Jump to content

Stuck Configuring Nginx Reverse Proxy with Cloudflare in front


MachineLearning
 Share

Go to solution Solved by MachineLearning,

Recommended Posts

  • Solution
MachineLearning

Inspired by this article on how to host a website using cloudflare and nginx, i intend to do the same for my emby server. 

Like swynol, i have nginx server and emby server running on the very same machine which i station on my local home network. My OS however is ubuntu instead of windows.

Ive tried both swynol's and lukecarrier's github codes, no avail, it wont redirect to the emby server no matter what. My nginx server was indeed running as both ports 80 and 443 are opened as tested by canyouseeme.org. It just wont redirect whenever i go to https://emby.mydomainname.com

I dont even know where should i put the code, of the guides online, some say /etc/nginx/conf.d/mydomain.com, some say /etc/nginx/sites-available/mydomain.com with /etc/nginx/sites-enabled linked to earlier. I highly suspect that the code is the culprit. sudo nginx -t show no error, systemctl status nginx operational

Shed some light anyone? Appreciate it.

Update 16/12/2020

Here's my nginx code where I put under sites-available and then linked to sites-enabled via ln -s
 

server {
    listen [::]:80;             ## Listens on port 80 IPv6
    listen 80;			## Listens on port 80 IPv4
    listen [::]:443 ssl http2;	## Listens on port 443 IPv6 with http2 and ssl enabled
    listen 443 ssl http2;	## Listens on port 443 IPv4 with http2 and ssl enabled
    proxy_buffering off;        ## Sends data as fast as it can not buffering large chunks.

    server_name emby.mydomainname.com;    ## enter your service name and domain name here

    access_log  /var/log/nginx/embyaccess.log;  ## Creates a log file with this name and the log info above.

     ## SSL SETTINGS ##
        ssl_session_timeout 30m;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
	ssl_certificate      /etc/ssl/mydomainname/cert.pem;  ## Location of your public
	ssl_certificate_key  /etc/ssl/mydomainname/key.pem;  ## Location of your private PEM file.
	ssl_client_certificate /etc/ssl/mydomainname/cloudflare.crt; ##Authenticated Origin Pulls
	ssl_verify_client on; ##Authenticated Origin Pulls
        ssl_session_cache shared:SSL:10m;

     location ^~ /swagger {   ## Disables access to swagger interface
        return 404;
}

     location / {
        proxy_pass http://localhost:8096;  ## Enter the IP here

	proxy_hide_header X-Powered-By;	 ## Hides nginx server version from bad guys.
	proxy_set_header Range $http_range;  ## Allows specific chunks of a file to be requested.
	proxy_set_header If-Range $http_if_range;  ## Allows specific chunks of a file to be requested.
	#proxy_set_header X-Real-IP $remote_addr;  ## Passes the real client IP to the backend server.
        proxy_set_header X-Real-IP $http_CF_Connecting_IP;  ## if you use cloudflare un-comment this line and comment out above line.
        proxy_set_header Host $host;  ## Passes the requested domain name to the backend server.
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  ## Adds forwarded IP to the list of IPs that were forwarded to the backend server.

     ## ADDITIONAL SECURITY SETTINGS ##
     ## Optional settings to improve security ##
     ## add these after you have completed your testing and ssl setup ##
     ## NOTICE: For the Strict-Transport-Security setting below, I would recommend ramping up to this value ##
     ##         See https://hstspreload.org/ read through the "Deployment Recommendations" section first!   ##
	add_header 'Referrer-Policy' 'origin-when-cross-origin';
	add_header Strict-Transport-Security "max-age=15552000; preload" always;
	add_header X-Frame-Options "SAMEORIGIN" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header X-XSS-Protection "1; mode=block" always;

     ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client.
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
    }
}

Big thanks to @pir8radio for the configuration, my configuration is based on his. Setting up authenticated origin pulls is optional, here's where I download the cert. https://support.cloudflare.com/hc/en-us/articles/204899617-Authenticated-Origin-Pulls#section6
 

Edited by MachineLearning
solution found
Link to comment
Share on other sites

MachineLearning
7 minutes ago, Luke said:

Hi there, I would suggest comparing your nginx configuration to that of @pir8radio

Is this the thread u r referring to, sir? I cant seem to access it

Link to comment
Share on other sites

pir8radio
On 12/13/2020 at 10:15 AM, MachineLearning said:

Is this the thread u r referring to, sir? I cant seem to access it

just click my avatar and then the "about me" tab in the profile.    Check out the link to my config, and let us know if you need help. 

 

Oh that link is broken, ill find the thread and update my link in my profile. 

Edited by pir8radio
Link to comment
Share on other sites

pir8radio
12 minutes ago, pir8radio said:

just click my avatar and then the "about me" tab in the profile.    Check out the link to my config, and let us know if you need help. 

 

Oh that link is broken, ill find the thread and update my link in my profile. 

@Happy2Play  any idea where this topic went? lol     https://emby.media/community/index.php?/topic/48236-setting-up-emby-behind-a-reverse-proxy-nginx/&do=findComment&comment=457670

there are links in all kinds of posts throughout the forum to that post, but it doesn't seem to work anymore...

Edited by pir8radio
Link to comment
Share on other sites

Happy2Play
5 minutes ago, pir8radio said:

any idea where this topic went? lol     https://emby.media/community/index.php?/topic/48236-setting-up-emby-behind-a-reverse-proxy-nginx/&do=findComment&comment=457670

there are links in all kinds of posts throughout the forum to that post, but it doesn't seem to work anymore...

@Abobader

Link to comment
Share on other sites

pir8radio
2 hours ago, Abobader said:

Seem the thread been removed as I see it.

yea, by who?   Didn't think you guys just deleted threads all willy nilly like that.  @Luke @Abobader   

I just created a new how-to here:  

 

Edited by pir8radio
Link to comment
Share on other sites

pir8radio
1 minute ago, Abobader said:

By one of the admin's team, thanks for posting this again, well done.

lol well.....  can the admin say why they deleted it, so I don't create the same situation that gets this one deleted?   

Link to comment
Share on other sites

30 minutes ago, pir8radio said:

lol well.....  can the admin say why they deleted it, so I don't create the same situation that gets this one deleted?   

Well my guess that been removed for some KB matters or by mistake, really I tried to trace the logs, but it dead end for it.

You did not get notify about it?

  • Like 1
Link to comment
Share on other sites

pir8radio
23 minutes ago, Abobader said:

Well my guess that been removed for some KB matters or by mistake, really I tried to trace the logs, but it dead end for it.

You did not get notify about it?

I wasn't "my" topic I was the second poster, we both had two different kind of configs posted for different situations.    I was piggy-backing off of another users post..   But I think this is better to have them broken out now anyway...   I'll keep up with my post to make sure its up to date...    no worries...  I just wanted to make sure it didnt get deleted for some policy reason..        Thx guys. 

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...