User is a Ghost User somehow

[JasonNalley 37]

I have a user who has been on my server for quite some time, however, after 09/22 I only get Authentication events, no playback events when that user is online.  On his end, he has not been able to mark a show as complete or have his watched history logged for the same amount of time.  When he's playing something, and we're on the phone together, he's able to watch but I cannot see that video stream in the Dashboard.  Any ideas?  

Server = Emby Version 4.8.10.0 
Server OS = Windows 11 (Latest)
 

User is connecting via an XBOX w/ Emby Connect  (All users on my server are emby connect users save for my daughters account).  

embyserver.txt

Edited September 30, 2024 by JasonNalley

[JasonNalley 37]

More info, when I remove nginx from the equation everything works as expected

[Carlo 4561]

3 hours ago, JasonNalley said:

More info, when I remove nginx from the equation everything works as expected

Hi,

That would seem to indicate that nginx is at the heart of the issue.  This could be a configuration issue or perhaps a caching issue.
Did you try restarting nginx?

Carlo

[JasonNalley 37]

3 hours ago, Carlo said:

Hi,

That would seem to indicate that nginx is at the heart of the issue.  This could be a configuration issue or perhaps a caching issue.
Did you try restarting nginx?

Carlo

I did not.  While troubleshooting, I discovered that another friend was having the same issue (also using an Xbox to connect), and users on firetv, android, or roku don't seem to be experiencing the same problem.  I myself was able to connect with my phone off network and everything worked fine.  I turned on the hotspot and checked my daughters devices on my phones network (not the home network) and those worked just fine.  Tomorrow (or possibly over the weekend because some people work) I intend on contacting all of my other users and seeing which ones it affects and which ones it does not.  My guess so far, is that it's a compatibility issue between nginx (or my setup/configuration of Nginx) and the Xbox app...  I'll have more for you guys later... 

[Luke 42079]

Hi, the progress reports are failing for a reason that does look reverse proxy related. 

[Luke 42079]

Have you compared your nginx setup to this:

 

[JasonNalley 37]

On 10/1/2024 at 8:24 AM, Luke said:

Have you compared your nginx setup to this:

 

Sorry it took me so long to get back to this...  It's been a busy month for me... I finally had time to sit down and look through some things...  That NGINX post is fairly old and using some really outdated security practices....  This is a more relevant config serverblock:

 

worker_processes auto; 

events {
    worker_connections 2048; 
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile      on;
    keepalive_timeout 65;

    # Extended gzip settings
    gzip on;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
    gzip_min_length 1000;
    gzip_vary on;
    gzip_comp_level 6;
    gzip_proxied any;
    gzip_buffers 16 8k;

    limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; 
	    
	# Redirect HTTP to HTTPS for Emby subdomain
    server {
        listen 80;
        server_name your.domain.here;	#Update with your domain
        return 301 https://$host$request_uri;
    }

    # HTTPS server block for Emby subdomain
    server {
        listen 443 ssl;
        server_name your.domain.here;  #Update with your domain

        ssl_certificate      /your/ssl/certificate/file.pem/crt;	#Update with your ssl certificate file
        ssl_certificate_key  /your/ssl/key/file.key/pem;	#Update with your ssl certificate file
        ssl_session_timeout 30m;
        ssl_protocols TLSv1.2 TLSv1.3;	#Force TLS v1.2 and higher
        ssl_session_cache    shared:SSL:1m;
        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
        ssl_prefer_server_ciphers  on;

        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 8.8.8.8 8.8.4.4;

        # Security headers for Emby
        add_header X-Xss-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header 'Referrer-Policy' 'no-referrer';
        add_header Content-Security-Policy "frame-ancestors your-root.domain your.sub.domain;";  #replace with your root domain (ie google.com) and your subdomain (ie emby.google.com)
        proxy_hide_header X-Powered-By;
        add_header Content-Security-Policy "upgrade-insecure-requests";

        location / {
            proxy_pass http://192.168.x.x:8096; # Adjust as per your Emby server IP and port

            proxy_set_header Range $http_range;
            proxy_set_header If-Range $http_if_range;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            # WebSocket support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }
}

This .conf is up and functioning and i no longer have any issues with users play history not generating/capturing.  All playback events are up and running as intended.  This cert gives an A+ rating at the few free scanning sites I've used.