pwhodges 1717 Posted April 2, 2023 Posted April 2, 2023 The dot at the end of the name in the CNAME record is normal (and required); it indicates that the URL is complete. (sorry, no time to look at the rest at this moment) Paul
justinrh 201 Posted April 2, 2023 Posted April 2, 2023 @iPhoneMaxProTry changing your media subdomain to an A record and point it to your IP address. This would be similar to your www subdomain. I think either is valid, actually, as long as the mydomain.com DNS info is correctly configured. You might need to look at Google's documentation to make sure you are entering the information correctly. Test your config with an nslookup or some online utility; you don't have to test with Caddy I don't know if SNI is required in Caddy for your case, but I use it: (in the global block) default_sni mydomain.com
iPhoneMaxPro 16 Posted April 4, 2023 Posted April 4, 2023 GNU nano 5.4 Caddyfile { email myemail@gmail.com http_port 49000 https_port 57000 } media.mydomain.com { reverse_proxy 192.168.0.2:49000 } mydomain.com A 1 ora 000.00.00.000 mydomain.com AAAA 1 ora 0000:000:0000:0:0000:0000:0000:0000 media.mydomain.com A 1 ora 000.00.00.000 www.mydomain.com A 1 ora 000.00.00.000 wwww.mydomain.com AAAA 1 ora 0000:000:0000:0:0000:0000:0000:0000 this is my current setup but i can't can anyone help me please? I've been trying for a week
pwhodges 1717 Posted April 4, 2023 Posted April 4, 2023 The ACME specification used for automated certificates requires the use of ports 80 and 443. You can get automated certificates another way, for use with different ports. In Caddy, this can be done using "DNS challenge", as I told you previously. For that you will need to download Caddy compiled with the addition of the caddy-dns/googleclouddns plugin, which can be selected on the Caddy download page. The main documentation for using DNS challenge in Caddy is here: https://caddy.community/t/how-to-use-dns-provider-modules-in-caddy-2/8148 Unless anyone else here is doing this (I am not), then the Caddy forums are the place to get help with it. Alternatively, maybe you could change the ports on your other server and reverse-proxy to it from Caddy; you would only need http (because it's internal) so the other server would not need its own certificate - Caddy would deal with that on its behalf. You'd need the other server and Emby to use different domain names, so that Caddy could separate out the traffic. Paul 1
rbjtech 4778 Posted April 4, 2023 Posted April 4, 2023 (edited) 58 minutes ago, iPhoneMaxPro said: GNU nano 5.4 Caddyfile { email myemail@gmail.com http_port 49000 https_port 57000 } media.mydomain.com { reverse_proxy 192.168.0.2:49000 } mydomain.com A 1 ora 000.00.00.000 mydomain.com AAAA 1 ora 0000:000:0000:0:0000:0000:0000:0000 media.mydomain.com A 1 ora 000.00.00.000 www.mydomain.com A 1 ora 000.00.00.000 wwww.mydomain.com AAAA 1 ora 0000:000:0000:0:0000:0000:0000:0000 this is my current setup but i can't can anyone help me please? I've been trying for a week I don't know caddy - but if you are using subdomains - then one of the primary reasons to use a RP is to redirect the sub domain to the correct end point using standard ports externally, and whatever you want internally. so in the above example - mydomain.com - could be re-directed to http(80) or https(443) to lets say to 192.168.0.2 (port 80 and 443) media.mydomain.com - could be re-directed to http(80) or https(443) to lets say 192.168.0.2 (port 8096 and 8920) emby.mydomain.com - could be re-directed to http(80) or https(443) to lets say 192.168.0.2 (port 8080 and 8443) - or another internal IP on 80/443 again. Edited April 4, 2023 by rbjtech
unrais 10 Posted December 28, 2023 Posted December 28, 2023 I'm just wondering if I have this set up correctly: On router I have ports 80 & 443 open and ties to the local IP of my Synology NAS. I have reverse proxy running on my NAS like this: emby.mydomain.com:443 to 192.168.x.xx:8096 internal IP I then have Emby set up with: Public http port: 80 Public https port: 443 external domain: emby.mydomain.com secure connection mode: handled by proxy It seems to be working fine, but I did read somewhere that having 443 as the port for emby would mean you can't use 443 for other things? If so, how does that negatively impact the likes of the Synology reverse proxy stuff, where every subdomain I'm using for a reverse proxy is using 443 https?
