Tur0k 143 Posted October 3, 2021 Share Posted October 3, 2021 (edited) On 9/20/2021 at 9:47 AM, judgey said: Hey mate, im trying your config out but i get the following error Sep 20 17:45:30 Emby nginx[3410328]: nginx: [emerg] "worker_processes" directive is not allowed here in /etc/nginx/sites-enabled/emby:1 Sep 20 17:45:30 Emby nginx[3410328]: nginx: configuration file /etc/nginx/nginx.conf test failed there are 2 ways to setup NGINX one is centralized in your main nginx.conf file at the root of your nginx install (for me this was in /etc/nginx/nginx.cong). I believe this is the preferred method because you can separate by subdomain (stuff before the ".mydomain.com" instead of after it (classically using space to the right of your "mydomain.com tends to break navigation in the emby app and it is easier for others to help with diagnostic. The other way to configure nginx is separate files under/etc/nginx/sites-enabled/emby (older versions of nginx) or /etc/nginx/conf.d/xxx.conf ( pir8radio's config file does not belong here). We need to know which version of nginx you are running and on which OS platform you are running on. If it is a linux distribution you should be able to run: nginx -version My suspicion is that you may have put pir8radio's config in the wrong location. If that is the case I would rename the file in question to "filename.conf.bak". Also note, at minimum you need to update two of the rows in pir8radio's config (see below) with your environmental variable (public subdomain and your emby server): server_name emby.domainname.com; ## enter your service name and domain name here example emby.domainname.com proxy_pass http://127.0.0.1:8096; ## Enter the IP and port of the backend emby server here. I am running Ubuntu 20.04 and I ended up needing to put pir8radio's config (with my environmental variables) in /etc/nginx/nginx.conf. the below is how I did it in ubuntu 20.04 your command structure may differ based on OS and permissions: sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak sudo nano /etc/nginx/nginx.conf these commands back up the OEM nginx.conf file and creates a new blank nginx.conf file. I then put pir8radio's config (with my environmental variable) in this new file save it ( ctrl o) and exit the file (ctrl x). then I tested my nginx config (the below is how I did it in ubuntu 20.04 your command structure may differ based on OS and permissions): sudo nginx -t at this point I had 2 failures. 1. Missing SSL certificate 2. I had to create the logs subdirectory and the error.log file in it. If your config does not fail you can reload your nginx config (the below is how I did it in ubuntu 20.04 your command structure may differ based on OS and permissions) : sudo nginx -s reload Let us know if this gets you unstuck. Edited October 3, 2021 by Tur0k Link to comment Share on other sites More sharing options...
judgey 13 Posted October 6, 2021 Share Posted October 6, 2021 Hey thanks for the tips, because the default config is being used i have had to go back to my original config. Here is my current config any tips would be great im a newbie so guidance is apricated thank u server { if ($host = emby.xxx.stream) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name emby.xxx.stream; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; ## Listens on port 443 IPv4 with http2 and ssl enabled server_name emby.xxx.stream; ## enter your service name and domain name here example emby.domainname.com add_header Strict-Transport-Security "max-age=31536000"; ssl_session_timeout 30m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /etc/nginx/ssl/emby.xxx.stream/emby.xxx.stream.cert.pem; # managed by Certbot ssl_certificate_key /etc/nginx/ssl/emby.xxx.stream/emby.xxx.stream.key.pem; # managed by Certbot ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; client_max_body_size 0; location / { proxy_pass http://127.0.0.1:8096; proxy_hide_header X-Powered-By; ## Hides nginx server version from bad guys. proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested. proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested. proxy_set_header X-Real-IP $remote_addr; ## Passes the real client IP to the backend server. proxy_set_header Host $host; ## Passes the requested domain name to the backend server. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server. ## ADDITIONAL SECURITY SETTINGS ## ## Optional settings to improve security ## ## add these after you have completed your testing and ssl setup ## add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header Strict-Transport-Security "max-age=15552000; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client. proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } } Link to comment Share on other sites More sharing options...
