pir8radio 1312 Posted August 22, 2018 Author Posted August 22, 2018 Yes we can remove that script tag. Cool, thanks for even considering it! I suspect emby will head down the Content Security Policy road one day anyway, this will help when you do.. Inline scripts are the easiest way to get into a website, the CSP will block all inline scripts to secure the page, and that's all we are trying to do here..
Luke 42077 Posted August 22, 2018 Posted August 22, 2018 I've added a CSP to the test version here: https://emby.media/community/index.php?/topic/61079-3603-db-changes/ Thanks.
pir8radio 1312 Posted August 22, 2018 Author Posted August 22, 2018 (edited) I've added a CSP to the test version here: https://emby.media/community/index.php?/topic/61079-3603-db-changes/ Thanks. wow, that's risky buddy.. Great now I'm going to have to download the new beta... lol I was holding off a bit, because I didn't want to be stuck in a particular database scheme if you were changing it again. I'm scared......... But I guess I'll make the move. What is still not working in that beta? Edited August 22, 2018 by pir8radio 1
Luke 42077 Posted August 22, 2018 Posted August 22, 2018 Just try it standalone and there's nothing to worry about.
pir8radio 1312 Posted August 22, 2018 Author Posted August 22, 2018 Just try it standalone and there's nothing to worry about. Can i run the stand alone side by side without them screwing with each others DB? I would like to run it looking at the same media so i can compare db speeds...
chef 3810 Posted August 23, 2018 Posted August 23, 2018 When I added CSP to my domain it really did a number on emby loading. But I look forward to it being implement Ed by professionals.
Luke 42077 Posted August 23, 2018 Posted August 23, 2018 I'm probably going to just remove it because it will just be unnecessary troubleshooting coming our way.
pir8radio 1312 Posted August 23, 2018 Author Posted August 23, 2018 (edited) I'm probably going to just remove it because it will just be unnecessary troubleshooting coming our way. Yea, I would wait to go full on CSP built into emby. But you can still get rid of that one inline script lol Let us fine tune the CSP in our proxy then move toward implementing it later. Edited August 23, 2018 by pir8radio
pir8radio 1312 Posted August 24, 2018 Author Posted August 24, 2018 Another thing you need to add to your CSP's is mb3admin I'm starting to get complaints from end users that their client is asking them to register emby. This is because the clients cant "phone home" to emby to confirm the servers device count and what not. Ill add this to mine and test.. I'll add a CSP forum post to cover everything. We can test and hopefully one day hand off to luke a working and painless CSP.
makarai 109 Posted August 24, 2018 Posted August 24, 2018 Also some clients get on the regular 'a stream unavailable' message
pir8radio 1312 Posted August 24, 2018 Author Posted August 24, 2018 Also some clients get on the regular 'a stream unavailable' message i have not seen this. what clients?
makarai 109 Posted August 24, 2018 Posted August 24, 2018 i have not seen this. what clients? 2 different clients on latest chrome. I personally never run into any real emby problems, and i typically check on all the clients i have available (nvidia shield with emby app, kodi, chrome mobilephone, chrome pc). Since i am fairly new to all of this i adopted the following methodology when i change something on my reverse proxy, by now i have a fairly complex HAproxy on Pfsense config, not sure if someone would benefit from it. mb.doman.org -> haproxy (passes both domain to the backend, each domain can pass different configurations) -> same backend mbtest.domain.org
makarai 109 Posted September 19, 2018 Posted September 19, 2018 @@pir8radio May i ask what your setup is? do you run a firewall and if so which ? For me its wan -> pfsense + haproxy package -> emby server
pir8radio 1312 Posted September 19, 2018 Author Posted September 19, 2018 (edited) @@pir8radio May i ask what your setup is? do you run a firewall and if so which ? For me its wan -> pfsense + haproxy package -> emby server WAN--Cloudflare------Firewall--nginx--emby The firewall defaults to block all except TCP 80 & 443 Edited September 19, 2018 by pir8radio
pir8radio 1312 Posted September 20, 2018 Author Posted September 20, 2018 Which Firewall are you using It's always good to keep that info private.. lol 1
makarai 109 Posted September 20, 2018 Posted September 20, 2018 Would you mind sending me a pm so I can copy your setup
Swynol 375 Posted September 20, 2018 Posted September 20, 2018 i have similar to pir8radio. wan - cloudflare - IPS - Firewall - nginx - servers
bfir3 117 Posted September 26, 2018 Posted September 26, 2018 This is awesome information. I just tested my server and I got an F, lol. Looks like I will be digging into this tonight.
makarai 109 Posted October 22, 2018 Posted October 22, 2018 WAN--Cloudflare------Firewall--nginx--emby The firewall defaults to block all except TCP 80 & 443 Hey, may i ask what cloudflare settings you use, i.e. flexible full or full strict, or do you just use it as a dns ?
pir8radio 1312 Posted October 22, 2018 Author Posted October 22, 2018 Hey, may i ask what cloudflare settings you use, i.e. flexible full or full strict, or do you just use it as a dns ? you mean under crypto? Full. Had to go with full because of how I hide my origin server..
makarai 109 Posted October 23, 2018 Posted October 23, 2018 you mean under crypto? Full. Had to go with full because of how I hide my origin server.. OK, thanks.
RobWayBro 28 Posted October 23, 2018 Posted October 23, 2018 Made it to an A+ also, without loss of connectivity.. . 1
jachin99 88 Posted March 28, 2020 Posted March 28, 2020 Are you all making changes directly to the web app, or are you all using proxies?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now