

 

mydomain.com A 1 ora
000.00.00.000
mydomain.com AAAA 1 ora
0000:000:0000:0:0000:0000:0000:0000
media.mydomain.com A 1 ora
000.00.00.000
www.mydomain.com A 1 ora
000.00.00.000
wwww.mydomain.com AAAA 1 ora
0000:000:0000:0:0000:0000:0000:0000

 

 

this is my current setup but i can't can anyone help me please? I've been trying for a week :(

I don't know caddy - but if you are using subdomains - then one of the primary reasons to use a RP is to redirect the sub domain to the correct end point using standard ports externally, and whatever you want internally.

so in the above example -

mydomain.com - could be re-directed to http(80) or https(443) to lets say to 192.168.0.2 (port 80 and 443)

media.mydomain.com - could be re-directed to http(80) or https(443) to lets say 192.168.0.2 (port 8096 and 8920)

emby.mydomain.com - could be re-directed to http(80) or https(443) to lets say 192.168.0.2 (port 8080 and 8443) - or another internal IP on 80/443 again.

 

 

Edited by rbjtech
  • 8 months later...
Posted

I'm just wondering if I have this set up correctly:

On router I have ports 80 & 443 open and ties to the local IP of my Synology NAS.
I have reverse proxy running on my NAS like this: emby.mydomain.com:443 to 192.168.x.xx:8096 internal IP
I then have Emby set up with:

  • Public http port: 80
  • Public https port: 443
  • external domain: emby.mydomain.com
  • secure connection mode: handled by proxy

It seems to be working fine, but I did read somewhere that having 443 as the port for emby would mean you can't use 443 for other things? If so, how does that negatively impact the likes of the Synology reverse proxy stuff, where every subdomain I'm using for a reverse proxy is using 443 https? 

pwhodges
Posted (edited)

You can serve multiple http(s) sites on the same port so long as they have different names.  The reverse proxy can separate them and proxy them to different servers.  Obviously only one reverse proxy can be used on one port, but just adding Emby to the list of proxied websites is not a complication.

In the early days of SSL this could not be done for secure sites (so very out-of-date web pages about it might say this), but later developments made it possible  and indeed routine.

Of course, if you try to connect 443 to Emby (running HTTPS itself) directly, without a proxy, you will block any other usage of it on the same machine - this might be the meaning of what you read.

Paul

Edited by pwhodges
  • Like 2
Posted (edited)

To add a little more clarity on what Paul previously replied - there are two ways for the reverse proxy to know 'how' to direct the the traffic - 1) is using a DNS subdomain.    In this case 'emby' is a subdomain of mydomain.com.    If you own the main domain (mydomain.com) then you can have as many subdomains as your domain provider will allow - and each one can be re-directed to a local host/service.    From an https perspective (certificate) - these could all be covered by a wilcard cert (covering all *.mydomain.com sites) or an individual cert for each subdomain site. You can also use DNS CNAME's to redirect requests using different DNS names - so it's very flexible.     2) is using the URL via a subfolder.  ie mydomain.com/emby     This is generally less supported, so as a preference, try and use the subdomain method.

Edited by rbjtech
darkassassin07
Posted
4 hours ago, rbjtech said:

2) is using the URL via a subfolder.  ie mydomain.com/emby     This is generally less supported, so as a preference, try and use the subdomain method.

Pretty much any web application can be put in a subdomain (subdomain.example.com),

but to put an application in a subfolder (example.com/subfolder/) that application must explicitly support this behaviour, usually by specifying an 'external path'/'base url' or similar in their settings. Otherwise every url they generate for the client to follow is wrong, missing your added subfolder.

 

Emby server does not support this.

  • Thanks 1
pwhodges
Posted

In some proxies it is also possible to rewrite addresses contained in a reply to enable unsupported apps to run in a subfolder.  I have one site I proxy like this (the design makes it impossible to avoid), but it's highly NOT recommended.

Paul

Posted

Keep it Simple.... port 80 and 443 forward to server...