LeidenSpain 30 Posted October 6, 2021 Share Posted October 6, 2021 On 10/1/2021 at 4:50 PM, pir8radio said: the config can be intimidating at first.. but its really easy to learn if you have any kind of coding experience that helps, (html even) but i would suggest not using the proxy manager.. but that is really just my opinion since ive never used one, its hard for me to help troubleshoot.. I have no clue what the manager is doing to the configs.. it could be you change something manually, and the manager moves and rewrites things based on what it thinks is correct. Some colleagues from a Telegram group (who really control and to whom I thank for all the help), have looked at the custom configuration that can be entered in npm proxy_hide_header X-Powered-By; ## Hides nginx server version from bad guys. proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested. proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested. proxy_set_header X-Real-IP $remote_addr; ## Passes the real client IP to the backend server. proxy_set_header Host $host; ## Passes the requested domain name to the backend server. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server. ## ADDITIONAL SECURITY SETTINGS ## ## Optional settings to improve security ## ## add these after you have completed your testing and ssl setup ## ## NOTICE: For the Strict-Transport-Security setting below, I would recommend ramping up to this value ## ## See https://hstspreload.org/ read through the "Deployment Recommendations" section first! ## add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header Strict-Transport-Security "max-age=15552000; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; Unfortunately the problem persists. I don't know if with this new configuration you want me to send you a record. Regards Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted October 8, 2021 Author Share Posted October 8, 2021 (edited) On 10/6/2021 at 4:38 PM, LeidenSpain said: Some colleagues from a Telegram group (who really control and to whom I thank for all the help), have looked at the custom configuration that can be entered in npm proxy_hide_header X-Powered-By; ## Hides nginx server version from bad guys. proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested. proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested. proxy_set_header X-Real-IP $remote_addr; ## Passes the real client IP to the backend server. proxy_set_header Host $host; ## Passes the requested domain name to the backend server. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server. ## ADDITIONAL SECURITY SETTINGS ## ## Optional settings to improve security ## ## add these after you have completed your testing and ssl setup ## ## NOTICE: For the Strict-Transport-Security setting below, I would recommend ramping up to this value ## ## See https://hstspreload.org/ read through the "Deployment Recommendations" section first! ## add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header Strict-Transport-Security "max-age=15552000; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; Unfortunately the problem persists. I don't know if with this new configuration you want me to send you a record. Regards so you are still getting an nginx error? have you tried running a legit stand alone version of nginx? Edited October 8, 2021 by pir8radio 1 Link to comment Share on other sites More sharing options...
LeidenSpain 30 Posted October 9, 2021 Share Posted October 9, 2021 9 hours ago, pir8radio said: so you are still getting an nginx error? have you tried running a legit stand alone version of nginx? Good Morning, Sorry, it's true, I have not specified what error continues: With that configuration NPM does not give an error and it works, but emby in the MiStick still does not log in. Regards Link to comment Share on other sites More sharing options...
Tur0k 143 Posted October 10, 2021 Share Posted October 10, 2021 On 10/6/2021 at 1:08 PM, judgey said: Hey thanks for the tips, because the default config is being used i have had to go back to my original config. Here is my current config any tips would be great im a newbie so guidance is apricated thank u server { if ($host = emby.xxx.stream) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name emby.xxx.stream; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; ## Listens on port 443 IPv4 with http2 and ssl enabled server_name emby.xxx.stream; ## enter your service name and domain name here example emby.domainname.com add_header Strict-Transport-Security "max-age=31536000"; ssl_session_timeout 30m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /etc/nginx/ssl/emby.xxx.stream/emby.xxx.stream.cert.pem; # managed by Certbot ssl_certificate_key /etc/nginx/ssl/emby.xxx.stream/emby.xxx.stream.key.pem; # managed by Certbot ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; client_max_body_size 0; location / { proxy_pass http://127.0.0.1:8096; proxy_hide_header X-Powered-By; ## Hides nginx server version from bad guys. proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested. proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested. proxy_set_header X-Real-IP $remote_addr; ## Passes the real client IP to the backend server. proxy_set_header Host $host; ## Passes the requested domain name to the backend server. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server. ## ADDITIONAL SECURITY SETTINGS ## ## Optional settings to improve security ## ## add these after you have completed your testing and ssl setup ## add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header Strict-Transport-Security "max-age=15552000; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client. proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } } ok, couple questions: 1. is this config in "/etc/nginx/nginx.conf" or is this in "/etc/nginx/sites-enabled/emby"? 2. Is your NGINX installed on the same server as your emby server? Link to comment Share on other sites More sharing options...
judgey 13 Posted October 10, 2021 Share Posted October 10, 2021 10 hours ago, Tur0k said: ok, couple questions: 1. is this config in "/etc/nginx/nginx.conf" or is this in "/etc/nginx/sites-enabled/emby"? 2. Is your NGINX installed on the same server as your emby server? Hey, so its in /etc/nginx/sites-enabled/emby and nginx is on the same server mate. Link to comment Share on other sites More sharing options...
