Jump to content

some suggestions.

QIQI123456

By QIQI123456
in Feature Requests

 Share

Recommended Posts

QIQI123456

QIQI123456 0

Posted
Posted

I am a Chinese user. I often use EMBY with many people and have purchased a permanent license because I find EMBY very useful. I would like to make a few suggestions:

  1. My EMBY is frequently attacked by people trying to crack the login. Can we force login via domain name instead of IP:8096? For example, I have a server with IP 111.111.112.112 and have bound a domain name xxx.xxxx.com. I can log in using 111.111.112.112:8096 or xxx.xxxx.com:8096. However, now there are hundreds of dangerous IPs from different regions trying to log in, which makes me scared. I only use it with my friends and I am sure my domain name has not been leaked. I hope there is a setting to force login only via xxx.xxxx.com:8096 and reject IP login.

  2. When the network is not good (server or mobile), when watching movies through EMBY and playing or skipping playback, there is a buffering prompt on the playback interface, from 0%→15%→30%→60%→90%→99%, and it starts playing when it reaches 100%. This prevents people from getting impatient and waiting.

  3. Some videos are shot with a phone, and when playing, the screen needs to be rotated. Although EMBY provides automatic screen rotation with the phone, some screens automatically rotate and are not easy to operate with the phone. I hope there is a manual function that can be locked (actually, most Chinese apps have this function). Small suggestion, thank you!! EMBY is great.

Luke Emby Team

Luke 42077

Posted
Posted

Hi, for the first one. Have you checked out the ip whitelist feature in server network settings?

QIQI123456

QIQI123456 0

Posted
  • Author
Posted (edited)

I'm a Chinese user. When I use the EMBY app on my phone or computer, my IP changes every time. On mobile data, my phone gets a different IP in each area or region. On my computer, just turning my modem off and on immediately changes the IP. In China, very few people have fixed IPs, unlike abroad, so whitelisting is basically impossible.

Thank you

🤣

Edited by QIQI123456
QIQI123456

QIQI123456 0

Posted
  • Author
Posted
9 minutes ago, Luke said:

你好,第一篇。你有没有检查过服务器网络设置里的IP白名单功能?

For Chinese users, most mobile phones or computers don't have a fixed IP. When you move to a new area, the IP changes automatically, or when you restart the modem, the IP updates immediately. In China, many people use Emby, Jellyfin, or Plex, with Emby being the most popular among them.

darkassassin07

darkassassin07 652

Posted
Posted

If you place a reverse proxy in-front of Emby, it can be set to drop all traffic except those that use the correct domain name.

 

In nginx, that would look something like: 

ssl_certificate /your/cert.pem
ssl_certificate_key /your/cert.key

server {
    listen ssl 443;
    default_server;
    return 444; #444 = drop connection with no response
}
server {
    listen ssl 443;
    server_name yourdomain.example; #only respond to this name
    proxy_pass localhost:8096;
}

And because this listens to port 443, you will no longer need to specify a port when connecting, just type the domain name. You will however have to forward port 443 instead of 8096, and tell apps like Emby For Android to use 443.

  • Agree 2
TMCsw

TMCsw 247

Posted
Posted
4 hours ago, darkassassin07 said:

If you place a reverse proxy in-front of Emby, it can be set to drop all traffic except those that use the correct domain name.

 

In nginx, that would look something like: 

ssl_certificate /your/cert.pem
ssl_certificate_key /your/cert.key

server {
    listen ssl 443;
    default_server;
    return 444; #444 = drop connection with no response
}
server {
    listen ssl 443;
    server_name yourdomain.example; #only respond to this name
    proxy_pass localhost:8096;
}

And because this listens to port 443, you will no longer need to specify a port when connecting, just type the domain name. You will however have to forward port 443 instead of 8096, and tell apps like Emby For Android to use 443.

You can do the same with any port # you want, like this: 

server {
        listen xxxxx ssl; # xxxxx is any port
        ssl_certificate /my/fullchain.pem;
        ssl_certificate_key /my/privkey.pem;
        
        error_page 497 301 =307 https://$host:$server_port$request_uril
        server_name mysite.com # using this won't get rejected
        return 444;

        location / {
                proxy_pass http://192.168.0.4:8096;    # <-- to suit your setup
                ….
                Other settings
                ….
         }
}

A higher unused Port # is less likely to be scanned. (your users will need to use your custom port #)

I also do Geo-blocking.

  • Agree 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...