Live action content will not play from behind a reverse proxy

[AceBlade258 3]

I, uhh, don't really know what else to say. I have a bunch of anime that has no problems playing, but when I play any movies or TV shows I just get an error.

.

 

I wish it made more sense or I knew where to start debugging ^_^'

 

My reverse proxy is nginx, my config is:

server {
    server_name media.domain.com;
    listen 80;
    rewrite ^ https://media.domain.com$request_uri? permanent;
    location /.well-known {
        alias /var/www/media.domain.com/html/.well-known;
    }
}
server {
    server_name media.domain.com;
    error_log /var/log/nginx/emby.error.log debug;
    listen 443 ssl spdy;
    ssl_certificate                 /etc/letsencrypt/live/media.domain.com/cert.pem;
    ssl_certificate_key             /etc/letsencrypt/live/media.domain.com/privkey.pem;
    ssl_prefer_server_ciphers       On;
    ssl_protocols                   TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                     'AES256+EECDH:AES256+EDH:!aNULL';
    ssl_stapling                    on;
    ssl_stapling_verify             on;
    ssl_trusted_certificate         /etc/letsencrypt/live/media.domain.com/fullchain.pem;
    keepalive_timeout               180;
    client_max_body_size 1024M;
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://toshokan.home.domain.com:8096;
    }
}

 

and nginx.conf looks like:

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
#    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server_names_hash_bucket_size 64;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }
        error_page 404 /404.html;
            location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
    server {
        listen 443 default_server  ssl spdy;
        server_name  _;
        root         /usr/share/nginx/html;
        ssl_certificate                 /etc/pki/CA/certs/default-webserver.crt;
        ssl_certificate_key             /etc/pki/CA/certs/default-webserver.key;
        ssl_prefer_server_ciphers       On;
        ssl_protocols                   TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers                     'AES256+EECDH:AES256+EDH:!aNULL';
        ssl_stapling                    on;
        ssl_stapling_verify             on;
        keepalive_timeout               180;
        client_max_body_size 1024M;
        location / {
        }
        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}

Please help.

 

[Luke 42077]

Hi there, welcome. In order to best help you, please provide the information requested in how to report a media playback issue. thanks!

[pir8radio 1312]

@@AceBlade258 

 

Start by adding

proxy_set_header Range $http_range;

proxy_set_header If-Range $http_if_range;

To the location section of your first config.

 

Has this setup ever worked or did it just stop working?    Do some more explaining,  Is nginx on the same pc as emby? different PC? Is nginx and emby on the same LAN? 

 

Also check your mime.types config...  

 

But if I were to guess, adding the above two lines probably fixed your issue?

Edited August 17, 2016 by pir8radio

[AceBlade258 3]

Log for a playback attempt can be found here.

 

@@pir8radio

 

Adding those did not fix it; and since restarting nginx with those in even anime cannot play? I'm guessing those are not why though. What am I looking for in my mime.types?

 

Emby and nginx are on separate servers; it has never worked, apparently.

Edited August 17, 2016 by AceBlade258

[pir8radio 1312]

Have you tried regular HTTP to make sure its not ssl related?   

Also have you tried your emby IP address instead of the name?  If you have IPv6 enabled on the nginx and emby PC using the name vs IPv4 address can cause some issues as well.

Is emby setup to reflect your external domain name and port in the advanced settings section?

 

#server {
#server_name media.domain.com;
#listen 80;
#rewrite ^ https://media.domain.com$request_uri? permanent;
#location /.well-known {
#alias /var/www/media.domain.com/html/.well-known;
#}
#}
server {
server_name media.domain.com;
error_log /var/log/nginx/emby.error.log debug;
#listen 443 ssl spdy;

listen 80;
#ssl_certificate /etc/letsencrypt/live/media.domain.com/cert.pem;
#ssl_certificate_key /etc/letsencrypt/live/media.domain.com/privkey.pem;
#ssl_prefer_server_ciphers On;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
#ssl_stapling on;
#ssl_stapling_verify on;
#ssl_trusted_certificate /etc/letsencrypt/live/media.domain.com/fullchain.pem;
#keepalive_timeout 180;
#client_max_body_size 1024M;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://toshokan.home.domain.com:8096;
}
}

Edited August 17, 2016 by pir8radio

[AceBlade258 3]

Have you tried regular HTTP to make sure its not ssl related?   