Meyaez 5 Posted October 29, 2021 Share Posted October 29, 2021 On 12/16/2020 at 10:34 AM, pir8radio said: With NGINX or any reverse proxy ahead of an application server you have more control over your setup. Hi! First I want to say thank you because following your proxy settings helped me solve an issue I was having. Could you or anyone provide a link or documentation where I can read what each header or proxy command is doing? For example, I don't understand these commands (they are not part of your setup) that I found: add_header X-Robots-Tag none; add_header X-Download-Options noopen; proxy_buffering off; proxy_set_header Connection "Upgrade"; Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted October 30, 2021 Author Share Posted October 30, 2021 (edited) On 10/28/2021 at 9:44 PM, Meyaez said: Hi! First I want to say thank you because following your proxy settings helped me solve an issue I was having. Could you or anyone provide a link or documentation where I can read what each header or proxy command is doing? For example, I don't understand these commands (they are not part of your setup) that I found: add_header X-Robots-Tag none; add_header X-Download-Options noopen; proxy_buffering off; proxy_set_header Connection "Upgrade"; here are all of the proxy module settings.. things that start with proxy_ http://nginx.org/en/docs/http/ngx_http_proxy_module.html the reason buffering is off, is so that when streaming video, its already broken into chunks by emby, you dont want nginx messing with those chunks on its own. the "add header" and "set header" are the nginx injecting headers that are not there, allowing them to pass, or removing them. so what you really want to google is what the actual header does.. like x-robots-tag google that, and x-download-options the connection header is for websockets.. look at my example config i broke the websockets out into its own chunk. Edited October 30, 2021 by pir8radio Link to comment Share on other sites More sharing options...
horstepipe 356 Posted November 12, 2021 Share Posted November 12, 2021 hey @pir8radio or anybody else, could you please tell me how to make the nginx' error_log show origin IPs in its log instead of cloudflare's ones? So how can I tell it to use $http_CF_Connecting_IP in error log (but keeping the error message intact)? This is for fail2ban for another service. Best regards Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted November 12, 2021 Author Share Posted November 12, 2021 (edited) 8 hours ago, horstepipe said: hey @pir8radio or anybody else, could you please tell me how to make the nginx' error_log show origin IPs in its log instead of cloudflare's ones? So how can I tell it to use $http_CF_Connecting_IP in error log (but keeping the error message intact)? This is for fail2ban for another service. Best regards did ya' look at the config above in post #1? I have a little note about connecting ip in there. Just for you buddy... ## The below will create a separate log file for your emby server which includes ## userId's and other emby specific info, handy for external log viewers. ## Cloudflare users will want to swap $remote_addr in first line below to $http_CF_Connecting_IP ## to log the real client IP address log_format emby '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port "$http_x_emby_authorization"'; Edited November 12, 2021 by pir8radio Link to comment Share on other sites More sharing options...
horstepipe 356 Posted November 13, 2021 Share Posted November 13, 2021 4 hours ago, pir8radio said: did ya' look at the config above in post #1? I have a little note about connecting ip in there. Just for you buddy... ## The below will create a separate log file for your emby server which includes ## userId's and other emby specific info, handy for external log viewers. ## Cloudflare users will want to swap $remote_addr in first line below to $http_CF_Connecting_IP ## to log the real client IP address log_format emby '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port "$http_x_emby_authorization"'; Hey sorry you misunderstood. my question is not related to Emby but to nginx at all. I‘m having an app (boockstack) which writes missed login attempts to nginx ERROR log. So I need to change the log type THERE. I‘m not able to find a way doing that Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted November 13, 2021 Author Share Posted November 13, 2021 10 hours ago, horstepipe said: Hey sorry you misunderstood. my question is not related to Emby but to nginx at all. I‘m having an app (boockstack) which writes missed login attempts to nginx ERROR log. So I need to change the log type THERE. I‘m not able to find a way doing that ohhh i did misunderstand sorry... but it sounds like it still runs behind nginx right? your original question said "tell me how to make the nginx' error_log show origin IPs" so that same info in the example config would work for that other app too.... or am i still missing something? Link to comment Share on other sites More sharing options...
