Jump to content

unRAID, VPN and Emby

sross44

By sross44
in Linux

 Share

Recommended Posts

sross44

sross44 430

Posted
Posted

Ok, so I'm new to unRAID but really digging it. I've set up DelugeVPN and have Emby running through the VPN connection on that docker. If I check the IP address through the terminal of that docker it shows the VP connection. I also have Nginx set up pointing to the instance but at the local IP address. I want this setup because I have want people to access it by emby.domainname.com. I don't know how to set it up via Nginx any other way to still point to these instances.

When I check the Emby dashboard, the local IP address shows VPN connection and the remote shows my domain. My question is all media being played through the VPN remotely? Obviously if I check the ipaddress of URL it shows my home IP address because that's what Nginx is pointing to, but what is the media being played through? I want to make sure things are being played through the VPN. I think so because it's how the docker is connected, but I'm not sure.

I hope this makes some sense as I'm completely lost trying to figure out this last bit of info.

rbjtech

rbjtech 5284

Posted
Posted

Is a simple dns lookup (nslookup) resolving your emby.domainname.com to the VPN address ?  if not, then users are not using emby via the VPN. 

To use a VPN in this way, the VPN service need to be able to accept incoming requests and port forward back to your local emby service.   Not many VPN's provide this service.

sross44

sross44 430

Posted
  • Author
Posted
1 hour ago, rbjtech said:

Is a simple dns lookup (nslookup) resolving your emby.domainname.com to the VPN address ?  if not, then users are not using emby via the VPN. 

To use a VPN in this way, the VPN service need to be able to accept incoming requests and port forward back to your local emby service.   Not many VPN's provide this service.

Theoretically though, if all internet traffic is going through the vpn for the container, how is it possible? I guess in this instance I’m better off without using nginx?

rbjtech

rbjtech 5284

Posted
Posted
4 minutes ago, sross44 said:

Theoretically though, if all internet traffic is going through the vpn for the container, how is it possible? I guess in this instance I’m better off without using nginx?

Perhaps I'm not fully understanding the ask - but what is the purpose of using the VPN ? 

The primary purpose of a VPN is to cloak your public IP when YOU are the initiator of the request - ie outbound.  However, if you are expecting the VPN to cloak inbound requests, - ie emby.domainname.com resolves (dns) to the VPN public IP address - then VPN's don't work like this.   You need something to 'host' the listening service (out on the public internet), which then forwards via a VPN tunnel back to your local emby service.

 

 

sross44

sross44 430

Posted
  • Author
Posted
Just now, rbjtech said:

Perhaps I'm not fully understanding the ask - but what is the purpose of using the VPN ? 

The primary purpose of a VPN is to cloak your public IP when YOU are the initiator of the request - ie outbound.  However, if you are expecting the VPN to cloak inbound requests, - ie emby.domainname.com resolves (dns) to the VPN public IP address - then VPN's don't work like this.   You need something to 'host' the listening service (out on the public internet), which then forwards via a VPN tunnel back to your local emby service.

 

 

I want to make sure that whatever is being played is masked by the VPN. I know it’s typically not the biggest of deals what file is being played, most providers care about what’s being downloaded etc, but just as an extra security caution. Again, in reality I believe that is the case since the whole container is connected to the vpn with another container forwarding to it. I hope this makes more sense?

 

 

rbjtech

rbjtech 5284

Posted
Posted
25 minutes ago, sross44 said:

I want to make sure that whatever is being played is masked by the VPN. I know it’s typically not the biggest of deals what file is being played, most providers care about what’s being downloaded etc, but just as an extra security caution. Again, in reality I believe that is the case since the whole container is connected to the vpn with another container forwarding to it. I hope this makes more sense?

 

 

It does, but I think maybe you are not understanding how a 'host' works on the internet.  An emby client public IP address is routed to your ISP public IP address, where it then being NAT'd to a local/private IP and onto maybe  a reverse proxy or emby directly as a listening host.  

If emby is sitting effectively in a VPN which was initiated by your own hardware/lan - great, any outbound traffic will be via the VPN - but the internet knows nothing of this 'service'.   Thus emby clients cannot connect to it.  

To have clients connect to a service on the internet, then a 'host' needs to exist on the internet and it will then forward that traffic (via your VPN) to your ISP and onto your LAN based service.  Your public IP is now hidden, as the IP they see/use is the Internet hosted one.  They don't use the VPN address - that is just a transport.

This is what cloudflare are effectively doing - they are the 'host' and all traffic is being redirected - but as you can imagine, this is totally against their TOS, because they don't want all video traffic going though their networks.   

So settings up TLS tunnels to do this - is all perfectly doable - but you need other services first.  Maybe reach out to @cayars who can maybe give more insight on working solutions as I've never bothered, TLS, secureDNS and a correctly configured NGINX Reverse proxy is more than ample for an internet connected emby host.

  • Thanks 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...