Jump to content

***[GUIDE]*** SETUP EMBY (with HW transcoding) ON UNRAID & REMOTE ACCESS THROUGH REVERSE PROXY USING SWAG


Mikele

Recommended Posts

Mikele
On 7/2/2021 at 8:53 PM, shimmerknight said:

Worked like a charm for me.  Thanks for taking the time to do a write-up for others.  It is greatly appreciated!

Thanks a lot. Glad I could help :)

Link to comment
Share on other sites

  • 2 months later...

In case this might help anyone..

 I kept getting the 502 Bad Gateway error, no matter how many times I tried to reinstall and set up and was certain I was doing it correctly. Googling away, I found something on Stack overflow(sorry, lost link) that mentioned deleting the resolver.conf located(in my instance anyway) /mnt/user/appdata/swag/nginx and restart Swag. This rebuild the resolver file and bingo, I was now in. 

Link to comment
Share on other sites

nodiaque

Hello,

First off, great tutorial. I'm currently looking at building a new nas with unraid and was thinking emby or not on it, and this help me push it on the same hardware. Now my question that go with it, I see hardware transcoding using iGPU. I'm planning an AMD build (aren't sure yet) but even with an intel one, I'll use a dedicated nvidia gpu. How would someone configure for using NVENC instead?

THank you!

Link to comment
Share on other sites

Hi @nodiaque,

thanks for your comment.

Before it wasn't possible to pass an external gpu to the docker as unraid didn't have the gpu driver installed (officially). With the latest Unraid build 6.9 they included the nvidia driver into the system so now it should be possible. I don't have an extra nvidia gpu card so you'll have to test this for me and let me know.

Follow this guide and you'll be able to passthrough the GPU to the docker. 

[Plugin] Nvidia-Driver - Plugin Support - Unraid

If you don't want to use this the other solution is to use a VM with emby installed and then passthrough the GPU. Have a look at spaceinvaderone youtube videos on how to do that.

Let us know how it goes. Hopefully you'll be successfull

Link to comment
Share on other sites

nodiaque

Thanks a lot for the information. I changed how I'll be doing my new server which fix this issue in a way. I'll install Proxmox then truenas on it, and then spin some VM as needed. I'm still on the edge as do I install a Windows Server 2019 core for emby or a W10.

Thanks again for the information, if not me, someone else will use it

Link to comment
Share on other sites

  • 4 months later...
Adiventure

I'm struggling here a bit, I had an initial problem that seemed to be related to the current config options for SWAG not exactly lining up with the guide (primarily that it asks for URL instead of Domain, and directs to use subdomain if you don't own the top domain. That in turn points at supdomain.subdomain.domain if you list the subdomain as well. Listing solely the domain, and the subdomain in the subdomain section seems to have fixed it). I'm now getting no SWAG errors, but when I try access the Emby server I'm hitting a 502 nginx page. Hoping you might be able to offer some insight. The guide is fantastic and has really helped with the process.

Link to comment
Share on other sites

nodiaque

I'm unsure how you are configured. On my unraid server, I have a docker with emby and another with swag.

In swag, you have configuration file already existing for emby. You can use either subdomain or folder. Let's say you're using a dynamic dns like duckdns,org and that your current subdomaine is myserver. This give you a base url of myserver.duckdns.org.

If you want to point any application to emby (emby theater, emby apps on tv/android/ios...), you must use this url with the port (8096 by default). For outside access, you'll need to port forward. This won't use SWAG at all since it's direct access, but the app cannot use SWAG proxy. To use SSL on these connection, you need to add the certificat for your domain directly in EMBY,

If you want to use the web interface, then, with SWAG, you can do reverse proxy. You have 2 options:

- Subdomain: This will create a redirection from emby.myserver.duckdns.org

- Folder: This will create a redirection from myserver.duckdns.org/emby

In the config file, you must check that the container name in the config is the same as your container in the docker tab. You must also port forward the port.

Don't forget that port 80 and 443 are already used by UnRaid Web Interface. That mean you must use another port and port forward these ports or use a distinct IP for swag. What I did on my end is used port 880 and 9443 on my docker redirect (SWAG still listen to internal 80 and 443 port) but on my firewall, I redirected port 80 and 443 to these port on my unraid server.

If you're using duckdns.org certificat, note that you can't have both a certificate for the FQDN (myserver.duckdns.org) and for it's subdomains (emby.myserver.duckdns.org). It's a duckdns restriction. You can have wildcard certificate for *.myserver.duckdns.org though.

Hope that help.

Link to comment
Share on other sites

Adiventure
4 hours ago, nodiaque said:

I'm unsure how you are configured. On my unraid server, I have a docker with emby and another with swag.

In swag, you have configuration file already existing for emby. You can use either subdomain or folder. Let's say you're using a dynamic dns like duckdns,org and that your current subdomaine is myserver. This give you a base url of myserver.duckdns.org.

