Happy2Play 9780 Posted July 29, 2024 Posted July 29, 2024 It the log is not providing more info on the client you should be able to figure out this device DeviceId=E14F65CC-04F2-4400-BEDD-D53829056BAA
vaise 340 Posted July 29, 2024 Posted July 29, 2024 9 minutes ago, Happy2Play said: It the log is not providing more info on the client you should be able to figure out this device DeviceId=E14F65CC-04F2-4400-BEDD-D53829056BAA Any idea where I can track that back to ?
Happy2Play 9780 Posted July 29, 2024 Posted July 29, 2024 7 minutes ago, vaise said: Any idea where I can track that back to ? Not entirely sure how deviceid are store or created as I am just looking in the api by the id show on dashboard-devices.
Happy2Play 9780 Posted July 29, 2024 Posted July 29, 2024 But looking for that id in your log should give you some reference of the client/app/version.
Happy2Play 9780 Posted July 29, 2024 Posted July 29, 2024 Quick example for my tablet @vaise &X-Emby-Client=Emby for Android&X-Emby-Device-Name=1000111483A&X-Emby-Device-Id=7ab7312f61xxxa2e&X-Emby-Client-Version=3.4.14
vaise 340 Posted July 29, 2024 Posted July 29, 2024 I tracked the device (as there was one in the last hour too) and its a google TV - but - this device is playing back stuff all the time, and is right now, and isdoing the normal /emby/Videos like currently. So maybe its a type of media that is causing this ? Either way, as a temp stop-gap here, I am going to add a redirect in cloudflare for this url also to pass instead to my nginx proxy direct - then see if anyone complains, and also hope the CF use is flatlined.......
vaise 340 Posted July 31, 2024 Posted July 31, 2024 Next issue on this - I could not see why there were still jumps every now and again with the data usage through cloudflare - after checking logs in detail around these times, I believe this is audio book playback. There seems to be two requests for these on two different URI paths : emby.mydomain.com/emby/Audio emby.mydomain.com/Audio I have added redirects for both of these and listen sections in the nginx so they are also redirected. Finally, what is this extra request I see sometimes for emby.mydomain.com/emby/Videos . It seems to be immediately following an actual media watch get ? Seems to be to do with subtitle stream in some way? There is no playSessionId associated with it so it is not picked up in the cloudflare redirect process. Should this be redirected to nginX with the actual video file it refers too ? If so, I can add a redirect check in cloudflare for emby.mydomain.com/emby/Videos, and 'Stream.srt' instead of PlaySessionId Example : 2024-07-31 17:27:17.331 Info Server: http/1.1 GET http://embyredirect.mydomain.com/emby/videos/113859/original.mkv?DeviceId=E1010A1C-D5DA-446B-9F10-CA8FA49B6E44&MediaSourceId=c64fdefcae8442571c0b22fee52567e2&PlaySessionId=7eb2cbc8ed4b4925899a219872d08774&api_key=8139bb9d5d8d4bfdb84244ac29ccab5f. 2024-07-31 17:27:17.365 Info Server: http/1.1 GET http://emby.mydomain.com/emby/Videos/113859/c64fdefcae8442571c0b22fee52567e2/Subtitles/2/0/Stream.srt?api_key=8139bb9d5d8d4bfdb84244ac29ccab5f.
LAPS0082 13 Posted August 31, 2024 Posted August 31, 2024 Dear all this workaround will be my next Emby improvment. How do you handle automatic certificate renewal for media.yoursite.com?
pwhodges 2012 Posted August 31, 2024 Posted August 31, 2024 For free certificates from LetsEncrypt, you can use Certbot. If you want, or are prepared to use, a reverse proxy it's even easier - just use Caddy, which automates not just the renewal of the certificates, but even getting them in the first place. Paul
HorsePDF 13 Posted September 1, 2024 Author Posted September 1, 2024 Yep I use let's encrypt as well and certbot, it works well
LAPS0082 13 Posted September 3, 2024 Posted September 3, 2024 Dear all, yea I know certbot with nginx. My question is especially for this use case. There are 2 domains: streaming.mydomain.com (simple dns a record to my public IP > nginx reverse proxy) = easy no problems media.mydomain.com (cloudflare tunnel) = Resolves to a cloudflare IP If I want to enroll a certificate with certbot on my nginx server for media.mydomain.com it checks the public IP which does of course not match with my own IP. Certbot throws an error and does not enroll a certificate.
