Jump to content

Recommended Posts

Posted

Hi!

Last week I started having weird issue with my emby server running on windows 10. If I try to reach with my IP address from outside of my home network internet it work fine. But using cloudflare I get this weird message now:

 

image.thumb.png.9115c1ffc8f123b603439ca224b76ea2.png

Anyone else have experienced it ?

I have been using this setup for years and I did not change anything beside my IP when it changes...

Here's how it looks in the DNS cloudflare page... I have removed the personal informations...

 

image.thumb.png.2d0408ea5bf0435f3ca71023ec263618.png

 

Thanks a lot for the help!

 

 

Posted

Also have you taken a look at this:

 

Posted
1 hour ago, Luke said:

Also have you taken a look at this:

 

Yes I did back when I configured it years ago and it was very useful, but now like I said it happened suddenly without me doing any changes anywhere. It happened around the same time of my auto-renew cloudflare payment but it's not my first auto-renew and it always worked on the previous one... looks like i'm redirected to another server than mine since it's Debian related and I run windows 10...

Posted

OK, someone else just recently posted a newer cloudfare guide and it seemed very comprehensive. Just having trouble finding it. @Happy2Playdo you recall it?

visproduction
Posted (edited)

https://www.cloudflare.com/plans/

It shows that Streaming is add-on only for all plans.
There is also Load Balancing as an add-on.  I wonder, if you don't have any load balancing, could a video stream just not show up very easily to a user at a different location or after some time when the cache is cleared.  I would guess that without load balancing, a request for content that is somewhat large needs to first check for cache, it's not there, then check again with Cloudflare for the original stored copy on another host main server.  This process will take more time, hence the reason for load balancing.  That's how we did it at Akamai.  Maybe a browser or server related time out during the process to grab the media can happen because the file is video and there is no streaming add-on for that account...  Just a guess.

Edited by visproduction
Posted
8 hours ago, Badoune said:

All my friends that tried to connect remotely through cloudflare get the error message, when they try with the ip address it works so it must be cloudflare related...

Wait did you port forward Emby? The whole point of using cloudflare proxy is to hide your public ip. If you don’t need the proxy I would just turn it off. Just set it to dns only and see if that works for you.

Posted

Guys... don't know what happened but every works for my friends now since yesterday, did not do anything :S ... I guess a glitch with cloudflare ...

Thanks for the help from everyone :)

  • Thanks 1
Posted

It sounds like you don't have your Emby/Cloudflare configured correctly.
Configured correctly you would not let any IP through your router unless it was from these Cloudflare IP pools.

Quote
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22

https://www.cloudflare.com/ips/
Normally you will only need to setup one of those which will correspond to the IP hitting your Emby Serve.
Or you can skip opening any ports (ports forwarding) and use a Cloudflare tunnel. If behind a CGNAT the tunnel solves remote connection issues.

Ideally, you would get a free Origen cert from Cloudflare for your domain. The are good for 15 years, so set and forget.  You don't have to renew ever 90 days.
You set this up to allow Cloudflare to encrypt, decrypt all your traffic so your local Emby Server doesn't have to work as hard.

You would set Secure connection mode in network menu in Emby to "Handled by reverse proxy". This removes the efficiency of your packets as well.
With the handled by proxy option your telling Emby the encryption is handled for it but to still treat all traffic as if is encrypted. This is typical if using a CDN and/or reverse proxy.
You can make more use of your internet pipe this way while not allowing anyone except a Cloudflare address to get through your router.

If setup with Cloudflare you will have them setup as authoritative DNS servers. You'll setup A records that when proxied will point to the Cloudflare servers.  The IP entered on the A record will point to your local server but only Cloudflare will know this address.  Anyone hitting your IP will only see Cloudflare IPs and not your WAN IP. In Emby's network settings you would have you sub.domain.ext setup that it uses for any results sent.  So even if a friend hit your WAN IP:Port correctly the resulting page/links sent back would be using your domain.

Emby is going to handle local traffic one way and any non local traffic as remote traffic.  So it's important to setup correctly how Emby is going to treat this traffic. You want to either setup up thingw s above for Cloudflare or have your domain point directly to Emby with it setup using a cert and having Secure connection mode set to "Required for all connections".

Allowing anyone to still access a port on your router directly removes a lot of the benefits of using Cloudflare such as DDOS protection, GEO location blocking, caching, etc

  • 5 months later...
dorisc2
Posted

I had a similar issue and it turned out the traffic hitting my server was from a Stresser. Once I blocked the suspicious IPs and tweaked some Cloudflare settings, things got smoother. Check your logs for weird patterns or sudden spikes—they can be a clue if something’s hammering your server behind the scenes.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...