pwhodges 1717 Posted December 28, 2023 Posted December 28, 2023 (edited) You can serve multiple http(s) sites on the same port so long as they have different names. The reverse proxy can separate them and proxy them to different servers. Obviously only one reverse proxy can be used on one port, but just adding Emby to the list of proxied websites is not a complication. In the early days of SSL this could not be done for secure sites (so very out-of-date web pages about it might say this), but later developments made it possible and indeed routine. Of course, if you try to connect 443 to Emby (running HTTPS itself) directly, without a proxy, you will block any other usage of it on the same machine - this might be the meaning of what you read. Paul Edited December 28, 2023 by pwhodges 2
rbjtech 4778 Posted December 29, 2023 Posted December 29, 2023 (edited) To add a little more clarity on what Paul previously replied - there are two ways for the reverse proxy to know 'how' to direct the the traffic - 1) is using a DNS subdomain. In this case 'emby' is a subdomain of mydomain.com. If you own the main domain (mydomain.com) then you can have as many subdomains as your domain provider will allow - and each one can be re-directed to a local host/service. From an https perspective (certificate) - these could all be covered by a wilcard cert (covering all *.mydomain.com sites) or an individual cert for each subdomain site. You can also use DNS CNAME's to redirect requests using different DNS names - so it's very flexible. 2) is using the URL via a subfolder. ie mydomain.com/emby This is generally less supported, so as a preference, try and use the subdomain method. Edited December 29, 2023 by rbjtech
darkassassin07 518 Posted December 29, 2023 Posted December 29, 2023 4 hours ago, rbjtech said: 2) is using the URL via a subfolder. ie mydomain.com/emby This is generally less supported, so as a preference, try and use the subdomain method. Pretty much any web application can be put in a subdomain (subdomain.example.com), but to put an application in a subfolder (example.com/subfolder/) that application must explicitly support this behaviour, usually by specifying an 'external path'/'base url' or similar in their settings. Otherwise every url they generate for the client to follow is wrong, missing your added subfolder. Emby server does not support this. 1
pwhodges 1717 Posted December 29, 2023 Posted December 29, 2023 In some proxies it is also possible to rewrite addresses contained in a reply to enable unsupported apps to run in a subfolder. I have one site I proxy like this (the design makes it impossible to avoid), but it's highly NOT recommended. Paul
js28194 18 Posted December 29, 2023 Posted December 29, 2023 Keep it Simple.... port 80 and 443 forward to server... Caddy runs a service in win 7 x64 - caddy service = c:\caddy\caddy.exe -run Caddy file below: { email myemail@gmail.com } emby.mydomain.com { log { output file C:\caddy\logs\emby_access.log { roll_size 5MiB # Set max size 5 MB roll_keep 2 # Keep at most 2 log files roll_keep_for 96h # Keep log files for 4 days } } reverse_proxy http://localhost:8096 } webmin.mydomain.com { log { output file C:\caddy\logs\webmin_access.log { roll_size 5MiB # Set max size 5 MB roll_keep 2 # Keep at most 2 log files roll_keep_for 96h # Keep log files for 4 days } } reverse_proxy http://192.168.1.3:10000 #Disable SSL in Webmin } nextpvr.mydomain.com { log { output file C:\caddy\logs\nextpvr_access.log { roll_size 5MiB # Set max size 5 MB roll_keep 2 # Keep at most 2 log files roll_keep_for 96h # Keep log files for 4 days } } reverse_proxy http://localhost:8866 } hw.mydomain.com { log { output file C:\caddy\logs\openhardwaremonitor_access.log { roll_size 5MiB # Set max size 5 MB roll_keep 2 # Keep at most 2 log files roll_keep_for 96h # Keep log files for 4 days } } reverse_proxy http://192.168.1.241:8085 } garage.mydomain.com { log { output file C:\caddy\logs\garage_access.log { roll_size 5MiB # Set max size 5 MB roll_keep 2 # Keep at most 2 log files roll_keep_for 96h # Keep log files for 4 days } } reverse_proxy http://192.168.1.243:8080 } nextcloud.mydomain.com { log { output file C:\caddy\logs\nextcloud_access.log { roll_size 5MiB # Set max size 5 MB roll_keep 2 # Keep at most 2 log files roll_keep_for 96h # Keep log files for 4 days } } redir /.well-known/carddav /remote.php/dav 301 redir /.well-known/caldav /remote.php/dav 301 redir /.well-known/webfinger /index.php/.well-known/webfinger redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo reverse_proxy http://192.168.1.3 } 1