If you want to point any application to emby (emby theater, emby apps on tv/android/ios...), you must use this url with the port (8096 by default). For outside access, you'll need to port forward. This won't use SWAG at all since it's direct access, but the app cannot use SWAG proxy. To use SSL on these connection, you need to add the certificat for your domain directly in EMBY,

If you want to use the web interface, then, with SWAG, you can do reverse proxy. You have 2 options:

- Subdomain: This will create a redirection from emby.myserver.duckdns.org

- Folder: This will create a redirection from myserver.duckdns.org/emby

In the config file, you must check that the container name in the config is the same as your container in the docker tab. You must also port forward the port.

Don't forget that port 80 and 443 are already used by UnRaid Web Interface. That mean you must use another port and port forward these ports or use a distinct IP for swag. What I did on my end is used port 880 and 9443 on my docker redirect (SWAG still listen to internal 80 and 443 port) but on my firewall, I redirected port 80 and 443 to these port on my unraid server.

If you're using duckdns.org certificat, note that you can't have both a certificate for the FQDN (myserver.duckdns.org) and for it's subdomains (emby.myserver.duckdns.org). It's a duckdns restriction. You can have wildcard certificate for *.myserver.duckdns.org though.

Hope that help.

I appreciate it. I went pretty much word for word with the guide, using a different hopto subdomain. Port forwarding is configured for the ports listed, and I went with the ports listed in the original post across the board. Only things I'm tracking as divergent in any way are that I installed the emby container (Binex, so EmbyServer) before swag, but then set it up as directed per the guide. Is the container name case sensitive? Only other divergence, and I'm not sure how it would manifest a problem like this is that the server is on its own vlan.image.png.1e346346903d7906df47afe2b8d86bc0.png

image.thumb.png.8d691afd8d7cc3f85d91d9e77a4464ed.png

image.png.0c176ff41e6d872189eb64ba119cf18e.png

image.png.cbc0788edac3d60cd6ddb3d8cbe5b68f.png

image.png.300e0c3e31362ad1cbe335fde9921719.png

Edited by Adiventure
Link to comment
Share on other sites

nodiaque

I myself installed swag after, that's no issue. Different thing though, my swag doesn't send me to the https url. My emby have its own cert for https for when I direct connect to it, but it's not configured for remote proxy. Swag does it, so I'm unsure what to tell you. I haven't followed the guide. 

 

As for the container name, it is case sensitive. In you config, there's more then 1 line that require change. Look under location, there's a place that say embyserver. This is the container name. It sometime repeat many time in the file. 

Link to comment
Share on other sites

Adiventure
1 hour ago, nodiaque said:

I myself installed swag after, that's no issue. Different thing though, my swag doesn't send me to the https url. My emby have its own cert for https for when I direct connect to it, but it's not configured for remote proxy. Swag does it, so I'm unsure what to tell you. I haven't followed the guide. 

 

As for the container name, it is case sensitive. In you config, there's more then 1 line that require change. Look under location, there's a place that say embyserver. This is the container name. It sometime repeat many time in the file. 

Yeah, that's the only lace the container name was listed, and I updated it to be case accurate. Restarted both containers after. Still hitting a 502.

 

I had done it before, but on a hunch (as per the comment above from dajo77) I deleted the resolver and relaunched. I now seem to have resolved the issue.

Edited by Adiventure
Link to comment
Share on other sites

nodiaque

Did you see dajo77 reply? He talk about error 502, maybe that would help with the latest swag modification? 

 

Don't forget to restart swag. 

 

Also, I'm unsure about the filter address. Mine is set to whitelist and not blacklist. But then again, I don't use the reverse proxy function at that place, but it still work if I use the subdomain for my emby from  swag. 

Link to comment
Share on other sites

Adiventure
1 minute ago, nodiaque said:

Did you see dajo77 reply? He talk about error 502, maybe that would help with the latest swag modification? 

 

Don't forget to restart swag. 

 

Also, I'm unsure about the filter address. Mine is set to whitelist and not blacklist. But then again, I don't use the reverse proxy function at that place, but it still work if I use the subdomain for my emby from  swag. 

Yeah, that turned out to have been it. I had tried it before posting, but I tried again after capitalizing the container name and that seemed to have done it.

  • Like 1
Link to comment
Share on other sites

  • 4 weeks later...
Adiventure

One other issue I'm hoping to get some help on.

 

I had been having playback issues which appear to be resolved by disabling http2. That said I continue to experience an issue whereby my watched status does not sync to my clients (I can't confirm if it is syncing the other way). Might this be down to something I have misconfigured with the setup?

Link to comment
Share on other sites

Mikele

Could be related or not. We need the logs to see what's going on and how it was setup.

Does this happens on LAN as well? Which clients?

Link to comment
Share on other sites

  • 2 months later...
  • 9 months later...
Zeke66

Little late to this post but I've been working through the steps and am ready to throw my server out the window lol.

