Apps cant connect to my Emby behind Nginx

[Stumpy 0]

Hi

 

I got the Problem hat one of my mates wants to use Chromecast and the emby app on his mobile to watch things on my emby server which dosnt work.

My emby server is running since several years and my family and i did always watch the shows in a browser like google chrome which worked finde from any location.

 

I have set up a reverse proxy on another container, where my nginx is installed.

I can connect to it via mydomain.de/emby and its secure and fine.

 

If my dude starts a stream on his mobile and starts chromecast, the chromecast dosnt load anything.

there is just the emby sign and a loading circle.

 

i saw, that several people had the same problem before, but i cant figure out my problem with their resolutions. (https://emby.media/community/index.php?/topic/57583-3-sony-atvs-all-exhibit-the-same-issue/)

i hope someone here can help me, like @@pir8radio

 

i tried the emby app myself on my android mobile, but couldnt connect to my server.

here my error.log

2021/01/22 10:09:16 [error] 7132#7132: *14910 FastCGI sent in stderr: "PHP message: PHP Warning:  file_put_contents(/var/www/mydomain.de/html/api/functions/cert/cacert.pem): failed to open stream: Permission denied in /var/www/mydomain.de/html/api/functions/normal-functions.php on line 580PHP message: PHP Warning:  file_put_contents(/var/www/mydomain.de/html/api/functions/cert/cacert.pem): failed to open stream: Permission denied in /var/www/mydomain.de/html/api/functions/normal-functions.php on line 580PHP message: PHP Warning:  file_put_contents(/var/www/mydomain.de/html/api/functions/cert/cacert.pem): failed to open stream: Permission denied in /var/www/mydomain.de/html/api/functions/normal-functions.php on line 580PHP message: PHP Warning:  file_put_contents(/var/www/mydomain.de/html/api/functions/cert/cacert.pem): failed to open stream: Permission denied in /var/www/mydomain.de/html/api/functions/normal-functions.php on line 580PHP message: PHP Warning:  file_put_contents(/var/www/mydomain.de/html/api/functions/cert/cacert.pem): failed to open stream: Permission denied in /var/www/mydomain.de/html/api/functions/normal-functions.php on line 580PHP message: PHP Warning:  file_put_contents(/var/www/mydomain.de/html/api/functions/cert/cacert.pem): failed to open stream: Permission denied in /var/www/mydomain.de/html/api/functions/normal-functions.php on line 580" while reading response header from upstream, client: 195.145.170.182, server: mydomain.de, request: "GET /api/v2/homepage/calendar HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "mydomain.de"

 

my acces.log

external ip - - [22/Jan/2021:10:09:16 +0000] "GET /emby:8096/emby/system/info/public HTTP/2.0" 302 154 "-" "Mozilla/5.0 (Linux; Android 6.0.1; A0001 Build/MHC19Q; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36"
external ip - - [22/Jan/2021:10:09:16 +0000] "GET /?error=401&return=/emby:8096/emby/system/info/public HTTP/2.0" 200 4459 "-" "Mozilla/5.0 (Linux; Android 6.0.1; A0001 Build/MHC19Q; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36"

 

nginx config.

