routing for emby server

[J0ffr37 8]

Good morning, 

sorry I am not a specialist in network management

I want to do an installation with two nas behind my router

• a first (synology) receives all requests on 80 and 443 (mydomain.fr)
• a second (terramaster) will host emby server and the video files, it will listen on ports 8086 (http) and 8087 (https)

synology uses a reverse proxy to route my subdomains, for example, it routes emby.domain.fr which arrives on 80 and 443 to IP 192.168.*.* / 8086 on the terramaster. This allows me not to use web addresses with ports for users (like emby.mydomain.fr:8086 or externalip:8086), it also allows me to take advantage of the firewall and the Let's Encrypt certificate from Synology.

In this use, only display requests to the Emby server go through Synology or do even video data transfers have to go through Synology during playback?

Clearly, at one point, is the emby server responds to the client "no longer call me on emby.mydomain.Fr for your next requests but on externalip:8086" ?

if all data must pass through the synology reverse proxy, is there a setting that allows you to do otherwise? (I don't really understand how X-Real-Ip and X-Forwarded-For work)

thanks for help

[rbjtech 5284]

Once setup, the reverse proxy on the synology will proxy all the external traffic, effectively forwarding it to your terramaster.

As long as you set the Emby Network 'Secure connection mode' to Reverse Proxy - then you don't need to worry about X-Real-IP etc as emby will be aware it is headed by the reverse Proxy and act accordingly.

ALL traffic will pass through the reverse proxy - as video is delivered via HTTP the same as a normal web page.

[J0ffr37 8]

15 minutes ago, rbjtech said:

Une fois configuré, le proxy inverse sur le synology proxyera tout le trafic externe, le transmettant efficacement à votre terramaster.

Tant que vous définissez le « mode de connexion sécurisée » du réseau Emby sur Reverse Proxy, vous n'avez pas à vous soucier de X-Real-IP, etc., car Emby saura qu'il est dirigé par le proxy inverse et agira en conséquence.

TOUT le trafic passera par le proxy inverse - car la vidéo est diffusée via HTTP de la même manière qu'une page Web normale.

But isn't it better or possible to ensure that the initial call via https://emby.mydomain.fr is made via the reverse proxy and then afterward the emby server communicates directly with the client? in particular to prevent the video stream from passing through synology?

I'm not so worried about the bandwidth overload because I have a router connected in 2.5gb on the fiber from my provider and on the switch, then the synology in 10gb and the terramaster in 2.5gb on the switch, but I have always been told that multiplying interfaces is never a good idea 

thank you for your return

[rbjtech 5284]

1 hour ago, J0ffr37 said:

But isn't it better or possible to ensure that the initial call via https://emby.mydomain.fr is made via the reverse proxy and then afterward the emby server communicates directly with the client? in particular to prevent the video stream from passing through synology?

I'm not so worried about the bandwidth overload because I have a router connected in 2.5gb on the fiber from my provider and on the switch, then the synology in 10gb and the terramaster in 2.5gb on the switch, but I have always been told that multiplying interfaces is never a good idea 

thank you for your return

Everything will go through the proxy, that's how a reverse proxy works.   You don't have to use a reverse proxy, but then you'll need to setup a direct connection to the terramaster with your router doing the forwarding instead.   The Reverse Proxy will provide more protection as well as facilitate TLS etc.