bay_wolf 4 Posted November 21, 2017 Posted November 21, 2017 I’ve got a Nginx reverse proxy setup using a let’s encrypt certificate. And have a domain name pointed to it. It works great and I can access Emby internally and out of my home network via the domain name. My issue is that when connecting from a local device like my phone via WiFi, Emby detects it as receiving my public up address from Nginx as I have it setup to forward the remote_addr in the headers. Which then makes Emby apply rules for bandwidth that I have setup for external clients while I’m at home. I have done a workaround right now to make Nginx pass back it’s address when it detects that the incoming $remote_addr is it’s public ip and it just rewrites the headers to pass $server_addr in those scenarios. I guess I’m curious as to how Emby detects if the client is local or external? I can also post my Nginx config later for info.
CBers 7474 Posted November 21, 2017 Posted November 21, 2017 Not sure if this is any help. https://emby.media/community/index.php?/topic/47508-how-to-nginx-reverse-proxy/ @@Swynol wrote it, so he may be able to assist.
bay_wolf 4 Posted November 21, 2017 Author Posted November 21, 2017 Just wanted to also add that I did verify when my phone connects to Nginx via my local WiFi that it’s not actually going out to the internet and back as I can playback 15-20Mbps files on my 6Mbps internet upload speed. Or so I’m assuming based on my testing.
bay_wolf 4 Posted November 21, 2017 Author Posted November 21, 2017 Not sure if this is any help. https://emby.media/community/index.php?/topic/47508-how-to-nginx-reverse-proxy/ @@Swynol wrote it, so he may be able to assist. Thanks! I’ve actually used that guide to help setup my reverse proxy to pass the external client ip to Emby and have it matching it except the addition I did to force Emby to see my local clients ips as originating from the Nginx machine.
Luke 42086 Posted November 21, 2017 Posted November 21, 2017 It is based on the remote ip address so that is why you end up having to forward remote_addr.
bay_wolf 4 Posted November 21, 2017 Author Posted November 21, 2017 It is based on the remote ip address so that is why you end up having to forward remote_addr. Thanks! That was my assumption. Quick other question, I've noticed also that I'll get devices connecting from some strange ports in the activity log on the dashboard. I'm assuming that's just from web sockets? They start with [::ffff: and end with a port number like 48790. Based on some testing on my phone, I'll have to connect to it via the domain name as if I do it just with the local ip, it doesn't connect once I've disabled my wifi on the phone. That's no big deal as I've got the nginx config setup to handle showing my local devices as local via a map function. Probably not the cleanest setup and I should probably just setup a dns server to return my local ip when going to my domain name but....... it works for now. My nginx config is below with the extra portion. worker_processes auto; events { worker_connections 8192; } http { include mime.types; default_type application/octet-stream; sendfile off; keepalive_timeout 65; server_tokens off; gzip on; ## Compresses the content to the client, speeds up client browsing. gzip_disable "msie6"; gzip_comp_level 6; gzip_min_length 1100; gzip_buffers 16 8k; gzip_proxied any; gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/rss+xml image/svg+xml; tcp_nodelay on; ## Sends data as fast as it can not buffering large chunks, saves about 200ms per request. map $remote_addr $client_address { default $remote_addr; "xx.xxx.xxx.xx" $server_addr; ## xx.xxx.xxx.xx is my public ip } server { listen 80; listen [::]:80; server_name example.com www.example.com emby.example.com; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; include ssl_common.conf; server_name example.com www.example.com emby.example.com; location / { proxy_pass http://emby.local.ip:8096; proxy_hide_header X-Powered-By; ## Hides nginx version proxy_set_header Host $host; ## Passes the requested domain name to the backend server proxy_set_header X-Real-IP $client_address; ## passes teh real client IP to the backend server. proxy_set_header X-Forwarded-For $client_address; ## adds forwarded ip to the list of ips to the server. proxy_set_header Range $http_range; ## allows specific chunks of a file to be requested. proxy_set_header If-Range $http_if_range; ## allows specific chunks of a file to be requested. #Next three lines allow websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } } }
bay_wolf 4 Posted November 22, 2017 Author Posted November 22, 2017 (edited) Found a different forum thread that's basically outlining why I have the mapping of remote_addr to server_addr for my public ip. https://emby.media/community/index.php?/topic/51307-emby-via-reverse-proxy-and-internal-network-settings/?fromsearch=1 I may look at setting up a local dns server like the people in that thread but I think the mapping in Nginx should work for right now. I guess my question would be if it’s a possibility to include a white list of ips we could add as “local” so I could just add my public ip to emby and it’d know that any clients connecting from it are actually local. I think Plex has something like this. Edited November 22, 2017 by bay_wolf 1
Luke 42086 Posted November 22, 2017 Posted November 22, 2017 The [::ffff: you see is what an ipv4 address looks like when mapped to ipv6. It is just the way it gets reported by the socket libraries we are using. We don't have that type of local option but it's possible for the future. Thanks.
Swynol 375 Posted November 22, 2017 Posted November 22, 2017 Not really sure how when your on you local wifi and using your domain name that its not going out onto the internet first and back in unless you router has a DNS or static-host entry pointing back to your local emby server or NGINX. from what i have seen in the past, if using the domain name while local it goes out on the internet to resolve the domain name to your WAN IP. this comes back in on your router to NGINX and then to Emby. What i have done is used a static-host mapping. My local clients all use my router as the internal DNS. the static host mapping is like a host file whereas the router resolves my domain name to a local IP, in my case my NGINX server. Because NGINX forwards the remote IP header it forwards my local IP rather than WAN IP. Static host mapping and DNS is the best way to do this. most good routers or pfsense, sophos utm support it. you could use emby connect this way it picks up the local port numbers from emby server and uses them or when external to your LAN uses the public ports listed in emby server which you can change to 443
bay_wolf 4 Posted November 22, 2017 Author Posted November 22, 2017 The [::ffff: you see is what an ipv4 address looks like when mapped to ipv6. It is just the way it gets reported by the socket libraries we are using. We don't have that type of local option but it's possible for the future. Thanks. Thank you for all of the information, I really appreciate it and all of the hard work you put into Emby.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now