Stuck Configuring Nginx Reverse Proxy with Cloudflare in front

[MachineLearning 0]

Inspired by this article on how to host a website using cloudflare and nginx, i intend to do the same for my emby server. 

Like swynol, i have nginx server and emby server running on the very same machine which i station on my local home network. My OS however is ubuntu instead of windows.

Ive tried both swynol's and lukecarrier's github codes, no avail, it wont redirect to the emby server no matter what. My nginx server was indeed running as both ports 80 and 443 are opened as tested by canyouseeme.org. It just wont redirect whenever i go to https://emby.mydomainname.com

I dont even know where should i put the code, of the guides online, some say /etc/nginx/conf.d/mydomain.com, some say /etc/nginx/sites-available/mydomain.com with /etc/nginx/sites-enabled linked to earlier. I highly suspect that the code is the culprit. sudo nginx -t show no error, systemctl status nginx operational

Shed some light anyone? Appreciate it.

Update 16/12/2020

Here's my nginx code where I put under sites-available and then linked to sites-enabled via ln -s
 

server {
    listen [::]:80;             ## Listens on port 80 IPv6
    listen 80;			## Listens on port 80 IPv4
    listen [::]:443 ssl http2;	## Listens on port 443 IPv6 with http2 and ssl enabled
    listen 443 ssl http2;	## Listens on port 443 IPv4 with http2 and ssl enabled
    proxy_buffering off;        ## Sends data as fast as it can not buffering large chunks.

    server_name emby.mydomainname.com;    ## enter your service name and domain name here

    access_log  /var/log/nginx/embyaccess.log;  ## Creates a log file with this name and the log info above.

     ## SSL SETTINGS ##
        ssl_session_timeout 30m;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
	ssl_certificate      /etc/ssl/mydomainname/cert.pem;  ## Location of your public
	ssl_certificate_key  /etc/ssl/mydomainname/key.pem;  ## Location of your private PEM file.
	ssl_client_certificate /etc/ssl/mydomainname/cloudflare.crt; ##Authenticated Origin Pulls
	ssl_verify_client on; ##Authenticated Origin Pulls
        ssl_session_cache shared:SSL:10m;

     location ^~ /swagger {   ## Disables access to swagger interface
        return 404;
}

     location / {
        proxy_pass http://localhost:8096;  ## Enter the IP here

	proxy_hide_header X-Powered-By;	 ## Hides nginx server version from bad guys.
	proxy_set_header Range $http_range;  ## Allows specific chunks of a file to be requested.
	proxy_set_header If-Range $http_if_range;  ## Allows specific chunks of a file to be requested.
	#proxy_set_header X-Real-IP $remote_addr;  ## Passes the real client IP to the backend server.
        proxy_set_header X-Real-IP $http_CF_Connecting_IP;  ## if you use cloudflare un-comment this line and comment out above line.
        proxy_set_header Host $host;  ## Passes the requested domain name to the backend server.
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  ## Adds forwarded IP to the list of IPs that were forwarded to the backend server.

     ## ADDITIONAL SECURITY SETTINGS ##
     ## Optional settings to improve security ##
     ## add these after you have completed your testing and ssl setup ##
     ## NOTICE: For the Strict-Transport-Security setting below, I would recommend ramping up to this value ##
     ##         See https://hstspreload.org/ read through the "Deployment Recommendations" section first!   ##
	add_header 'Referrer-Policy' 'origin-when-cross-origin';
	add_header Strict-Transport-Security "max-age=15552000; preload" always;
	add_header X-Frame-Options "SAMEORIGIN" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header X-XSS-Protection "1; mode=block" always;

     ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client.
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
    }
}

Big thanks to @pir8radio for the configuration, my configuration is based on his. Setting up authenticated origin pulls is optional, here's where I download the cert. https://support.cloudflare.com/hc/en-us/articles/204899617-Authenticated-Origin-Pulls#section6
 

Edited December 16, 2020 by MachineLearning
solution found

[Luke 37007]

Hi there, I would suggest comparing your nginx configuration to that of @pir8radio

[MachineLearning 0]

7 minutes ago, Luke said:

Hi there, I would suggest comparing your nginx configuration to that of @pir8radio

Is this the thread u r referring to, sir? I cant seem to access it

[pir8radio 1292]

On 12/13/2020 at 10:15 AM, MachineLearning said:

Is this the thread u r referring to, sir? I cant seem to access it

just click my avatar and then the "about me" tab in the profile.    Check out the link to my config, and let us know if you need help. 

 

Oh that link is broken, ill find the thread and update my link in my profile. 

Edited December 15, 2020 by pir8radio

[pir8radio 1292]

12 minutes ago, pir8radio said:

just click my avatar and then the "about me" tab in the profile.    Check out the link to my config, and let us know if you need help. 

 

Oh that link is broken, ill find the thread and update my link in my profile. 

@Happy2Play  any idea where this topic went? lol     https://emby.media/community/index.php?/topic/48236-setting-up-emby-behind-a-reverse-proxy-nginx/&do=findComment&comment=457670

there are links in all kinds of posts throughout the forum to that post, but it doesn't seem to work anymore...

Edited December 15, 2020 by pir8radio

[Happy2Play 8241]

5 minutes ago, pir8radio said:

any idea where this topic went? lol     https://emby.media/community/index.php?/topic/48236-setting-up-emby-behind-a-reverse-proxy-nginx/&do=findComment&comment=457670

there are links in all kinds of posts throughout the forum to that post, but it doesn't seem to work anymore...

@Abobader

[pir8radio 1292]

6 hours ago, Happy2Play said:

@Abobader

lol,  its a Christmas mystery?

[Abobader 2941]

Seem the thread been removed as I see it.

[pir8radio 1292]

2 hours ago, Abobader said:

Seem the thread been removed as I see it.

yea, by who?   Didn't think you guys just deleted threads all willy nilly like that.  @Luke @Abobader   

I just created a new how-to here:  

 

Edited December 16, 2020 by pir8radio

[Abobader 2941]

By one of the admin's team, thanks for posting this again, well done.

[pir8radio 1292]

1 minute ago, Abobader said:

By one of the admin's team, thanks for posting this again, well done.

lol well.....  can the admin say why they deleted it, so I don't create the same situation that gets this one deleted?   

[CBers 6766]

4 hours ago, pir8radio said:

I just created a new how-to here:  

I have pinned your new thread. 

 

[Abobader 2941]

30 minutes ago, pir8radio said:

lol well.....  can the admin say why they deleted it, so I don't create the same situation that gets this one deleted?   

Well my guess that been removed for some KB matters or by mistake, really I tried to trace the logs, but it dead end for it.

You did not get notify about it?

[pir8radio 1292]

23 minutes ago, Abobader said:

Well my guess that been removed for some KB matters or by mistake, really I tried to trace the logs, but it dead end for it.

You did not get notify about it?

I wasn't "my" topic I was the second poster, we both had two different kind of configs posted for different situations.    I was piggy-backing off of another users post..   But I think this is better to have them broken out now anyway...   I'll keep up with my post to make sure its up to date...    no worries...  I just wanted to make sure it didnt get deleted for some policy reason..        Thx guys.