Jump to content

Forgot Password + Reverse Proxy?


tomnjerry74
Go to solution Solved by Luke,

Recommended Posts

tomnjerry74

Hello,

Right now I have my server set up using a reverse proxy on my Synology like so:

test.thumb.png.e4ffdfacd2414f74e52f3f1e091ccd73.png

The problem is, I am unable to use the "Forgot Password" feature on the web app, despite being on the home network.

If I try to use this feature on any web app, I am met with "Please try again within your home network etc..."

However, it does work on the mobile app, which is able to properly detect if I am on the home network or not.

 

Why isn't this working in the web ui?

Link to post
Share on other sites
Luke

Hi, most likely Emby Server is unable to see the original ip address of the client device due to your reverse proxy configuraiton.

Link to post
Share on other sites
tomnjerry74
58 minutes ago, Luke said:

Hi, most likely Emby Server is unable to see the original ip address of the client device due to your reverse proxy configuraiton.

Why is the mobile app able to see the original ip if it's using the same domain?

Is there a way to make this work in the web ui? I would prefer not to have to rely on the apps to reset passwords.

Link to post
Share on other sites
Luke

The mobile app is probably automatically switching to a lan address, that would be my guess.

Link to post
Share on other sites
pir8radio
On 9/10/2020 at 12:57 PM, tomnjerry74 said:

Why is the mobile app able to see the original ip if it's using the same domain?

Is there a way to make this work in the web ui? I would prefer not to have to rely on the apps to reset passwords.

why are you using the domain name and going through the reverse proxy when at home?   what IP address shows up in the emby admin dashboard when you connect with each device?

Link to post
Share on other sites
tomnjerry74
13 hours ago, pir8radio said:

why are you using the domain name and going through the reverse proxy when at home?   what IP address shows up in the emby admin dashboard when you connect with each device?

Because I'm talking about a mobile device that goes everywhere with me. I stream stuff from the server all the time outside of the local network.

I always connect to the server through the apps by putting "https://mydomain.com" and leaving the port field empty.

I've since resolved this problem, though, by just going to the LAN ip if I ever need to change the password.

 

Link to post
Share on other sites
  • Solution
Luke

what IP address shows up in the emby admin dashboard when you connect with each device?

Link to post
Share on other sites
tomnjerry74
1 hour ago, Luke said:

what IP address shows up in the emby admin dashboard when you connect with each device?

Through the browser it shows a bunch of cloudflare IPs. I didn't realize this before making the post. 

However I tried adding various headers to the RP to get real IPs to show but none of them worked. I think I tried something like Real-X-IP.

I think you need to pay for it to work: https://support.cloudflare.com/hc/en-us/articles/206776727-What-is-True-Client-IP-

Link to post
Share on other sites
Luke

So that means the server is unable to see the actual client ip's, so all of the functions that depend on the server knowing if a client is in or out of your network may produce unexpected results.

Link to post
Share on other sites
pir8radio
On 9/13/2020 at 10:21 AM, tomnjerry74 said:

Through the browser it shows a bunch of cloudflare IPs. I didn't realize this before making the post. 

However I tried adding various headers to the RP to get real IPs to show but none of them worked. I think I tried something like Real-X-IP.

I think you need to pay for it to work: https://support.cloudflare.com/hc/en-us/articles/206776727-What-is-True-Client-IP-

you dont need to pay.. but because you go through cloudflare your emby server will always think you are outside of your network.   there is no easy way to use CF within your network..   Also FYI its bad practice,  CF is also a reverse proxy, so when you watch a movie using your phone inside your house where your server is, you are sending that entire video stream out of your network, over the internet, then your mobile device connected to your wifi, is downloading that video stream over the internet to your phone.   So when inside your LAN you are using twice the bandwidth to the internet to stream that movie, vs just streaming it directly from the emby server thats on the same network, never hitting the internet.      There are some hokey things you can do to tell your router if any request from within the network tries to reach mydomain.com send them to 192.168.x.x instead of looking up the domain name, and sending the request out to the internet server (Cloudflare), you are better off setting up two emby servers in your mobile client..  maybe one called "Local - My server" and one "Remote - My Server" so you just connect to the local one when inside your own lan.   if that makes sense. 

  • Like 1
Link to post
Share on other sites
tomnjerry74
2 hours ago, pir8radio said:

you dont need to pay.. but because you go through cloudflare your emby server will always think you are outside of your network.   there is no easy way to use CF within your network..   Also FYI its bad practice,  CF is also a reverse proxy, so when you watch a movie using your phone inside your house where your server is, you are sending that entire video stream out of your network, over the internet, then your mobile device connected to your wifi, is downloading that video stream over the internet to your phone.   So when inside your LAN you are using twice the bandwidth to the internet to stream that movie, vs just streaming it directly from the emby server thats on the same network, never hitting the internet.      There are some hokey things you can do to tell your router if any request from within the network tries to reach mydomain.com send them to 192.168.x.x instead of looking up the domain name, and sending the request out to the internet server (Cloudflare), you are better off setting up two emby servers in your mobile client..  maybe one called "Local - My server" and one "Remote - My Server" so you just connect to the local one when inside your own lan.   if that makes sense. 

This is the reason I said cloudflare wants you to pay:

image.png.e442d826cbfebf56bc0ee9e74897e715.png

Regardless, thank you for taking the time to write up all of that useful information - I appreciate it.

I don't think it's necessary to have two entries within the apps, however (I've tested on mobile app and shield tv). Even after using my public domain to connect to the server through these apps, emby actually reports local IP addresses. Cloudflare IP's appear to only show when I access the server through web browsers.

 

Again, thanks for the info

Link to post
Share on other sites
pir8radio

If you have the 'Orange cloud' enabled in cloudflare It has to be going through them.  its just how cloudflare works, assuming everything is setup correctly..      The "True-Client-IP" is just a header they add for legacy applications...   they actually already send your true client ip..  they just dont package it into that header.     its already packaged into x-forwarded-for   

they elude to that here in the blue box:  https://support.cloudflare.com/hc/en-us/articles/206776727-What-is-True-Client-IP-#:~:text=True-Client-IP is a,only available to Enterprise users.

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...