NGINX - troubleshooting

[crusher11 979]

31 minutes ago, vdatanet said:

Forget what you had before, it didn't work, you had it set up Emby - Cloudflare.

It worked at some point... 

[vdatanet 1586]

2 minutes ago, crusher11 said:

It worked at some point... 

Maybe yes, but in your last configuration the ports were forwarded directly to the Emby server and the SSL certificate path was incorrect. 

[vdatanet 1586]

12 minutes ago, crusher11 said:

It worked at some point... 

Nginx was not involved in anything:

We left the system as you had it and now we are trying to configure nginx.

Edited July 12, 2021 by vdatanet

[crusher11 979]

1 hour ago, vdatanet said:

Perhaps this document is clearer:

Things Ian Says :: Enabling https with Nginx, Docker, and LetsEncrypt (ian-says.com)

You have to use the mount path:

No change. Instant "192.168.0.2 refused to connect" on port 8080, and a long load time before NGINX throws a 502 error on 4343.

[vdatanet 1586]

10 minutes ago, crusher11 said:

No change. Instant "192.168.0.2 refused to connect" on port 8080, and a long load time before NGINX throws a 502 error on 4343.

Did you change the router port forwarding (80-> 8080 and 43-> 4343)? Do this and try again using the domain.

[crusher11 979]

1 hour ago, vdatanet said:

Did you change the router port forwarding (80-> 8080 and 43-> 4343)? Do this and try again using the domain.

CloudFlare 521 errors.

[vdatanet 1586]

2 minutes ago, crusher11 said:

CloudFlare 521 errors.

Undo the port forwarding changes and post the current Nginx configuration file.

[crusher11 979]

1 minute ago, vdatanet said:

Undo the port forwarding changes and post the current Nginx configuration file.

Quote

worker_processes  auto;

error_log  logs/error.log;

events {
    worker_connections  8192;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    server_names_hash_bucket_size 64;
    server_tokens off;

    ## The below will create a separate log file for your emby server which includes
    ## userId's and other emby specific info, handy for external log viewers.
    log_format  emby  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port "$http_x_emby_authorization"';

    log_format default '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" $request_time $server_port';

    sendfile        off;  ## Sendfile not used in a proxy environment.

    gzip on;   ## Compresses the content to the client, speeds up client browsing.
    gzip_disable "msie6";

    gzip_comp_level 6;
    gzip_min_length 1100;
    gzip_buffers 16 8k;
    gzip_proxied any;
    gzip_types
        text/plain
        text/css
        text/js
        text/xml
        text/javascript
        application/javascript
        application/x-javascript
        application/json
        application/xml
        application/rss+xml
        image/svg+xml;

    proxy_connect_timeout 1h;
    proxy_send_timeout 1h;
    proxy_read_timeout 1h;
    tcp_nodelay on;  ## Sends data as fast as it can not buffering large chunks, saves about 200ms per request.

server {
    listen [::]:8080;           ## Listens on port 80 IPv6
    listen 8080;             ## Listens on port 80 IPv4
    listen [::]:4343 ssl http2;    ## Listens on port 443 IPv6 with http2 and ssl enabled
    listen 4343 ssl http2;    ## Listens on port 443 IPv4 with http2 and ssl enabled

    server_name [domain];    ## enter your service name and domain name here example emby.domainname.com

    access_log  logs/emby.log  emby;  ## Creates a log file with this name and the log info above.

     ## SSL SETTINGS ##
        ssl_session_timeout 30m;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_certificate      /etc/nginx/cert.pem;  ## Location of your public PEM file.
    ssl_certificate_key  /etc/nginx/private.key;  ## Location of your private PEM file.
        ssl_session_cache shared:SSL:10m;

     location ^~ /swagger {   ## Disables access to swagger interface
        return 404;
}

     location / {
        proxy_pass http://192.168.0.2:8096;  ## Enter the IP and port of the backend emby server here.

    proxy_hide_header X-Powered-By;     ## Hides nginx server version from bad guys.
    proxy_set_header Range $http_range;  ## Allows specific chunks of a file to be requested.
    proxy_set_header If-Range $http_if_range;  ## Allows specific chunks of a file to be requested.
    proxy_set_header X-Real-IP $remote_addr;  ## Passes the real client IP to the backend server.
        proxy_set_header Host $host;  ## Passes the requested domain name to the backend server.
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  ## Adds forwarded IP to the list of IPs that were forwarded to the backend server.

