Jump to content

crusher11
 Share

Recommended Posts

crusher11

I just got a new router, which means my server has moved from local IP 10.0.x.x to 192.168.x.x.

I added exactly the same port-forwarding rules to the new router that I had in the old router, changed the local IP address in the NGINX config, restarted NGINX and...it doesn't connect. The domain gets a CloudFlare 524 error. My IP address followed by ports 80, 443, 4343, 8920 and 7241 fails. My IP address followed by port 8096 succeeds.

This doesn't make any sense. I have Emby's ports in the network config set to 4343 for secure and 7241 for non-secure. CanYouSeeMe.org can only see me on port 8096.

NGINX isn't jumping in front of any of the attempts at direct-IP access, which from memory it's supposed to.

 

Screenshot 2021-07-09 01.38.38.png

Link to comment
Share on other sites

What you just typed really doesn't make any sense.  8096 isn't open in your router from what you just said but it's the port that works?

Do you have Emby port mapping turned on in network menu?  If so turn that off since you're controlling this outside of Emby.

For anyone to help you they will need to see your network menu setup (pics of all config options) and your nginx config file.

Since Cloudflare is also involved we're going to need to see your settings here as well.

You have many things between Emby and the user so each part is going to need to be looked at.

Link to comment
Share on other sites

crusher11

I'm not here to make sense, I'm just here to report what's happening.

Port mapping is turned off in Emby's network settings.

Remote connections are allowed, IP filter mode is 'whitelist', public port 7241, public secure port 4343, domain is correct, location of certificate is...incorrect and has been since Emby took over the /volume1/Emby folder. Just fixed it. But I'm not getting cert errors and it's worked fine for months so I doubt it's the issue anyway. Cert password hasn't changed, secure connections are handled by reverse proxy, port mapping is disabled, unlimited simultaneous streams and a max bitrate of 15Mbps.

 

NGINX config here. The only thing I've changed since it worked fine on the old router is changing the local IP.

worker_processes  auto;

error_log  logs/error.log;

events {
    worker_connections  8192;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    server_names_hash_bucket_size 64;
    server_tokens off;

    ## The below will create a separate log file for your emby server which includes
    ## userId's and other emby specific info, handy for external log viewers.
    log_format  emby  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port "$http_x_emby_authorization"';

    log_format default '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port';

    sendfile        off;  ## Sendfile not used in a proxy environment.

    gzip on;   ## Compresses the content to the client, speeds up client browsing.
	gzip_disable "msie6";

	gzip_comp_level 6;
	gzip_min_length 1100;
	gzip_buffers 16 8k;
	gzip_proxied any;
	gzip_types
	    text/plain
	    text/css
	    text/js
	    text/xml
	    text/javascript
	    application/javascript
	    application/x-javascript
	    application/json
	    application/xml
	    application/rss+xml
	    image/svg+xml;

    proxy_connect_timeout 1h;
    proxy_send_timeout 1h;
    proxy_read_timeout 1h;
    tcp_nodelay on;  ## Sends data as fast as it can not buffering large chunks, saves about 200ms per request.

server {
    listen [::]:80;   		## Listens on port 80 IPv6
    listen 80; 			## Listens on port 80 IPv4
    listen [::]:443 ssl http2;	## Listens on port 443 IPv6 with http2 and ssl enabled
    listen 443 ssl http2;	## Listens on port 443 IPv4 with http2 and ssl enabled

    server_name [REDACTED];    ## enter your service name and domain name here example emby.domainname.com

	access_log  logs/emby.log  emby;  ## Creates a log file with this name and the log info above.

     ## SSL SETTINGS ##
        ssl_session_timeout 30m;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
	ssl_certificate      ssl/cert.pem;  ## Location of your public PEM file.
	ssl_certificate_key  ssl/private.key;  ## Location of your private PEM file.
        ssl_session_cache shared:SSL:10m;

     location ^~ /swagger {   ## Disables access to swagger interface
        return 404;
}

     location / {
        proxy_pass http://192.168.0.2:8096;  ## Enter the IP and port of the backend emby server here.

	proxy_hide_header X-Powered-By;	 ## Hides nginx server version from bad guys.
	proxy_set_header Range $http_range;  ## Allows specific chunks of a file to be requested.
	proxy_set_header If-Range $http_if_range;  ## Allows specific chunks of a file to be requested.
	proxy_set_header X-Real-IP $remote_addr;  ## Passes the real client IP to the backend server.
        proxy_set_header Host $host;  ## Passes the requested domain name to the backend server.
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  ## Adds forwarded IP to the list of IPs that were forwarded to the backend server.

