NGINX - troubleshooting

[crusher11 850]

Because that's how I was told to set it up?

I mean, it seems right now that NGINX has never worked so I'm not sure that's the question to be asking.

CloudFlare is just there to give me a security certificate to use with NGINX, pretty much, I think. It's a long time since I set this all up.

 

[rodainas 188]

1 minute ago, crusher11 said:

Because that's how I was told to set it up?

I mean, it seems right now that NGINX has never worked so I'm not sure that's the question to be asking.

CloudFlare is just there to give me a security certificate to use with NGINX, pretty much, I think. It's a long time since I set this all up.

 

Cloudfare already gives you ssl certificate, scratch nginx.

[crusher11 850]

1 minute ago, rodainas said:

Cloudfare already gives you ssl certificate

Yes? That's what I said.

Whatever tutorial I first followed to set NGINX up included, as a step, using CF to generate a security certificate.

[rodainas 188]

You dont need nginx to use https, Cloudfare  gives you that without the need for nginx. 

Edited July 10, 2021 by rodainas

[crusher11 850]

You seem to think I had CloudFlare and then added NGINX.

CloudFlare was simply a step on an NGINX tutorial. My main goal was NGINX.

 

[rodainas 188]

Just now, crusher11 said:

You seem to think I had CloudFlare and then added NGINX.

CloudFlare was simply a step on an NGINX tutorial. My main goal was NGINX.

 

Again

What is the reason to keep using nginx?

[vdatanet 1549]

2 minutes ago, crusher11 said:

My main goal was NGINX

 

[Carlo 4330]

4 minutes ago, crusher11 said:

You seem to think I had CloudFlare and then added NGINX.

CloudFlare was simply a step on an NGINX tutorial. My main goal was NGINX.

 

Right but it was never functioning it would seem and you have Cloudflare pointing directly to your WAN IP it seems so you've had no real protection at all.
It would be far better to simplify your setup to "lock it up" and not have the current holes you've been creating.

Edited July 10, 2021 by cayars

[vdatanet 1549]

1 minute ago, cayars said:

Right but it was never functioning it would seem and you have Cloudflare pointing directly to your WAN IP it seems so you've had no real protection at all.

Yes, according to the port forwarding on the old router this seems to be.

[rodainas 188]

2 minutes ago, cayars said:

Right but it was never functioning it would seem and you have Cloudflare pointing directly to your WAN IP it seems so you've had no real protection at all.
It would be far better to simplify your setup to "lock it up" and not have the current holes you've been creating.

If proxied the ip is obscured but thats no the point.

If nginx has an utility other than the ssl certificate I can understand the need for it, but if it just is ssl then just stick to cloudfare

[crusher11 850]

4 minutes ago, cayars said:

Right but it was never functioning it would seem and you have Cloudflare pointing directly to your WAN IP it seems so you've had no real protection at all.

Where else would it be pointing?

[crusher11 850]

5 minutes ago, vdatanet said:

 

Is the timestamp in this link intentional? It just seems like it's a random point in the video.

[vdatanet 1549]

Just now, crusher11 said:

Is the timestamp in this link intentional? It just seems like it's a random point in the video.

No, it's the point I was watching now, watch all the video. First you need nginx to work on Synology, I think it doesn't now.

[Carlo 4330]

2 minutes ago, crusher11 said:

Where else would it be pointing?

Cloudflare allows setting itself up via proxied status where your real IP is never used on the Internet and any direct IP use would not work for SSL because it didn't go through CF.

You can also setup normal DNS records pointing to any host as typical.

When using Cloudflare proxied only specific ports are available to use and what you previously had in your router would not work.

[crusher11 850]

1 minute ago, cayars said:

Cloudflare allows setting itself up via proxied status where your real IP is never used on the Internet and any direct IP use would not work for SSL because it didn't go through CF.

You can also setup normal DNS records pointing to any host as typical.

When using Cloudflare proxied only specific ports are available to use and what you previously had in your router would not work.

I don't follow.

[rodainas 188]

You can use cloudfare proxied to obscure your ip, use their ssl certificate and connect to emby through your domain name

[crusher11 850]

Also, 8096 is still wide open, we never figured out how to close it.

And port 80 still redirects to port 5000.

We're trying to troubleshoot my router, NGINX, CloudFlare, and Emby all at once and it's very confusing.

 

[crusher11 850]

Just now, rodainas said:

You can use cloudfare proxied to obscure your ip, use their ssl certificate and connect to emby through your domain name

Isn't that what I was doing? Except it stopped working when I got the new router.

[rodainas 188]

Forgot to add, without the need of nginx.

[crusher11 850]

But NGINX wasn't working, apparently.

Whatever it was, it broke when I changed router. And port 8096 is still wide open.

 

[rodainas 188]

Why dont you try connecting without nginx, just disable it, only domain:publicport 

[Carlo 4330]

1 minute ago, rodainas said:

Why dont you try connecting without nginx, just disable it, only domain:publicport 

That's what I'm getting at.  There are at least 4 devices/services involved in this and it seems they are all out of whack with each other.

These needs to go back to as simple as possible, then add a new component once each new piece is working.

Right now we can't even confirm if port forwarding is correct or not because a new router/AP was recently installed but for all we know a router in front of it is actually doing port forwarding.

[crusher11 850]

3 minutes ago, rodainas said:

Why dont you try connecting without nginx, just disable it, only domain:publicport 

Do I need to add a port? Because that seems prohibitive, in terms of other users. Just having the simplicity of a domain is the goal here.

[crusher11 850]

Just now, cayars said:

Right now we can't even confirm if port forwarding is correct or not because a new router/AP was recently installed but for all we know a router in front of it is actually doing port forwarding.

I only have one router. The old router is completely disconnected.

[crusher11 850]

5 minutes ago, rodainas said:

Why dont you try connecting without nginx, just disable it, only domain:publicport 

Doesn't work.