horstepipe 356 Posted November 13, 2021 Share Posted November 13, 2021 45 minutes ago, pir8radio said: ohhh i did misunderstand sorry... but it sounds like it still runs behind nginx right? your original question said "tell me how to make the nginx' error_log show origin IPs" so that same info in the example config would work for that other app too.... or am i still missing something? Yes tne problem is that the failed login attempt (by php) is being written to the nginx ERROR log, not the nginx access log. Link to comment Share on other sites More sharing options...
amb13 17 Posted December 2, 2021 Share Posted December 2, 2021 So, I'm just curious. With a reverse proxy is it required to use https:// in front of the server address in emby apps? I have my emby in a sub-directory behind a reverse proxy. In a browser all http traffic is redirected to https, but when I try either http://mydomain.com or just mydomain.com in app.emby.media i get a connection failure. https://mydomain.com works perfectly. Link to comment Share on other sites More sharing options...
KMBanana 84 Posted December 3, 2021 Share Posted December 3, 2021 app.emby.media must match http or https to your server. If your server uses https, use https://app.emby.media . If it uses http, use http://app.emby.media For other apps, smartphones, smart TVs, set top boxes, they may not understand your webserver redirect, so specify the full https://mydomain.com Link to comment Share on other sites More sharing options...
dhenzler 9 Posted December 3, 2021 Share Posted December 3, 2021 I appended the script you provided to nginx.conf I couldn't find any details on where it would go otherwise. So edited out the old stuff, and added your script. Seems to work... How about some details on where the script should be added ! You assume we newbies know too much ! Dave Link to comment Share on other sites More sharing options...
Alexwerilles 3 Posted December 8, 2021 Share Posted December 8, 2021 I can't use this setting with this post's download limit setting: https://emby.media/community/index.php?/topic/57214-nginx-limit-download-speed/ When adding the code that limits the download speed, it gives an error in nginx. If anyone knows a solution I would appreciate it. Link to comment Share on other sites More sharing options...
Carlo 4330 Posted December 12, 2021 Share Posted December 12, 2021 No it's not required. Emby Server has a few options to set how https is handled. One of the options is "proxy" which allows Emby to assume everything is https downstream and being handled by a proxy server. That is one of the advantages of using a reverse proxy server as it can hand off/redirect to a non secured port on your local apps. With Cloudflare you can actually run secured for clients without a local reverse proxy nor without setting any certs in Emby Server as Cloudflare will take care of this. How you want to do this is completely up to you and how comfortable you are with parts of the communication not encrypted. If you are not worried about man in the middle attacks between Cloudflare and you and back again it's not needed. If you're in a business environment where security checks are done checking everything for secured access then all traffic to and from the server must be encrypted. This makes sense when financial data or personal data is involved as exploits can come from "inside" and not just the Internet. With an Emby Server this is probably not a concern at all and you're using Cloudflare to bypass CGNAT from your ISP or just for Cloudflares protection and better routing as well as caching it does. Based on that criteria I myself wouldn't really have an issue running Emby this way as there is no personal information involved but I would not think about doing that with Bitwarden password manager, Synology Drive or some other things I have available as I would want those fully secured inside my home LAN as well as that's just smart. Hope that helps Link to comment Share on other sites More sharing options...
