Domain Migration Help

[josevh 9]

Hi all,
 

I'm planning to move my emby server from domainA.com to domainB.com

 

Currently, it's running behind a nginx reverse proxy.

In order to change the domains I am:

1. Adding a nginx config for domainA to redirect to domainB on ports 80 and 443
2. Adding a nginx config for domainB to proxy requests to emby's local network IP
3. Updating the "External domain" setting in emby to domainB

This seems to work for users already logged in via domainA or clients configured to connect to domainB.

However, if a user has a client configured to connect to domainA and attempts login, login fails.

Emby server logs the following:

 

2019-12-11 10:00:02.609 Info HttpServer: HTTP GET http://domainB:8096/Users/authenticatebyname. UserAgent: Mozilla/5.0 (Linux; Android 9; SM-G950U Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.108 Mobile Safari/5
37.36
2019-12-11 10:00:02.610 Error HttpServer: Access token is invalid or expired.
2019-12-11 10:00:02.610 Info HttpServer: HTTP Response 401 to 107.77.165.24. Time: 1ms. http://domainB:8096/Users/authenticatebyname

 

Any ideas on how to migrate domain and not break login?

Edited December 11, 2019 by josevh

[Luke 42085]

Have you compared  your nginx configuration to @@pir8radio ?

[josevh 9]

Hey Luke, are you referring to the config posted here: https://emby.media/community/index.php?/topic/48236-setting-up-emby-behind-a-reverse-proxy-nginx/ ?

 

I'm using a config based on (almost identical to) https://github.com/linuxserver/reverse-proxy-confs/blob/master/emby.subdomain.conf.sample

( which loads: https://github.com/linuxserver/docker-letsencrypt/blob/master/root/defaults/proxy.conf and https://github.com/linuxserver/docker-letsencrypt/blob/master/root/defaults/ssl.conf )

 

I'll compare them but it looks like all emby-related settings in pir8radio's conf are in mine, I'll take a look at the other lines before the emby-related ones.

I'll reiterate that on domainA reverse proxy works fine.

Also, on domainB reverse proxy works fine except for those users who are redirected on login attempts.

 

It looks like the auth api call is a GET request so it should be ok to redirect no?

[Luke 42085]

I would double check his config, but no, the authentication endpoint is a post, not a get.

[josevh 9]

I would double check his config, but no, the authentication endpoint is a post, not a get.

 

You may be right, I'm just basing my conclusion off the log statement:

2019-12-11 10:00:02.609 Info HttpServer: HTTP GET http://domainB:8096/Users/authenticatebyname

I turned on debug logging and didn't see any more log statements than before.

 

I'm still trying things out.

Gonna try leaving the old domain active and slowly migrate people over as the opportunity arises.

Just have to make sure that the "External Domain" setting doesn't cause issues for those visiting on the domain emby isn't configured for.

[pir8radio 1312]

Click my avatar to view my config.

 

How are you redirecting, show that nginx line? Some apps wont allow redirects, redirects break things.   Do you plan on keeping domain a and b?

 

I would just add domain a and b under the working server block and leave it until people stop using domain a, or throw domain a an error forcing them to use b

server_name domain-one.com www.domain-one.com domain-two.com www.domain-two.com;

[Luke 42085]

You may be right, I'm just basing my conclusion off the log statement.

 

Because that's what emby server got. Something (your proxy) intercepted the requested and changed it from it's original form.

[josevh 9]

@@pir8radio 

 

Redirect conf:

  1 server {
  2     listen 80;
  3     server_name emby.domainA;
  4     return 301 http://emby.domainB$request_uri;
  5 }
  6 
  7 server {
  8     listen 443;
  9     server_name emby.domainA;
 10     return 301 https://emby.domainB$request_uri;
 11 }

Not a nginx guru :|

 

 

@@Luke
That would explain the 401 I believe. Curling the endpoint with a GET request returns the same 401 response for me.

 

I may just do as @@pir8radio suggested.

I tested accessing the server via the domain not in the emby "External Domain" setting and that works ok.

Not something super urgent, was just looking for ideas in case anyone else has gone through this same situation before.

 

Reading online, it looks like redirecting a post request may be against the spec.

https://stackoverflow.com/a/27800958

Edited December 12, 2019 by josevh

[pir8radio 1312]

@@pir8radio 

 

Redirect conf:

  1 server {
  2     listen 80;
  3     server_name emby.domainA;
  4     return 301 http://emby.domainB$request_uri;
  5 }
  6 
  7 server {
  8     listen 443;
  9     server_name emby.domainA;
 10     return 301 https://emby.domainB$request_uri;
 11 }

Not a nginx guru :|

 

 

@@Luke

That would explain the 401 I believe. Curling the endpoint with a GET request returns the same 401 response for me.

 

I may just do as @@pir8radio suggested.

I tested accessing the server via the domain not in the emby "External Domain" setting and that works ok.

Not something super urgent, was just looking for ideas in case anyone else has gone through this same situation before.

 

Reading online, it looks like redirecting a post request may be against the spec.

https://stackoverflow.com/a/27800958

 

FYI your listen on 80 and 443 can be in one server block

  1  server {
  2     listen 80;
  3     listen 443;
  4     server_name emby.domainA;
  5     return 301 https://emby.domainB$request_uri;
  6  }

If you don't want to force them to https and you want http to stay http and https to stay https you can do:

  1  server {
  2     listen 80;
  3     listen 443;
  4     server_name emby.domainA;
  5     return 301 $Scheme://emby.domainB$request_uri;
  6  }