Caddy runs a service in win 7 x64 - caddy service = c:\caddy\caddy.exe -run

 

Caddy file below:

 

{
    email myemail@gmail.com
}

emby.mydomain.com {
  log {
        output file C:\caddy\logs\emby_access.log {
            roll_size     5MiB       # Set max size 5 MB
            roll_keep     2          # Keep at most 2 log files
            roll_keep_for 96h        # Keep log files for 4 days
        }
    }
    reverse_proxy http://localhost:8096
    }

webmin.mydomain.com {
    log {
        output file C:\caddy\logs\webmin_access.log {
            roll_size     5MiB       # Set max size 5 MB
            roll_keep     2          # Keep at most 2 log files
            roll_keep_for 96h        # Keep log files for 4 days
        }
    }
    reverse_proxy http://192.168.1.3:10000  #Disable SSL in Webmin
    }

nextpvr.mydomain.com {
    log {
        output file C:\caddy\logs\nextpvr_access.log {
            roll_size     5MiB       # Set max size 5 MB
            roll_keep     2          # Keep at most 2 log files
            roll_keep_for 96h        # Keep log files for 4 days
        }
    }
    reverse_proxy http://localhost:8866
    }
    
hw.mydomain.com {
    log {
        output file C:\caddy\logs\openhardwaremonitor_access.log {
            roll_size     5MiB       # Set max size 5 MB
            roll_keep     2          # Keep at most 2 log files
            roll_keep_for 96h        # Keep log files for 4 days
        }
    }
    reverse_proxy http://192.168.1.241:8085
    }
garage.mydomain.com {
    log {
        output file C:\caddy\logs\garage_access.log {
            roll_size     5MiB       # Set max size 5 MB
            roll_keep     2          # Keep at most 2 log files
            roll_keep_for 96h        # Keep log files for 4 days
        }
    }
    reverse_proxy http://192.168.1.243:8080
    }    
nextcloud.mydomain.com {
    log {
        output file C:\caddy\logs\nextcloud_access.log {
            roll_size     5MiB       # Set max size 5 MB
            roll_keep     2          # Keep at most 2 log files
            roll_keep_for 96h        # Keep log files for 4 days
        }
    }
    redir /.well-known/carddav /remote.php/dav 301
    redir /.well-known/caldav /remote.php/dav 301
    redir /.well-known/webfinger /index.php/.well-known/webfinger
    redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo
    reverse_proxy http://192.168.1.3
    }

  • Like 1
Posted

Keep it simple ... would be to define a logging function so you don't have to repeat 4 LOC for each subdomain  🙃

Posted
4 minutes ago, justinrh said:

Keep it simple ... would be to define a logging function so you don't have to repeat 4 LOC for each subdomain  🙃

Meh... non-programmers who just need a simple solution... mere n00bs world that I live in.  Loggin function?  How about a stored procedure?  Assembly maybe? Jebuz, not everyone is programmer, and spoken like a true programmer.  ChatGPT didn't spit out the loggin function you so call "keepin it simple" :)

Got a solution, be happy to listen.

Posted

Right, maybe Caddy calls them procedures.  Here's an example.

#log file procedure
(logging) {
    log {
        output file "C:\caddy\logs\{args[0]}.log"
            roll_size     5MiB       # Set max size 5 MB
            roll_keep     2          # Keep at most 2 log files
            roll_keep_for 96h        # Keep log files for 4 days
    }
}
#emby server
emby.mydomain.com {
    import logging emby_access
    reverse_proxy :8096
}

 

  • Like 1
Posted

I shall test this .... problem is in a year I will forget what this all does so having everthing in a "clean" manner works for me.  Effiency for the sake of effiency is no longer an issue for me personally.  Yeah back in the day when you only had 256k of memory then sure.  Now I got 32GB so having extra clean line items is not an issue 

But I appreicate your input and cleansiness.  Everyong on the Caddy website just say's "read the docs" with no clear examples for no programmers.  SO I thank you.

arrbee99
Posted

It takes you a year to forget ? lucky. Think I'm more towards the 10 minute end of the spectrum...

  • Haha 1
Posted

Well, you know, set it and forget it mental.  If it ain't broke, don't fix it type of mind set.  If it is working and you unplug then very hard to retrace.

unrais
Posted (edited)

Ok, so I'm doing this correctly:

On router I have ports 80 & 443 open and ties to the local IP of my Synology NAS.
I have reverse proxy running on my NAS like this: emby.mydomain.com:443 to 192.168.x.xx:8096 internal IP
I then have Emby set up with:

  • Public http port: 80
  • Public https port: 443
  • external domain: emby.mydomain.com
  • secure connection mode: handled by proxy

but it seems to be working for some, but for others it's not. Everyone I shared with are logging in with emby connect on a TV. Some can just get straight in. But others, while they see the server, they're seeing it with my local ip address and the local http port... I can't figure out why this is happening. I've had them delete the server from their side, I've removed emby connect from their profile on my end, re-added it, logged into their emby connect myself on a mobile connection and that worked fine, but then on their TV they can't connect. Anyone come across this issue?

