Splash screen behind CloudFlare

[Dazik 44]

Hey guys, and Luke.

 

In the past few months I have noticed a massive delay in the Emby splash screen, the first browser load, when behind CloudFlare.

I assumed it was just due to CloudFlare and have spent the last 2 months tweaking settings and even disabling everything but the DNS proxy.

 

Basically, my server is setup like so:-
LAN NGINX server acts like a reverse proxy, pushes Emby to port 443 using a Let's Encrypt certificate.

Outside DNS is through CloudFlare, which points to the LAN NGINX, using their reverse proxy.

Visitor gets https://blah.mydomain.com in a browser.

Visitor gets https://blah.mydomain.com - Port 443 in any of the apps.

Emby Server is Windows 10: Version 4.4.10

NGINX is Debian 10.

 

The browser load is the only one effected, apps work fine. If I disable the reverse DNS proxy via CloudFlare, everything loads fine. And my DDNS domain is fine as well. So the local setup works perfectly.

The issue is, something with CF is causing massive load spikes, and it's not just the reverse proxy, its massive delays. The splash screen will take a solid minute or two to load most times.

 

There is nothing of note in the Emby logs, nor my network logs.

 

What I am mostly looking for here is others that have noticed this and may have figured something out that I haven't.

 

My Nginx settings look like this (SSL omitted):-

server {
    listen 80;
    server_name THATS.NOTME.COM;
    include /etc/nginx/userId.Emby;
    access_log /var/log/nginx/access.log emby;

    location / {
        proxy_pass http://192.168.1.2:8096;
        proxy_set_header Host THATS.NOTME.COM;
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        #Next three lines allow websockets
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

Edited April 8, 2020 by Dazik

[Luke 37016]

@@pir8radio

@@Spaceboy

 

may have some cloudfare tips.

[Spaceboy 2493]

I have not noticed this and I almost always access emby in a browser through cloudflare. The splash screen only flashes up for a fraction of a second. I think @@pir8radio is much more of an expert on the configuration of cloudflare but I can say I haven’t done anything special

[BAlGaInTl 279]

I see this as well, but never thought about Cloudflare causing it.

[pir8radio 1292]

@@Dazik make sure "rocket loader" is disabled, as well as the "auto minify"  features for JS, CSS, and HTML. This can be done on the "Speed" icon, then "Optimization" tab.  Everything on that page should be OFF except Brotli compression.

 

Clear your cache....   and try again.

 

 

 

I'm no "expert" but thanks!  

Edited April 9, 2020 by pir8radio

[Dazik 44]

This is actually the settings I've had it on the past week or so, just Brotli. Also set header cache time to 14 days, seems to help a little instead of letting Emby manage the headers.

 

@@Dazik make sure "rocket loader" is disabled, as well as the "auto minify"  features for JS, CSS, and HTML. This can be done on the "Speed" icon, then "Optimization" tab.  Everything on that page should be OFF except Brotli compression.

 

Clear your cache....   and try again.

 

 

 

I'm no "expert" but thanks!  

[Dazik 44]

@[member=pir8radio] I set cache back to respect existing headers, set it to ignore query string, then I set SSL to Flexible, which was previously set to Full. No slow load issues.

Since I changed both at the same time, I don't know which fixed it. I suspect it's the SSL change. I am also using DNSSEC and was planning to disable that next, but doubt it would effect the load.

 

In any case, mentioning to you as you are Luke's rproxy authority.

 

[pir8radio 1292]

@[member=pir8radio] I set cache back to respect existing headers, set it to ignore query string, then I set SSL to Flexible, which was previously set to Full. No slow load issues.

Since I changed both at the same time, I don't know which fixed it. I suspect it's the SSL change. I am also using DNSSEC and was planning to disable that next, but doubt it would effect the load.

 

In any case, mentioning to you as you are Luke's rproxy authority.

 

I bet you were caching some old emby files..   every time emby upgrades, they call the JS files with ?v=4.5.0.4  not sure why or what they use the parameter for but ive noticed force caching anything but images isnt wise with emby.   I use dnssec with no issues.

Edited April 10, 2020 by pir8radio

[Dazik 44]

I bet you were caching some old emby files..   every time emby upgrades, they call the JS files with ?v=4.5.0.4  not sure why or what they use the parameter for but ive noticed force caching anything but images isnt wise with emby.   I use dnssec with no issues.

 

I noticed that as well, which is why I disabled all JS cache and created a page rule in CF specifically for it. I think CF itself caches the strings and re-uses them without updating or giving an option to update.

So yes, never cache the JS static files.

[Spaceboy 2493]

I turned caching off with cloudflare some time ago after similar issues with sonarr. It’s not why I use cloudflare, I really use it for obscuring my ip

[pir8radio 1292]

I turned caching off with cloudflare some time ago after similar issues with sonarr. It’s not why I use cloudflare, I really use it for obscuring my ip

 

gotta be careful a few mis-configurations and your ip can still be had...   did we pentest yours yet? lol   pm me your domain name, see if i can tell you your ip.  I love the challenge!

[Spaceboy 2493]

gotta be careful a few mis-configurations and your ip can still be had... did we pentest yours yet? lol pm me your domain name, see if i can tell you your ip. I love the challenge!

[emoji106]

[pir8radio 1292]

[emoji106]

 

lol  pm'ed you, gotcha....