     ## ADDITIONAL SECURITY SETTINGS ##
     ## Optional settings to improve security ##
     ## add these after you have completed your testing and ssl setup ##
     ## NOTICE: For the Strict-Transport-Security setting below, I would recommend ramping up to this value ##
     ##         See https://hstspreload.org/ read through the "Deployment Recommendations" section first!   ##
	add_header 'Referrer-Policy' 'origin-when-cross-origin';
	add_header Strict-Transport-Security "max-age=10" always;
	add_header X-Frame-Options "SAMEORIGIN" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header X-XSS-Protection "1; mode=block" always;

     ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client.
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
    }
}
}

 

Link to comment
Share on other sites

I don't use nginx but must say I'm confused where ports 7241 & 4343 come into play as they are listed in the nginx config and Cloudflare won't be using those ports.

Would seem to me public ports are 80 & 443 as this is what nginx is listening to???

Sorry if this just confuses matters if those ports are valid, but I'm trying to learn from this as well! :)

Link to comment
Share on other sites

crusher11

The router is directing traffic that comes in on ports 80 and 443 to ports 7241 and 4343, as I understand it.

The port setup is exactly as it was on the old router, so I'm not seeing how it could be an issue though.

Link to comment
Share on other sites

I get that but what do you have listening to ports 7241 & 4343?

nginx is listening on ports 80 and 443 if I read that correctly.

  • Agree 1
Link to comment
Share on other sites

rodainas
Posted (edited)
server {
    listen [::]:80;   		## Listens on port 80 IPv6
    listen 80; 			## Listens on port 80 IPv4
    listen [::]:443 ssl http2;	## Listens on port 443 IPv6 with http2 and ssl enabled
    listen 443 ssl http2;	## Listens on port 443 IPv4 with http2 and ssl enabled

if you are listening on those public ports, you need to change your emby network settings to those public ports. You are saying something to nginx and have something different on emby.

Edited by rodainas
  • Like 1
Link to comment
Share on other sites

rodainas
Posted (edited)
10 minutes ago, crusher11 said:

If that's true, why did it work before? 

Could you post your emby network configuration?

Also could you try changing the local ip to

 

     location / {
        proxy_pass http://127.0.0.1:8096;  ## Enter the IP and port of the backend emby server here.
Edited by rodainas
Link to comment
Share on other sites

6 minutes ago, crusher11 said:

I described it in an earlier post. 

Not in this thread where someone is trying to help you.

Take pics of your network setup and post it.

Link to comment
Share on other sites

crusher11
2 minutes ago, cayars said:

Not in this thread where someone is trying to help you.

Take pics of your network setup and post it.

It was in the same post as my NGINX config, so yes, in this thread. 

Link to comment
Share on other sites

rodainas

I dont know if you saw the edit but here it is, just a quick test after that reload nginx.

 

Also could you try changing the local ip to

 

     location / {
        proxy_pass http://127.0.0.1:8096;  ## Enter the IP and port of the backend emby server here.
Link to comment
Share on other sites

2 minutes ago, crusher11 said:

It was in the same post as my NGINX config, so yes, in this thread. 

Not that I see.  Can you just take screen shots of everything set in network menu for us so no one needs to guess what settings are being used.
 Feel free to blank out your domain domain if present.

If someone's willing to help you make it easy for them!

Link to comment
Share on other sites

crusher11

I did that without touching any of the port settings in either the router or the Emby config, yeah. The domain still went nowhere.

Not sure if that's the test you wanted.

 

Link to comment
Share on other sites

Seems to me the public ports in Emby need changing to 80 & 443.
Same with the router.  Needs to listen on ports 80 and 443 but forward this to the NGINX IP address for the same ports 80 & 443.

Link to comment
Share on other sites

rodainas
Posted (edited)
9 minutes ago, cayars said:

Seems to me the public ports in Emby need changing to 80 & 443.
Same with the router.  Needs to listen on ports 80 and 443 but forward this to the NGINX IP address for the same ports 80 & 443.

I think he can omit the first part: "Seems to me the public ports in Emby need changing to 80 & 443." 

Because nginx connects to emby through the local ports that are set within emby (local connection)

proxy_pass http://127.0.0.1:8096

I tried with my emby config, chaging the internet ports to some random numbers (in nginx I have 80 and 443) and I was able to access emby with no problems.

So with the port forwarding with 80 and 443 to the NGINX IP it should work as you want.

Edited by rodainas
Link to comment
Share on other sites

crusher11

But why did it work previously, if that's what the issue is? It makes no sense. 

Link to comment
Share on other sites

rodainas
Posted (edited)
2 hours ago, crusher11 said:

The router is directing traffic that comes in on ports 80 and 443 to ports 7241 and 4343, as I understand it.

The port setup is exactly as it was on the old router, so I'm not seeing how it could be an issue though.

This shouldnt work if nginx is listening to 80 and 443, unless on your previous config it was listening to 7241 and 4343.

The other option could be that as you had 7241 and 4343 on emby it could be that the router was directly communicating to emby, and your nginx for some reason wasnt working, and now is working and you think is the same situation but is not.

Because the expected behavior is how it is currently working for you not the other way around.

If that not the case I dont know how it was working before for you.

Edited by rodainas
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...