Jump to content


Photo

Difficulty accessing server


  • Please log in to reply
98 replies to this topic

#1 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 1087 posts
  • Local time: 05:27 AM

Posted 22 January 2020 - 10:59 AM

My dad has a Telstra TV, which is essentially a Roku. He's got the Emby app on it, but whenever he tries to log in it tells him his user name or password is incorrect, even though this isn't true. Removing the password allows login with no issues.

 

He also has a Samsung UA55J6200, and has installed the Emby app on that. When entering the address of my server he gets an error saying it can't connect to that server, check to see if it's running. The web browser app on the Samsung TV also returns a 'server not found' error upon entering my server's address.

 

He's able to connect fine from his phone and PC.

 

I'm behind an NGINX reverse proxy and Cloudflare.

 

I've attached a log which is reasonably lengthy, but starts with a login attempt on the Telstra TV. I'm assuming the attempted Samsung connections aren't even getting through far enough to be logged at all.

Attached Files



#2 ebr OFFLINE  

ebr

    Chief Bottle Washer

  • Administrators
  • 50059 posts
  • Local time: 04:27 PM

Posted 22 January 2020 - 11:05 AM

What app is he actually running?  Must be either our very old one or BNN.

 

Not sure if those will continue to work with the current server but check your proxy configuration to be sure it isn't stripping out post data from the requests.  We've seen this in the past causing this type of issue.

 

Compare your config to @pir8radio.



#3 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 1087 posts
  • Local time: 05:27 AM

Posted 22 January 2020 - 11:23 AM

On which device? Not sure what BNN is.

I'm using the config @Swynol posted, I believe.

#4 ebr OFFLINE  

ebr

    Chief Bottle Washer

  • Administrators
  • 50059 posts
  • Local time: 04:27 PM

Posted 22 January 2020 - 11:36 AM

On which device? Not sure what BNN is.

 

On the Telestra TV.  There is no current Emby app available for that device but it was possible to side-load our (now very) old app or Speechles' old Blue Neon Night app.



#5 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 1087 posts
  • Local time: 05:27 AM

Posted 22 January 2020 - 11:41 AM

It's emby branded. Although it does look terrible.

Is there not a more recent version for Roku, or does that specifically not work with Telstra TV?

#6 ebr OFFLINE  

ebr

    Chief Bottle Washer

  • Administrators
  • 50059 posts
  • Local time: 04:27 PM

Posted 22 January 2020 - 11:42 AM

Is there not a more recent version for Roku, or does that specifically not work with Telstra TV?

 

Specifically not the Telestra as it doesn't use the normal Roku store and they refused our request to be included in theirs.



#7 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 1087 posts
  • Local time: 05:27 AM

Posted 22 January 2020 - 11:47 AM

On what basis?

That aside, why would the newer Roku app be any more difficult to side load than the older one?

#8 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 1087 posts
  • Local time: 05:27 AM

Posted 22 January 2020 - 11:52 AM

My NGINX config:

worker_processes  2;

events {
    worker_connections  8192;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    server_tokens off;
	ssl_session_timeout 30m;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
	ssl_certificate      SSL/cert.pem;
	ssl_certificate_key  SSL/private.key;
        ssl_session_cache shared:SSL:10m;

    sendfile        off;

gzip on;
gzip_disable "msie6";

gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
image/svg+xml;

tcp_nodelay on;

    server_names_hash_bucket_size 128;
    map_hash_bucket_size 64;

## Start: Timeouts ##
    client_body_timeout   10;
    client_header_timeout 10;
    keepalive_timeout     30;
    send_timeout          10;
    keepalive_requests    10;
## End: Timeouts ##

## Default Listening ##

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
	  return 301 https://$host$request_uri;
}
server {
    listen [::]:443 ssl http2 default_server;
    listen 443 ssl http2 default_server;
    return 401;
}
##EMBY Server##
	
	server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;
    server_name domain.com; 
	