##Orgv2 Let's encrypt vhost 
##vhost_template_v: v1.6.2
##author: elmerfdz

upstream php-handler {
    server unix:/run/php/php7.4-fpm.sock;
}


# SEPIA WebSockets
map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
}

## http://mydomain.de redirects to https://mydomain.de
        include config/mydomain.de/http_server.conf;

## Serves https://www.mydomain.de
server {
        listen 443 ssl http2; listen [::]:443 ssl http2;

        # port to listen to 
        listen 20726 ssl http2;
        listen [::]:20726 ssl http2;

        server_name mydomain.de;
        include /etc/nginx/config/mydomain.de/ssl.conf;
        root /var/www/mydomain.de/html;
        index index.php index.html index.htm index.nginx-debian.html;
        location ~ /auth-(.*) { rewrite ^/auth-(.*) /api/v2/auth?group=$1; } #Org Auth
    error_page 401 $scheme://$server_name/?error=$status&return=$request_uri;
        error_page 400 402 403 404 405 408 500 502 503 504 $scheme://$server_name/?error=$status;
        location / {try_files $uri $uri/ =404;}
        include config/mydomain.de/phpblock.conf;  #PHP Block
        include conf.d/apps/*.conf;  #apps #Uncomment to enable apps
     #
        # Add headers to serve security related headers
                        #  
        # HSTS (ngx_http_headers_module is required)
        # In order to be recoginzed by SSL test, there must be an index.hmtl in the server's root
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload;" always;
#       add_header X-Content-Type-Options "nosniff" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Robots-Tag none always;
        add_header X-Download-Options noopen always;
        add_header X-Permitted-Cross-Domain-Policies none always;
        add_header Referrer-Policy no-referrer always;
 #       add_header X-Frame-Options "SAMEORIGIN" always;

      # Remove X-Powered-By, which is an information leak
     fastcgi_hide_header X-Powered-By;

#       location = / {
 #       # Disable access to the web root, otherwise nginx will show the default site here.
#               deny all;
 #       }
 #
#       #

#       #
        # Nextcloud
        #
        location ^~ /nextcloud/ {
        # Set max. size of a request (important for uploads to Nextcloud)
                client_max_body_size 50G;
                # Besides the timeout values have to be raised in nginx' Nextcloud config, these values have to be raised for the proxy as well
                proxy_connect_timeout 3600;
                proxy_send_timeout 3600;
                proxy_read_timeout 3600;
                send_timeout 3600;


                proxy_buffering off;
                proxy_request_buffering off;
                proxy_max_temp_file_size 10240m;
                proxy_set_header Host $host;
                                proxy_set_header X-Real-IP $remote_addr;
                proxy_pass http://127.0.0.1:82;
                proxy_redirect off;
        }

        # These two location blocks are needed, otherwise you'll get warnings in the Nextcloud admin UI later on
        location = /.well-known/carddav {
                return 301 $scheme://$host/nextcloud/remote.php/dav;
        }

        location = /.well-known/caldav {
                return 301 $scheme://$host/nextcloud/remote.php/dav;
        }

        # Well-known URL for Webfinger
        # Regardless of this rule, you'll get a warning in the admin UI when the social app is not installed
        location = /.well-known/webfinger {
                return 301 $scheme://$host/nextcloud/public.php?service=webfinger;
        }

        location ~ /(ocm-provider|ocs-provider)/ {
                return 301 $scheme://$host/nextcloud/$1/;
        }




        location /sepia/assist/ {
                proxy_pass http://192.168.1.214:20721/;
        }
        location /sepia/teach/ {
                proxy_pass http://192.168.1.214:20722/;
        }
        location /sepia/chat/ {
                proxy_pass http://192.168.1.214:20723/;
        }
        location /sepia/chat/messages/ {
                proxy_pass http://192.168.1.214:20723/messages/;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
                proxy_read_timeout 14400;
        }
#       location /stt/socket/ {
#               proxy_pass http://192.168.1.214:9000/;
#       }




location ~ ^/auth-(.*) {
        ## Has to be local ip or local DNS name or if Proxied use proxy address
        proxy_pass http://192.168.1.206/api/v2/auth?group=$1;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
}

location /api/v2 {
        try_files $uri /api/v2/index.php$is_args$args;
}


}

nginx emby app config

 

# EMBY Reverse Proxy
location /emby {
    auth_request /auth-4;
        proxy_pass http://192.168.1.205:8096;
#       proxy_http_version 1.1;
#       proxy_set_header Upgrade $http_upgrade;
#       proxy_set_header Connection $http_connection;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#       proxy_set_header Host $server_name;
#       proxy_set_header X-Forwarded-Proto $remote_addr;
#       proxy_set_header X-Forwarded-Host $remote_addr;
#       proxy_buffering         off;
#       client_max_body_size    0;


}

 

[Luke 42077]

Hi, did you compare your nginx configuration to @pir8radio?

[Stumpy 0]

yes i compared it and tried to change my config to the differend parts but then i cant even connect in my own network anymore.

[pir8radio 1312]

10 hours ago, Stumpy said:

yes i compared it and tried to change my config to the differend parts but then i cant even connect in my own network anymore.

have you tried sub.domain   vs sub/directory ?    Usually the cause.