justinrh 201 Posted December 29, 2023 Posted December 29, 2023 Keep it simple ... would be to define a logging function so you don't have to repeat 4 LOC for each subdomain
js28194 18 Posted December 29, 2023 Posted December 29, 2023 4 minutes ago, justinrh said: Keep it simple ... would be to define a logging function so you don't have to repeat 4 LOC for each subdomain Meh... non-programmers who just need a simple solution... mere n00bs world that I live in. Loggin function? How about a stored procedure? Assembly maybe? Jebuz, not everyone is programmer, and spoken like a true programmer. ChatGPT didn't spit out the loggin function you so call "keepin it simple" Got a solution, be happy to listen.
justinrh 201 Posted December 29, 2023 Posted December 29, 2023 Right, maybe Caddy calls them procedures. Here's an example. #log file procedure (logging) { log { output file "C:\caddy\logs\{args[0]}.log" roll_size 5MiB # Set max size 5 MB roll_keep 2 # Keep at most 2 log files roll_keep_for 96h # Keep log files for 4 days } } #emby server emby.mydomain.com { import logging emby_access reverse_proxy :8096 } 1
js28194 18 Posted December 29, 2023 Posted December 29, 2023 I shall test this .... problem is in a year I will forget what this all does so having everthing in a "clean" manner works for me. Effiency for the sake of effiency is no longer an issue for me personally. Yeah back in the day when you only had 256k of memory then sure. Now I got 32GB so having extra clean line items is not an issue But I appreicate your input and cleansiness. Everyong on the Caddy website just say's "read the docs" with no clear examples for no programmers. SO I thank you.
arrbee99 1650 Posted December 29, 2023 Posted December 29, 2023 It takes you a year to forget ? lucky. Think I'm more towards the 10 minute end of the spectrum... 1
js28194 18 Posted December 29, 2023 Posted December 29, 2023 Well, you know, set it and forget it mental. If it ain't broke, don't fix it type of mind set. If it is working and you unplug then very hard to retrace.
unrais 10 Posted January 2 Posted January 2 (edited) Ok, so I'm doing this correctly: On router I have ports 80 & 443 open and ties to the local IP of my Synology NAS. I have reverse proxy running on my NAS like this: emby.mydomain.com:443 to 192.168.x.xx:8096 internal IP I then have Emby set up with: Public http port: 80 Public https port: 443 external domain: emby.mydomain.com secure connection mode: handled by proxy but it seems to be working for some, but for others it's not. Everyone I shared with are logging in with emby connect on a TV. Some can just get straight in. But others, while they see the server, they're seeing it with my local ip address and the local http port... I can't figure out why this is happening. I've had them delete the server from their side, I've removed emby connect from their profile on my end, re-added it, logged into their emby connect myself on a mobile connection and that worked fine, but then on their TV they can't connect. Anyone come across this issue? Edited January 2 by smernt
unrais 10 Posted January 3 Posted January 3 Figured it out! It was due to an LG TV, with old firmware not supporting the let's encrypt SSL certificate. 1
rbjtech 4778 Posted January 3 Posted January 3 1 hour ago, smernt said: Figured it out! It was due to an LG TV, with old firmware not supporting the let's encrypt SSL certificate. I think there are some fixes for this online by updating the root certificate on the TV. I've never done this, as my sons LG TV doesn't appear to have an issue with my RP cert, but from the instructions it's certainly not something you can expect a non technical person to do ..