Also have you tried your emby IP address instead of the name?  If you have IPv6 enabled on the nginx and emby PC using the name vs IPv4 address can cause some issues as well.

Is emby setup to reflect your external domain name and port in the advanced settings section?

 

 

Just tried without SSL, same results. Internally, connecting directly to the emby box works fine. I do have IPv6; however switching to the v4 address changed nothing. Emby has it's external port and address set properly. I do not have 8096 or 8920 forwarded; however the reverse proxy does not work internally either, so it is not that.

[pir8radio 1312]

Just tried without SSL, same results. Internally, connecting directly to the emby box works fine. I do have IPv6; however switching to the v4 address changed nothing. Emby has it's external port and address set properly. I do not have 8096 or 8920 forwarded; however the reverse proxy does not work internally either, so it is not that.

 

Sent you a PM,    by switching to ipv4 I meant doing it here in nginx  proxy_pass http://toshokan.home.domain.com:8096; 

[AceBlade258 3]

Yeah, that is what I did; the internal address is DHCP assigned though, so I want to keep it using the hostname if at all possible. It is currently set to the IPv4 address and behaving the same way.

[pir8radio 1312]

Do me a favor and lets try this...  Make the below changes.   I'm still looking through your headers...

Also go into emby settings/advanced and uncheck "enable web response caching"

 

sendfile off;
#tcp_nopush on;
#tcp_nodelay on;

 

 

turn off sendfile and comment out nopush and nodelay

@@AceBlade258

 

I'm seeing some errors which make me think nginx is chopping up your packets.

Post when you made the changes and restart nginx.. Ill see what I see...  

Edited August 18, 2016 by pir8radio

[AceBlade258 3]

That is what I was thinking was the issue. I changed it last night before I went to bed and forgot to post it; I cannot even start videos through the rproxy anymore?

[pir8radio 1312]

That is what I was thinking was the issue. I changed it last night before I went to bed and forgot to post it; I cannot even start videos through the rproxy anymore?

 

do you still have the below in your config?     Ill post my config tonight and you can try it out, if it works for you, you can enable the SSL. And we can go from there. 

proxy_set_header Range $http_range;

proxy_set_header If-Range $http_if_range;

[AceBlade258 3]

They were until about 10 minutes ago...

 

Some videos start to play, but I still can't watch anything. I'm spinning a windows instance up now to see if the I get the same problem with it.

Edited August 18, 2016 by AceBlade258

[pir8radio 1312]

This is where I'm weak.... I only dabble with linux lol.  I want to make sure this isn't a linux permission issue...  To help trouble shoot can you add the below to your config.  restart nginx.  I'm seeing files over 80kb failing to be served, wondering if nginx is trying to serve up some temp/buffer files that it doesn't have permissions to read/write.

 

proxy_max_temp_file_size 0;

Edited August 18, 2016 by pir8radio

[AceBlade258 3]

Heyyyyyyyyyyyyyyyyyyy!! That seems to be working!

[pir8radio 1312]

YAY!   Looks like its a linux file permissions issue, that I can't claim to help you with lol

 

But i would start with the nginx "proxy_temp" directory and make sure your nginx user: "www-data"  has read write access...   then you can try to enable proxy temp files again..   I better at least get a like for this.. 

Edited August 18, 2016 by pir8radio

[AceBlade258 3]

I'm looking into the proxy permissions; I changed my nginx user, so I bet that's when the issue started. (I swore it was working previously, but had only had it up for a week or so!)

 

I'll post a follow up a some point with details of my nginx config. Thanks for the help debugging!