     ## ADDITIONAL SECURITY SETTINGS ##
     ## Optional settings to improve security ##
     ## add these after you have completed your testing and ssl setup ##
     ## NOTICE: For the Strict-Transport-Security setting below, I would recommend ramping up to this value ##
     ##         See https://hstspreload.org/ read through the "Deployment Recommendations" section first!   ##
    add_header 'Referrer-Policy' 'origin-when-cross-origin';
    add_header Strict-Transport-Security "max-age=10" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;

     ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client.
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
    }
}
}

 

[rodainas 188]

4 minutes ago, crusher11 said:

 

Cloudfare is unable to communicate with nginx

The problem seems to be on your router forwarding rules, could you post a screenshot of that?

[crusher11 979]

3 minutes ago, rodainas said:

Cloudfare is unable to communicate with nginx

The problem seems to be on your router forwarding rules, could you post a screenshot of that?

 

[rodainas 188]

4 minutes ago, crusher11 said:

 

And your real domain name is set here right?

server_name [domain];    ## enter your service name and domain name here example emby.domainname.com

 

Edited July 12, 2021 by rodainas

[rodainas 188]

12 minutes ago, crusher11 said:

 

Also change this to 127.0.0.1:8096

     location / {
        proxy_pass http://192.168.0.2:8096;  ## Enter the IP and port of the backend emby server here.

[vdatanet 1586]

I would disable cloudflare for now, first we have to confirm that nginx is working.

[crusher11 979]

4 minutes ago, rodainas said:

And your real domaing name is set here right?

server_name [domain];    ## enter your service name and domain name here example emby.domainname.com

 

Yes.

 

3 minutes ago, rodainas said:

Also change this to 127.0.0.1:8096

     location / {
        proxy_pass http://192.168.0.2:8096;  ## Enter the IP and port of the backend emby server here.

No change. 192.168.0.2 is the NAS, which is where NGINX and the server are, so that seems to make sense? But changing it to 127.0.0.1 makes no difference.

[rodainas 188]

1 minute ago, vdatanet said:

I would disable cloudflare for now, first we have to confirm that nginx is working.

I dont think that cloudfare is the problem, it is just pointing the domain name to his wan ip, the problem originates the moment it reaches router

[rodainas 188]

But yes, try it without cloudfare, at this point is nothing to lose

[vdatanet 1586]

Just now, rodainas said:

I dont think that cloudfare is the problem, it is just pointing the domain name to his wan ip, the problem originates the moment it reaches router

When cloudflare connects to Emby it works, but when it connects to Nginx it's not working. I think the problem is with Nginx.

[vdatanet 1586]

1 minute ago, rodainas said:

But yes, try it without cloudfare, at this point is nothing to lose

Just to make sure Nginx is working.

[rodainas 188]

Just now, vdatanet said:

When cloudflare connects to Emby it works, but when it connects to Nginx it's not working. I think the problem is with Nginx.

Fair enough.

Crusher

Try this command

systemctl restart nginx

[crusher11 979]

1 minute ago, rodainas said:

Fair enough.

Crusher

Try this command

systemctl restart nginx

Where do I try that and what is it doing that restarting NGINX isn't doing?

[rodainas 188]

When you make changes to nginx config, you need to restart or reload nginx in order to apply them, if there is a problem with config nginx will let you know there

Is a terminal command.

[crusher11 979]

2 minutes ago, rodainas said:

When you make changes to nginx config, you need to restart or reload nginx in order to apply them, if there is a problem with config nginx will let you know there

Is a terminal command.

Yes, I've been restarting it every time I make config changes. But just through Docker, rather than a terminal command. Does it make a difference?

[rodainas 188]

1 minute ago, crusher11 said:

Yes, I've been restarting it every time I make config changes. But just through Docker, rather than a terminal command. Does it make a difference?

I don't use docker so I couldn't tell, I just use terminal on my remote ubuntu server machine.

[rodainas 188]

So you get error when you do http://192.168.0.2:8080 ?

[crusher11 979]

3 minutes ago, rodainas said:

So you get error when you do http://192.168.0.2:8080 ?

Yes, connection refused.