HairyBizRat 11 Posted August 9 Posted August 9 Hi all New to Emby, little over a week but i love it compared to Plex. I just need Secure connections and i'm set. I'm having some issues following this guide, see below and hope someone can help. I registered a domain with ionos.ca Quote you need to create a folder on your server where you will put Caddy, I used c:\Caddy. Then unzip your installer into this folder, there is just one executable called caddy.exe. You also need to make a text file in this folder with your caddy configuration info. I called mine caddyfile.txt. Here's a copy of mine, you can just copy/paste into a text file and save as caddyfile.txt. This is the entire configuration file! so in the above step, i downloaded Caddy although it doesnt download as a zip file but a regular .exe file, is that normal? Quote caddy -agree -email "myemail@email.com" -conf "c:\caddy\caddyfile.txt" When i do the batch file and double click the command prompt window opens and closes quickly. So i manually tried the command and get the following error Error: unknown command "dave_email78@gmail.com" for "caddy" Run 'caddy --help' for usage. any help is greatly appreciated.
HairyBizRat 11 Posted August 9 Posted August 9 2 hours ago, mjroberts said: Hi all New to Emby, little over a week but i love it compared to Plex. I just need Secure connections and i'm set. I'm having some issues following this guide, see below and hope someone can help. I registered a domain with ionos.ca so in the above step, i downloaded Caddy although it doesnt download as a zip file but a regular .exe file, is that normal? When i do the batch file and double click the command prompt window opens and closes quickly. So i manually tried the command and get the following error Error: unknown command "dave_email78@gmail.com" for "caddy" Run 'caddy --help' for usage. any help is greatly appreciated. Just to add, sorry was too late to edit I tried this guide Quote You basically just need to: install the default Caddy v2 package configure basic config file named 'Caddyfile' (see below) port forward 80 and 443 in your router to your Caddy host update Emby with your Public HTTP/HTTPS ports, external domain, and Secure connection mode = handled by reverse proxy run Caddy Basic Caddy config file would look like this: { email myname@email.com } media.mydomain.net { reverse_proxy <emby_host_ip>:8096 } But this also didnt work, the CMD prompt had a lot of info displayed after running but it also said "could not get certificate from issuer" My domain is with ionos.ca and i have a SSL key downlaoded from them for my domain, not sure what to do with it
pwhodges 1717 Posted August 9 Posted August 9 I think your first message was using instructions for Caddy v1 - they are not compatible... Caddy gets a certificate for itself; it can use an existing certificate - but that requires manual setting up and maintenance, which negates one of Caddy's biggest benefits. First question - have you checked whether you're behind cgNAT? If you have already got non-SSL connections to Emby working, then you are not, otherwise run a tracert to some external address and show us the first few lines. Paul
HairyBizRat 11 Posted August 9 Posted August 9 (edited) 8 minutes ago, pwhodges said: I think your first message was using instructions for Caddy v1 - they are not compatible... Caddy gets a certificate for itself; it can use an existing certificate - but that requires manual setting up and maintenance, which negates one of Caddy's biggest benefits. First question - have you checked whether you're behind cgNAT? If you have already got non-SSL connections to Emby working, then you are not, otherwise run a tracert to some external address and show us the first few lines. Paul Hi thanks for the reply Yes i just downloaded Caddy from their site, doesn't say what version it is and its not a zip file like mentioned in the guide I'm using my Cable ISPs Arris modem I have non SSL connections working to EMby by port forwarding to my internal server IP. I can also access embey remotely using my domain via http only Edited August 9 by mjroberts
HairyBizRat 11 Posted August 9 Posted August 9 Updating my posts as resolved I gave up on the reverse proxy and even the guide for SSL as all were confusing All i had to do was log into my Domain providers site, generate a SSL key (free with domain) download it to my Emby server and add it to emby. Ensure port forwarding is on and sure enough the server shows my domain name with https tested and working
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now