Jump to content

Please Help -Reverse Proxy user access restrictions to Emby

Ranse

By Ranse
in Linux

 Share
Go to solution Solved by seanbuff,

Recommended Posts

Ranse

Ranse 6

Posted
Posted

Hello,
I have recently  configured Opnsense firewall , and followed this guide
https://forum.opnsense.org/index.php?topic=24778.msg118832#msg118832

Emby is reachable through my DDNS.

I am trying to limit access to the server from outside - by doing the following on the Emby server:
Hide this user from login screens when connected remotely
But I can still see the username when I got to https://mydomain.xxx

Hide this user from login screens on the local network - unsure why


Also , for some reason Emby server thinks of traffic as being local, because if I were to put the username in login screen it will not ask for password ( I have "do not require password on local network" enabled)

Please let me know how can I fix this issue.

seanbuff

seanbuff 1316

Posted
Posted

I typically have all three options checked for my remote users:

image.png.679f9523e9881fc4918c07ab9104e14b.png

31 minutes ago, Ranse said:

Also , for some reason Emby server thinks of traffic as being local, because if I were to put the username in login screen it will not ask for password ( I have "do not require password on local network" enabled)

I have no experience with OPNsense, but it sounds like maybe your Nginx config is not forwarding the Real-IP to the backend server (Emby in this case)

It's hard to tell from the way your Nginx is set up, but what is in the drop-down box for this?
image.png.e659ccddb687572a920f8892c2d09134.png

Is there a way you can view the proxy.config file itself in text? Ultimately it will need at a minimum this header config: 

server {
    ...
    proxy_set_header    X-Real-IP        $remote_addr;
    proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
    ...
}

 

Ranse

Ranse 6

Posted
  • Author
Posted
2 hours ago, seanbuff said:

I typically have all three options checked for my remote users:

image.png.679f9523e9881fc4918c07ab9104e14b.png

I have no experience with OPNsense, but it sounds like maybe your Nginx config is not forwarding the Real-IP to the backend server (Emby in this case)

It's hard to tell from the way your Nginx is set up, but what is in the drop-down box for this?
image.png.e659ccddb687572a920f8892c2d09134.png

Is there a way you can view the proxy.config file itself in text? Ultimately it will need at a minimum this header config: 

server {
    ...
    proxy_set_header    X-Real-IP        $remote_addr;
    proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
    ...
}

 

seanbuff , thanks for reply.
Real IP Source is enabled for " X-Forwarded for "
I have tested it first from home  ( where the opnsense is) , and it was behaving as stated above.

But from phone, on mobile data , it actually works as expected !

Is this a normal behavior ?

If so , could you recommend further security settings on emby side ?

 

  • Solution
seanbuff

seanbuff 1316

Posted
  • Solution
Posted
14 minutes ago, Ranse said:

Is this a normal behavior ?

Well if testing locally when at home, it is expected that your traffic will appear local - so this is normal. If it's working correctly when using mobile data, then you're all set.

Within Emby, under your [Network] tab, do you have this set?
image.png.f18d6c8ffcd6bb7bd65a5b91d0283986.png

If so, then there is nothing else further that needs to be done.

Ranse

Ranse 6

Posted
  • Author
Posted

I have it under "handled by reverse proxy"

Thanks a lot for clearing this out.

 

  • Like 1
  • Thanks 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...