Edited by smernt
unrais
Posted

Figured it out! It was due to an LG TV, with old firmware not supporting the let's encrypt SSL certificate.

  • Like 1
rbjtech
Posted
1 hour ago, smernt said:

Figured it out! It was due to an LG TV, with old firmware not supporting the let's encrypt SSL certificate.

I think there are some fixes for this online by updating the root certificate on the TV.     I've never done this, as my sons LG TV doesn't appear to have an issue with my RP cert, but from the instructions it's certainly not something you can expect a non technical person to do  .. ;)

  • 7 months later...
HairyBizRat
Posted

Hi all

 

New to Emby, little over a week but i love it compared to Plex. I just need Secure connections and i'm set.

 

I'm having some issues following this guide, see below and hope someone can help. I registered a domain with ionos.ca

Quote

you need to create a folder on your server where you will put Caddy, I used c:\Caddy.  Then unzip your installer into this folder, there is just one executable called caddy.exe.  You also need to make a text file in this folder with your caddy configuration info.  I called mine caddyfile.txt.  Here's a copy of mine, you can just copy/paste into a text file and save as caddyfile.txt.  This is the entire configuration file!

so in the above step, i downloaded Caddy although it doesnt download as a zip file but a regular .exe file, is that normal?

 

Quote

caddy -agree -email "myemail@email.com" -conf "c:\caddy\caddyfile.txt"

When i do the batch file and double click the command prompt window opens and closes quickly. So i manually tried the command and get the following error

Error: unknown command "dave_email78@gmail.com" for "caddy"

Run 'caddy --help' for usage.

any help is greatly appreciated.

 

HairyBizRat
Posted
2 hours ago, mjroberts said:

Hi all

 

New to Emby, little over a week but i love it compared to Plex. I just need Secure connections and i'm set.

 

I'm having some issues following this guide, see below and hope someone can help. I registered a domain with ionos.ca

so in the above step, i downloaded Caddy although it doesnt download as a zip file but a regular .exe file, is that normal?

 

When i do the batch file and double click the command prompt window opens and closes quickly. So i manually tried the command and get the following error

Error: unknown command "dave_email78@gmail.com" for "caddy"

Run 'caddy --help' for usage.

any help is greatly appreciated.

 

Just to add, sorry was too late to edit

 

I tried this guide 

Quote

You basically just need to:

  • install the default Caddy v2 package
  • configure basic config file named 'Caddyfile' (see below)
  • port forward 80 and 443 in your router to your Caddy host
  • update Emby with your Public HTTP/HTTPS ports, external domain, and Secure connection mode = handled by reverse proxy
  • run Caddy


Basic Caddy config file would look like this:

{
email myname@email.com
}

media.mydomain.net {
   reverse_proxy <emby_host_ip>:8096
}

But this also didnt work, the CMD prompt had a lot of info displayed after running but it also said "could not get certificate from issuer"

 

My domain is with ionos.ca and i have a SSL key downlaoded from them for my domain, not sure what to do with it

pwhodges
Posted

I think your first message was using instructions for Caddy v1 - they are not compatible...

Caddy gets a certificate for itself; it can use an existing certificate - but that requires manual setting up and maintenance, which negates one of Caddy's biggest benefits.

First question - have you checked whether you're behind cgNAT?  If you have already got non-SSL connections to Emby working, then you are not, otherwise run a tracert to some external address and show us the first few lines.

Paul

HairyBizRat
Posted (edited)
8 minutes ago, pwhodges said:

I think your first message was using instructions for Caddy v1 - they are not compatible...

Caddy gets a certificate for itself; it can use an existing certificate - but that requires manual setting up and maintenance, which negates one of Caddy's biggest benefits.

First question - have you checked whether you're behind cgNAT?  If you have already got non-SSL connections to Emby working, then you are not, otherwise run a tracert to some external address and show us the first few lines.

Paul

Hi thanks for the reply

Yes i just downloaded Caddy from their site, doesn't say what version it is and its not a zip file like mentioned in the guide

 

I'm using my Cable ISPs Arris modem 

I have non SSL connections working to EMby by port forwarding to my internal server IP. I can also access embey remotely using my domain via http only

 

Edited by mjroberts
HairyBizRat
Posted

Updating my posts as resolved

 

I gave up on the reverse proxy and even the guide for SSL as all were confusing

All i had to do was log into my Domain providers site, generate a SSL key (free with domain) download it to my Emby server and add it to emby. Ensure port forwarding is on and sure enough the server shows my domain name with https

tested and working

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...