Caddy v2 - update and warning

[pwhodges 255]

I have just tested this with Caddy2.  My test configuration has the reverse proxy directive and nothing else - no extra header specifications or anything.  I have no problem with resuming using this setup, so Caddy is passing the play position from the client back to the Emby server correctly.

I tested using the browser client on my desktop, but with the external IP of the machine running Caddy2, so it looped back through my router.

As I said, I have no experience of Kody, Embycon or CloudFlare, so I hope someone else will be able to step in to speak about them.

Paul

[pwhodges 255]

Oops, I realise you said the problem arose using apps other than the browser.

I have now tested with the Android mobile app, and again there is no problem.

Paul

[neunghaha28 1]

6 minutes ago, pwhodges said:

Oops, I realise you said the problem arose using apps other than the browser.

I have now tested with the Android mobile app, and again there is no problem.

Paul

Yes, the problem is caddy v2 on kodi addons Emby and Embycon.

Caddy v1 Everything works.

Thanks for help.

 

Now I'm using nginx. 

[pwhodges 255]

Glad you have a solution that works for you.

Caddy is probably as configurable if necessary.  What is your nginx config like?  I'd be interested to try to find what caddy directives need to be added.

Paul

Edited September 27 by pwhodges

[neunghaha28 1]

On 9/26/2020 at 4:27 AM, pwhodges said:

I have no problem with resuming, using Caddy v1.  I have no added headers or anything, as Caddy's defaults are generally correct.  I'm not at home, so I can't test it with my Caddy v2 setup until Sunday, but I'm pretty sure I tested that behaviour previously and found no problem.

However, I don't use the add-ons you have, nor CloudFlare.

Paul

# Emby Subdomain
# Replace DOMAIN.TLD with your domain
server {
        listen 80;
        server_name emby.xxx.me;
        return 301 https://$host$request_uri;
}

server {
listen 443 ssl http2;
server_name emby.xxx.me;   #your subdomain.domainname.com here

ssl_session_timeout 30m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_certificate      /etc/ssl/certs/cert.pem;
ssl_certificate_key  /etc/ssl/private/key.pem;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_stapling_verify on;
ssl_session_tickets on;
resolver 8.8.8.8 8.8.4.4 valid=200s;
resolver_timeout 5s;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
http2_max_field_size 16k;
http2_max_header_size 32k;
ssl_ecdh_curve secp384r1;
proxy_set_header Host $host;
fastcgi_pass_request_headers on;

proxy_hide_header X-Powered-By;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff"  always;
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header 'Referrer-Policy' 'no-referrer';

add_header Content-Security-Policy "frame-ancestors emby.xxx.me;";   #add your domainname and all subdomains listed on your cert

access_log /var/log/nginx/emby.access.log;
error_log /var/log/nginx/emby.error.log;


location / {
proxy_pass http://127.0.0.1:8096; # Local emby ip and non SSL port

proxy_hide_header X-Powered-By;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#Next three lines allow websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ^~ /swagger {   ## Disables access to swagger interface
        return 404;}
}

 

Edited September 27 by neunghaha28