pwhodges 2012 Posted September 3, 2024 Posted September 3, 2024 (edited) Caddy offers alternative means to verify the certificate validity which do not rely on the local IP address, but instead check against your domain registrar using an API - you need to get a code from the registrar for this. I don't know about certbot (I know of it but don't use it), but I imagine it can also be configured to use this mechanism. Paul Edited September 3, 2024 by pwhodges
HorsePDF 13 Posted September 3, 2024 Author Posted September 3, 2024 You can also use the Cloudflare provided certificate for your local instance, it is only for use for communication between Cloudflare and your node. I have not used this before, I also use DNS certbot flow
horstepipe 422 Posted July 18, 2025 Posted July 18, 2025 (edited) On 4/15/2024 at 11:43 PM, HorsePDF said: In my Nginx service, I drop any request immediately that is not a request to stream an Emby video file (e.g. the login page or any other API/page) Hey @HorsePDF How to accomplish that? BR Edited July 18, 2025 by horstepipe
HorsePDF 13 Posted July 18, 2025 Author Posted July 18, 2025 (edited) 1 hour ago, horstepipe said: Hey @HorsePDF How to accomplish that? BR It is this part of the configuration I had posted. The response 444 is a special response code for nginx that closes the connection without a response location / { return 444; } Because it comes after your other rule(s) then if a request does not match an earlier rule it will default to this one and get the desired outcome Edited July 18, 2025 by HorsePDF 1
Mattynator 2 Posted July 31, 2025 Posted July 31, 2025 (edited) I have something like this instead. I'm a bit of a novice, so may be doing it wrong. I use Swag as the reverse proxy. It seems to work fine for me and bandwidth usage on cloudflare seems to be minimal now. emby.example.com → Proxied (orange cloud) (Cloudflare reverse proxy) stream.example.com → DNS only (grey cloud) (Direct connection for media streaming, bypass Cloudflare proxy) 2. SWAG Configurations Main Emby Proxy: emby.example.conf Quote server { listen 443 ssl; server_name emby.example.com; include /config/nginx/ssl.conf; client_max_body_size 0; # GeoIP restriction (optional) - Can be done via cloudflare # if ($geoip2_data_country_code !~ ^(GB)$) { # return 444; # } # Redirect media files to streaming subdomain location ~* \.(ts|mp4|mkv|avi|mov|webm|m3u8)$ { return 302 https://stream.example.com$request_uri; } # Main proxy location / { proxy_pass http://emby_backend:8095; # Emby container IP (generalized) proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_request_buffering off; proxy_buffering off; proxy_redirect off; proxy_set_header Connection "upgrade"; proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; } } Stream-Only Proxy: streaming.example.conf Quote server { listen 443 ssl; server_name streaming.example.com; include /config/nginx/ssl.conf; client_max_body_size 0; # Optional: Geo-block countries # if ($geoip2_data_country_code !~ ^(GB)$) { # return 444; # } # Only proxy known media extensions location ~* \.(ts|mp4|mkv|avi|mov|webm|m3u8)$ { proxy_pass http://emby_backend:8095; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_request_buffering off; proxy_buffering off; proxy_redirect off; proxy_set_header Connection "upgrade"; proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; } # Block everything else location / { return 444; } } Edited July 31, 2025 by Mattynator
Mattynator 2 Posted July 31, 2025 Posted July 31, 2025 sorry i meant to write streaming.example.com → DNS only (grey cloud)
vaise 340 Posted July 31, 2025 Posted July 31, 2025 I use swag too for this split. but I think you are wrong in your geo blocking note in the swag config, once that cf is switched off, it wont run yr waf rules. So def still use the geoblock. 1
Mattynator 2 Posted July 31, 2025 Posted July 31, 2025 7 minutes ago, vaise said: So def still use the geoblock Yes. Your correct. I think that part is from an old config I had. 30 minutes ago, Mattynator said: return 302 https://stream.example.com$request_uri; This part is also wrong. Its: return 302 https://streaming.example.com$request_uri;
HorsePDF 13 Posted July 31, 2025 Author Posted July 31, 2025 Hey that is great! I hadn't heard of SWAG but it seems that it is nginx under the hood anyway. Really glad you could get something working 1
horstepipe 422 Posted August 3, 2025 Posted August 3, 2025 Hey folks, has anybody some ideas about that problem?
horstepipe 422 Posted January 11 Posted January 11 has anybody found a working config to make this split also work with pdf files from Emby?
Luke 42077 Posted January 12 Posted January 12 1 hour ago, vaise said: PDF’s? Is that for ebooks ? I don’t have them sorry. Yes that is correct.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now