judgey 13 Posted January 16, 2021 Posted January 16, 2021 Hey again, as u know im setting up my server (again) I have nginx and have setup a sub domain for emby also just to note i also have setup cloud flare. Anyway in a browser sub domain is fine everything works, when i try and add the sub domain in the emby app its not excepting it at all (android) but works ok with ip. Am i missing anything? do you need any logs or anything let me know. thank u guys!
judgey 13 Posted January 16, 2021 Author Posted January 16, 2021 Quote server { if ($host = emby.*******.stream) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name emby.*******.stream; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; ## Listens on port 443 IPv4 with http2 and ssl enabled server_name emby.*******.stream; ## enter your service name and domain name here example emby.domainname.com add_header Strict-Transport-Security "max-age=31536000"; ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.3; ssl_certificate /etc/letsencrypt/live/emby.*******.stream/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/emby.******.stream/privkey.pem; # managed by Certbot ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; client_max_body_size 0; location / { proxy_pass http://127.0.0.1:8096; proxy_hide_header X-Powered-By; ## Hides nginx server version from bad guys. proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested. proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested. proxy_set_header X-Real-IP $remote_addr; ## Passes the real client IP to the backend server. proxy_set_header Host $host; ## Passes the requested domain name to the backend server. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server. ## ADDITIONAL SECURITY SETTINGS ## ## Optional settings to improve security ## ## add these after you have completed your testing and ssl setup ## add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header Strict-Transport-Security "max-age=15552000; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client. proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } }
judgey 13 Posted January 16, 2021 Author Posted January 16, 2021 So been mesisng with settings, emby is running but now can not access emby at all, i changed ports... is there a way to fix this?
Q-Droid 989 Posted January 16, 2021 Posted January 16, 2021 (edited) Apps don't like HTTP redirects . Does using host and port in the app setup make a difference? With 301s in the global section that might be throwing the apps a response they don't like. Since you also mentioned CloudFlare are you using it for anything other than DNS? And your public port settings in Emby should match your entry point (proxy) ports. Edited January 16, 2021 by Q-Droid 1
judgey 13 Posted January 16, 2021 Author Posted January 16, 2021 Its proxied in cloud flare not dns only (was only to hide ip not a prob tho) Ill try different settings with http thanks mate ill be back
judgey 13 Posted January 16, 2021 Author Posted January 16, 2021 Yep DNS Only works, shame i can not hide my ip.
Q-Droid 989 Posted January 16, 2021 Posted January 16, 2021 You should be able to get all of it working, including the CF proxy, but do it one layer at a time making sure each works before you move to the next. It will be easier to troubleshoot when you know where it stops working. Since you want to double up on the proxies you have to make sure each config is correct or you can easily get lost down the rabbit hole.
judgey 13 Posted January 16, 2021 Author Posted January 16, 2021 When i pick use ssl emby dont have permission to veiw the cert
Q-Droid 989 Posted January 16, 2021 Posted January 16, 2021 You have to decide how you want to have this configured. CloudFlare SSL Proxy <--> WAN IP <--> Emby SSL with CF origin cert or CF SSL Proxy <--> WAN IP <--> NGNIX Proxy SSL with CF origin cert <--> Emby SSL handled by reverse proxy or CF DNS <--> WAN IP <--> NGINX Proxy SSL with LetsEncrypt cert <--> Emby SSL handled by reverse proxy or others, but you get the idea.
mastrmind11 722 Posted January 16, 2021 Posted January 16, 2021 fwiw, i found option 2 to be the simplest and most intuitive way to do it. i also found there to be a lot more tutorials on option 2 than the others. i mean why not use CF's cert, if you're going to use them anyway, and setting a reverse proxy is so well documented its pretty trivial at this point.
Luke 42077 Posted January 17, 2021 Posted January 17, 2021 8 hours ago, judgey said: thank u guys Has this helped you find a solution?
judgey 13 Posted January 17, 2021 Author Posted January 17, 2021 Not yet luke, i think its because im on free plan, have googled and someone said once they paid for CF all their problems disappeared. Im only on the free version so maybe i have limited what ever is limited. Im a total newbie to DNS stuff learning as i go. Mark it solved tho as i dont think ill bother with CF to many probs for me
mastrmind11 722 Posted January 18, 2021 Posted January 18, 2021 18 hours ago, judgey said: Not yet luke, i think its because im on free plan, have googled and someone said once they paid for CF all their problems disappeared. Im only on the free version so maybe i have limited what ever is limited. Im a total newbie to DNS stuff learning as i go. Mark it solved tho as i dont think ill bother with CF to many probs for me I'm on the free and everything works as expected. what tutorial are you following to set this up?
judgey 13 Posted January 18, 2021 Author Posted January 18, 2021 Hey no guide mate was just looking at other peoples comments. I use QB (automated seedbox stuff) it auto installs for you but dont change anything just installs. With nginx i added the subdomain in "sites enabled" all works ok but as soon as i load cloud flare proxy i can not use the sub domain in apps (where u add a new server in emby) Also with CF enabled sonarr/radarr after a few min the web iface comes back with API error so got to keep refreshing page. I have no problems with CF disabled.
MRobi 161 Posted January 18, 2021 Posted January 18, 2021 (edited) @judgey try changing your public https port to 443 and http port to 80. Externally with nginx you're connecting to 443 which is being redirected to an internal port of 8096 or 8920 EDIT: NM, I see that was mentioned above Edited January 18, 2021 by MRobi 1
judgey 13 Posted January 18, 2021 Author Posted January 18, 2021 Hey mate, i just re-setup the whole CF domain, it works now (in app) if i use port 80 thanks loads for that!!
mastrmind11 722 Posted January 18, 2021 Posted January 18, 2021 (edited) 1 hour ago, judgey said: Hey mate, i just re-setup the whole CF domain, it works now (in app) if i use port 80 thanks loads for that!! but that defeats the purpose of SSL and your proxy. if you redirect 80 to 443 in nginx you're half way there, otherwise you might as well just DDNS and port forward 80 to 8096. Edited January 18, 2021 by mastrmind11 1
judgey 13 Posted January 18, 2021 Author Posted January 18, 2021 Ok cool but im really clueless with this stuff. What do i need to do now? Do you want nginx configs or anything like that.
judgey 13 Posted January 18, 2021 Author Posted January 18, 2021 Dont matter guys all working, dont know if Cf needed to catch up but 443 works spot on. Thanks loads for all you input and patience i would of gave up a long time ago. Stay safe 1
judgey 13 Posted January 19, 2021 Author Posted January 19, 2021 (edited) Really sorry guys having probs again.... I can login to my emby using the emby app on my phone but on the tv app mine and a mates (different tvs/os) its not working at all. Says error connecting anything i missed? Works if i use IP but not domain, is there a setting sorry guys EDIT If i use port 80 is adds server but wont allow me to login, says details are wrong... works fine on my phone for some reason Edited January 19, 2021 by judgey
Luke 42077 Posted January 19, 2021 Posted January 19, 2021 Perhaps the tv can't resolve the domain? It's really hard to say what it might be, but if it's working by ip address then why not just use that?
judgey 13 Posted January 19, 2021 Author Posted January 19, 2021 Only because CF has better peering so did not think just using an ip would work, would that not bypass CF? I aint got a clue... Also just to keep my ip private but its not important just wanted it working
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now