Problem accessing Emby behind reverse proxy

[MacGyver27 20]

Hello.

I have noticed I have issues accessing Emby server behind reverse proxy - emby.example.com. It works when using public IP - A.B.C.D:PORT. Does anybody have some suggestions? I share the very same setup with Plex (1:1) and no such issues over Reverse Proxy.. Thanks!
 

Server Version 4.7.14.0
Setup: Docker on Linux
Reverse proxy: Traefik v2.10.4

Chrome reports following errors:

Firefox behaves a bit weird. Wont load the page by default, but somehow loads when developer window is opened:

 

My reverse proxy is traefik:
 

http:

  routers:
    emby.example.com:
      entryPoints:
        - websecure
      rule: Host(`emby.example.com`)
      service: emby.example.com

  services:
    emby.example.com:
      loadBalancer:
        passHostHeader: true
        servers:
          - url: 'http://192.168.255.11:33400'

My DNS resolver is Cloudflare and I have disabled caching for everything including emby.example.com:

[MacGyver27 20]

I have read the HOW TO: Cloudflare settings and have everything set up as in the first post except the Page rules. I have replaced this settings with the Cache rules, which seems to be working since I dont see any values for cf-cache-status:

When trying to open those scripts in new window they get loaded:

Edited November 28, 2023 by MacGyver27

[MacGyver27 20]

Ok, solved it. It was Rate limiting of Traefik. Increased burst from 50 req/s to 100 and works now.

    ratelimit:
      rateLimit:
        average: 150
        burst: 100

 

[rbjtech 5284]

16 hours ago, MacGyver27 said:

Ok, solved it. It was Rate limiting of Traefik. Increased burst from 50 req/s to 100 and works now.

    ratelimit:
      rateLimit:
        average: 150
        burst: 100

 

had you changed the Traefik default ?

Just useful to know for other users that might hit this issue.. 

[MacGyver27 20]

21 minutes ago, rbjtech said:

had you changed the Traefik default ?

Just useful to know for other users that might hit this issue.. 

Default is 0/0, but in documentation example they use 100/50. I have seen same values as recommended settings from various blog posts as well..

[rbjtech 5284]

Just now, MacGyver27 said:

Default is 0/0, but in documentation example they use 100/50. I have seen same values as recommended settings from various blog posts as well..

ok - so default is no rate limiting - that makes sense.   nginx, apache and I believe caddy all have RL disabled out the box - so unless added, this should not impact a typical setup.

Thanks !

[AshranPewter 6]

Thank you for this thread, @MacGyver27 it hadn't really affected me because I just was lazy and bypassed it through local IPs but once I go live it would be annoying and now it's fixed!

To be clear about rbjtech's comments though, a typical setup should have rate limiting to slow down bots and other things from causing issues with your setup and/or brute forcing anything. It should be part of your larger security system around your apps that you host if you expose your system to the internet.

Most Reverse Proxy default settings are generally not good enough for exposing a system to the greater internet.

[MacGyver27 20]

So why are not all script/style files merged, uglyfied and minified? like every frontend should do?.. kinda overwheling on the web server/reverse proxy.. just saying..