 

HOW do i set up an SSL Cert with a DDNS. Ive never done any of this before, Im not even sure why im doing this instead of just using whatever my WAN IP is at the time. Im using NO-IP to create the DDNS domain and it has an option for an SSL under the paid portion (which i did), but then i need to create a CSR? I dont even know what that is let alone how to make one and the instructions might as well be chinese.

 

This is a nightmare.

 

Also. totally weird. 

 

When i tried at the end of the steps, going to the URL i had made, it wont connect, 500 error. figures. BUT. If i switched to my phone using LTE, IT SENDS ME TO THE SIGN IN PAGE FOR MY UNRAID SERVER?! HOW IS THAT A THING?!?!

 

EDIT: I've confirmed the port forwarding is correct on both 8080 and 8443. it is definitely the SSL Cert based on the error im getting when checking the swag logs. I just don't know how to make an SSL Cert.

Edited by Zeke66
Link to comment
Share on other sites

Zeke66
12 hours ago, Zeke66 said:

Little late to this post but I've been working through the steps and am ready to throw my server out the window lol.

 

HOW do i set up an SSL Cert with a DDNS. Ive never done any of this before, Im not even sure why im doing this instead of just using whatever my WAN IP is at the time. Im using NO-IP to create the DDNS domain and it has an option for an SSL under the paid portion (which i did), but then i need to create a CSR? I dont even know what that is let alone how to make one and the instructions might as well be chinese.

 

This is a nightmare.

 

Also. totally weird. 

 

When i tried at the end of the steps, going to the URL i had made, it wont connect, 500 error. figures. BUT. If i switched to my phone using LTE, IT SENDS ME TO THE SIGN IN PAGE FOR MY UNRAID SERVER?! HOW IS THAT A THING?!?!

 

EDIT: I've confirmed the port forwarding is correct on both 8080 and 8443. it is definitely the SSL Cert based on the error im getting when checking the swag logs. I just don't know how to make an SSL Cert.

 

New update. After nearly 14 hours researching and troubleshooting this, I have come to a new roadblock. I have attempted the guided process approx 7-8 times now, being sure to delete the dockers and appdata as well each time. Also deleting the port forwards, just in case I did something wrong. Every time has now come to the same conclusion. I get to the very end to test the connection, and when I type in the domain and sub domain (XXXXX.hopto.org). I get this pop up from Swag and that's it. I'm not sure what the issue is or where to go from here.

Screenshot 2023-03-23 120548.jpg

Link to comment
Share on other sites

vaise

I never knew this guide existed.  I used the ibracorp YouTube vid on swag, I even added ceowdsec and geo blocking to it since then. Maybe watch those vids and compare to this walkthrough for differences.

Link to comment
Share on other sites

Mikele
17 hours ago, Zeke66 said:

 

New update. After nearly 14 hours researching and troubleshooting this, I have come to a new roadblock. I have attempted the guided process approx 7-8 times now, being sure to delete the dockers and appdata as well each time. Also deleting the port forwards, just in case I did something wrong. Every time has now come to the same conclusion. I get to the very end to test the connection, and when I type in the domain and sub domain (XXXXX.hopto.org). I get this pop up from Swag and that's it. I'm not sure what the issue is or where to go from here.

Screenshot 2023-03-23 120548.jpg

This is just the default swag HTML index page. So far means you are able to access your swag index page and if it's done over https and you get no warning means ssl certs are correctly setup. Now you need to modify the subdomains config file to make sure you get forwarded to emby instead of the default swag index.

Link to comment
Share on other sites

Zeke66
On 24/03/2023 at 05:24, Mikele said:

This is just the default swag HTML index page. So far means you are able to access your swag index page and if it's done over https and you get no warning means ssl certs are correctly setup. Now you need to modify the subdomains config file to make sure you get forwarded to emby instead of the default swag index.

Thanks for the Reply Mikele. Done a lot of trouble shooting and messing around, This is my first delve into this stuff. Would I be able to dm you to chat a bit further? not sure what details i should or shouldnt be posting here so rather keep it private. 

 

Thanks again

Link to comment
Share on other sites

  • 1 month later...
gnollo

Thank you for your guide, I was able to set this up succesfully thanks to your instructions. Quick question regarding port 80, does it need to stay open once it is set-up?

Link to comment
Share on other sites

Mikele
On 5/5/2023 at 2:51 PM, gnollo said:

Thank you for your guide, I was able to set this up succesfully thanks to your instructions. Quick question regarding port 80, does it need to stay open once it is set-up?

Yep, it needs to stay open as it's used by swag. Glad it works

Link to comment
Share on other sites

  • 2 months later...
gnollo

Hi Mikele, 

I have just received an email from letsencrypt.org:

"Your certificate (or certificates) for the names listed below will expire in 20 days (on 2023-08-01). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.

We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details."

I will check the SWAG log file

Edited by gnollo
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...