Alexwerilles 3 Posted December 16, 2021 Share Posted December 16, 2021 On 12/12/2021 at 12:35 PM, cayars said: No it's not required. Emby Server has a few options to set how https is handled. One of the options is "proxy" which allows Emby to assume everything is https downstream and being handled by a proxy server. That is one of the advantages of using a reverse proxy server as it can hand off/redirect to a non secured port on your local apps. With Cloudflare you can actually run secured for clients without a local reverse proxy nor without setting any certs in Emby Server as Cloudflare will take care of this. How you want to do this is completely up to you and how comfortable you are with parts of the communication not encrypted. If you are not worried about man in the middle attacks between Cloudflare and you and back again it's not needed. If you're in a business environment where security checks are done checking everything for secured access then all traffic to and from the server must be encrypted. This makes sense when financial data or personal data is involved as exploits can come from "inside" and not just the Internet. With an Emby Server this is probably not a concern at all and you're using Cloudflare to bypass CGNAT from your ISP or just for Cloudflares protection and better routing as well as caching it does. Based on that criteria I myself wouldn't really have an issue running Emby this way as there is no personal information involved but I would not think about doing that with Bitwarden password manager, Synology Drive or some other things I have available as I would want those fully secured inside my home LAN as well as that's just smart. Hope that helps my question concerns the download speed limitation for users. I want to limit the download speed of users here at home. Just limit the download speed of videos. I already use nginx and cloudflare Link to comment Share on other sites More sharing options...
dhenzler 9 Posted December 16, 2021 Share Posted December 16, 2021 44 minutes ago, Alexwerilles said: my question concerns the download speed limitation for users. I want to limit the download speed of users here at home. Just limit the download speed of videos. I already use nginx and cloudflare I'm unsure of your motive to limit download speed on your LAN. Today most of us have Gigabit LAN's so unless you have a dozen concurrent users all watching movies @ 2-3MBps ??? As far as Cloudflare goes... I don't like getting involved with companies with monthly charges and crippleware for "FREE". Nginx does what is needed, and that is encapsulation of the data stream so "Big Brother" can't easily see what you're transporting. So... out of simple curiosity? Why the limit ? 1 Link to comment Share on other sites More sharing options...
Carlo 4330 Posted December 16, 2021 Share Posted December 16, 2021 Cloudflare doesn't cost anything the way most people use it and you get a lot for free. From DNS entries pointing to their servers vs your own wan to faster delivery to the client app due to their routing, to the much faster client experience and less bandwidth needed on your system since they cache your graphics. Plus they have all the protect to mitigate things the average person would not be able to cope with. It's not for everyone but there is definitely value to be had. 1 Link to comment Share on other sites More sharing options...
dhenzler 9 Posted December 16, 2021 Share Posted December 16, 2021 (edited) 55 minutes ago, cayars said: Cloudflare doesn't cost anything the way most people use it and you get a lot for free. From DNS entries pointing to their servers vs your own wan to faster delivery to the client app due to their routing, to the much faster client experience and less bandwidth needed on your system since they cache your graphics. Plus they have all the protect to mitigate things the average person would not be able to cope with. It's not for everyone but there is definitely value to be had. I guess the benefit is there if you have a large PUBLIC following. I don't. My upload is 15MB/sec and shared with web hosting. Although my hosting is for low volume sites and likely doesn't create much of a load. I don't share my content. Caching Emby means a relatively HUGE amount of storage. How does that work ? Don't mean to challenge your expertise, but what more than SSL would be required to protect your content from prying eyes ? Edited December 16, 2021 by dhenzler Link to comment Share on other sites More sharing options...
Carlo 4330 Posted December 16, 2021 Share Posted December 16, 2021 Not so much about man-in-the-middle attacks where someone sees the transmission. It's more to do with the fact no one can determine where the source of the content is. Your DNS records only point to Cloudflare IPs. That also means you don't have to have port 443 open to the world but only to the IP block that Cloudflare uses to pull info from your server. They also offer a free tunnel so you can have all ports closed. So it's more about those types of things as well as the other defense things they do and the caching and quicker delivery they can do. They of course have their own backbone so packet destined for locations outside your area will almost always have less latency and hops riding their backbone vs the public Internet as it's optimized for delivery. Keep in mind they do not cache your video as that would be against their TOS for free accounts but just having them be able to deliver faster as well as cache graphics and scripts can make a world of a difference. The slower you site is the more noticeable it is once the content is pulled the first time to be cached. Make sense? Link to comment Share on other sites More sharing options...
dhenzler 9 Posted December 16, 2021 Share Posted December 16, 2021 (edited) I tried to get Cloudflare to work. But it doesn't recognize any of my websites... ccskeet.com, rent14me.com, keystonebolt.com All of these work just fine. I give up... it's not for me ! Stuff that is that convoluted is beyond what I am willing to waste a day configuring. Edited December 17, 2021 by dhenzler Altered the whole thing Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now