		#add_header Public-Key-Pins '
		#pin-sha256="8TzXdhbnv+l6EjDG2Vj9EmgGiSmZenrTZSNaUFEwyUE="; 
		#pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; 
		#pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; 
		#max-age=86400; includeSubDomains';
		
		add_header X-Xss-Protection "1; mode=block" always;
		add_header X-Content-Type-Options "nosniff" always;
		add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always;
		add_header X-Frame-Options "SAMEORIGIN" always;
		proxy_hide_header X-Powered-By;
		add_header 'Referrer-Policy' 'no-referrer';
		add_header Content-Security-Policy "frame-ancestors domain.com domain.domain.com;";
    	
	
     location / {
         proxy_pass http://127.0.0.1:8096;  

		proxy_set_header Range $http_range;
		proxy_set_header If-Range $http_if_range;
		proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        #Next three lines allow websockets
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
		}
	

}
}


#9 ebr OFFLINE  

ebr

    Chief Bottle Washer

  • Administrators
  • 50059 posts
  • Local time: 04:27 PM

Posted 22 January 2020 - 11:55 AM

I think the app is probably just now incompatible with the current sever.   We probably aren't accepting the password in the old format we used to send it.



#10 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 1087 posts
  • Local time: 05:27 AM

Posted 22 January 2020 - 11:59 AM

So why can't a newer app be side loaded?

And what about the Samsung?

#11 ebr OFFLINE  

ebr

    Chief Bottle Washer

  • Administrators
  • 50059 posts
  • Local time: 04:27 PM

Posted 22 January 2020 - 12:02 PM

So why can't a newer app be side loaded?

 

Because there is no way to do that without giving away the entire source code of the app and we simply aren't willing to do that.

 

 

And what about the Samsung?

 

The device may be rejecting your certificate but you should post specifics on that one in the Samsung forum.  I think the Roku issue is simply incompatibility.



#12 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 3243 posts
  • Local time: 03:27 PM
  • LocationChicago

Posted 22 January 2020 - 08:22 PM

Because there is no way to do that without giving away the entire source code of the app and we simply aren't willing to do that.

 

 

 

The device may be rejecting your certificate but you should post specifics on that one in the Samsung forum.  I think the Roku issue is simply incompatibility.

 

Shouldn't reject the cert if he is using cloudflare's cert.



#13 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 1087 posts
  • Local time: 05:27 AM

Posted 22 January 2020 - 09:26 PM

I am.

#14 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 1087 posts
  • Local time: 05:27 AM

Posted 23 January 2020 - 09:27 AM

I've commented out the 301 line in my config, changed my emby setting to "preferred but not required", and turned off everything in CloudFlare that looked like it might be redirecting, and I still can't get to the http version. It redirects to https every time.

#15 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 3243 posts
  • Local time: 03:27 PM
  • LocationChicago

Posted 23 January 2020 - 10:42 AM

if you ever had add_header Strict-Transport-Security "max-age=15552000; preload" always; In your config that stuff gets cached (clearing regular cache wont do anything) for the time you entered in Max-age.  you need to manually remove that HSTS stuff   for example chrome: https://cheapsslsecu...-hsts-settings/

 

Not sure if you easily can from the other "apps"



#16 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 1087 posts
  • Local time: 05:27 AM

Posted 23 January 2020 - 10:55 AM

I posted my config earlier in the thread.

#17 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 1087 posts
  • Local time: 05:27 AM

Posted 23 January 2020 - 11:03 AM

Also I had a look at my NGINX error log and I'm seeing a lot of this:

2020/01/22 22:00:31 [crit] 2728#2792: *7018 SSL_write() failed (10053: An established connection was aborted by the software in your host machine) while sending to client

The numbers are all different each time though. And the times don't match to trying the Samsung TV, at least not exclusively.



#18 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 3243 posts
  • Local time: 03:27 PM
  • LocationChicago

Posted 23 January 2020 - 07:06 PM

I posted my config earlier in the thread.

 

yea so, thats why its forcing ssl.



#19 crusher11 OFFLINE  

crusher11

    Advanced Member

  • Members
  • 1087 posts
  • Local time: 05:27 AM

Posted 24 January 2020 - 12:30 AM

Is there anything I can do to work around it?

What about that error I keep getting?

#20 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 3243 posts
  • Local time: 03:27 PM
  • LocationChicago

Posted 24 January 2020 - 01:09 AM

Is there anything I can do to work around it?

What about that error I keep getting?

 

i posted above as a workaround to clear the HSTS cache.       the error 10053 can be almost anything from, firewall, antivirus, network issues, emby, to something completely unrelated.    Those are tough to troubleshoot without using wireshark or something. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users