[SOLVED] Letsencrypt, Cloudflare Emby Reverse Proxy

[joelang6126 9]

I'm trying to setup Emby through a reverse proxy which is detailed in the video below.

 

I'm using the standard emby.subdomain.conf and setup Emby exactly as it states in the conf file however the all i get is an Emby splash screen. Other dockers work perfectly so it must be something to do with the conf file.

Any ideas chaps?

# make sure that your dns has a cname set for emby and that your emby container is not using a base url
# if emby is running in bridge mode and the container is named "emby", the below config should work as is
# if not, replace the line "set $upstream_app emby;" with "set $upstream_app <containername>;"
# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of emby
# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url,
# and set the "Secure connection mode" to "Handled by reverse proxy"

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name emby.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app EmbyServer;
        set $upstream_port 8096;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
   }
}

 

Edited August 5, 2020 by joelang6126
solved

[joelang6126 9]

This is the access log in Nginx. I have replaced my real domain with mydomian.co.uk

access.log

[Luke 37229]

Hi, what was the solution?

[joelang6126 9]

Fail2ban was kicking in and seemed to block everything. Everything seems to be working now.

Still I took some influence from this post and amended my config file. I paste my config below for others.

 

 make sure that your dns has a cname set for emby and that your emby container is not using a base url
# if emby is running in bridge mode and the container is named "emby", the below config should work as is
# if not, replace the line "set $upstream_app emby;" with "set $upstream_app <containername>;"
# or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of emby
# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url,
# and set the "Secure connection mode" to "Handled by reverse proxy"

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name emby*;

    add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
    include /config/nginx/ssl.conf;

    client_max_body_size 0;
    location ^~ /swagger {   ## Disables access to swagger interface
        return 404;
    }
    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app EmbyServer;
        set $upstream_port 8096;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

      
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;

        proxy_hide_header X-Powered-By;	 ## Hides nginx server version from bad guys.
	    proxy_set_header Range $http_range;  ## Allows specific chunks of a file to be requested.
	    proxy_set_header If-Range $http_if_range;  ## Allows specific chunks of a file to be requested.
	    #proxy_set_header X-Real-IP $remote_addr;  ## Passes the real client IP to the backend server.
        proxy_set_header X-Real-IP $http_CF_Connecting_IP;  ## if you use cloudflare un-comment this line and comment out above line.
        proxy_set_header Host $host;  ## Passes the requested domain name to the backend server.
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server.


        add_header 'Referrer-Policy' 'origin-when-cross-origin';
	    add_header Strict-Transport-Security "max-age=15552000; preload" always;
	    add_header X-Frame-Options "SAMEORIGIN" always;
	    add_header X-Content-Type-Options "nosniff" always;
	    add_header X-XSS-Protection "1; mode=block" always;
   }
}

 

Edited August 5, 2020 by joelang6126

[Luke 37229]

Thanks for the feedback.