cryzis 7 Posted April 17, 2021 Posted April 17, 2021 Is there a way to extend functionality of the many envy clients? I was hoping there might be a way to add custom headers to each request made by the various client apps. This would allow the request to make it through an third party authentication layer (Cloudflare Access) Thoughts?
ebr 16169 Posted April 17, 2021 Posted April 17, 2021 Hi. No there are no app plug-ins but exactly what issue are you trying to solve? There is probably another way.
cryzis 7 Posted April 17, 2021 Author Posted April 17, 2021 (edited) 1 hour ago, ebr said: Hi. No there are no app plug-ins but exactly what issue are you trying to solve? There is probably another way. Sure, so I am exposing emby through the use of Cloudflare Argo(now Tunnel). A daemon runs on the server and creates an outbound connection to cloud flare. The service can then securely route the traffic to my server with no need to open ports or expose my public IP (Think robust external reverse proxy). Cloudflare has another service called Access. It’s an https authentication layer that can sit in front of your domains that point to your server. emby.myserver.com must first authenticate before routing through fornweb services the user can just log in and they are good to go. So the web app works fine. This auth of course isn’t supported by the envy clients so they can’t get through. Access supports service tokens, you can include 2 custom request headers on each request and the traffic will be let through every time, no log in needed. if I could extend the clients to somehow to attach these headers with the secret information it would work. Now one workaround I could think of is to run some cloud function that acts as a proxy and adds the headers. Point the client to the proxy and it should work. Issue is the proxy needs to know if it should allow the request. So perhaps I could hook into envy’s built authentication with my emby account. If my proxy function can look at the auth details envy already sends, then somehow check it against embys auth server? I could just hard code against the details as well but that would suck Thoughts? Edited April 17, 2021 by cryzis
Carlo 4560 Posted April 18, 2021 Posted April 18, 2021 Emby clients work just fine through normal Cloudflare just fine without needing to modify anything. I use Cloudflare myself as well as have helped a dozen or so users with it. There is no need to use Argo unless you have a specific reason. If you use a Cloudflare cert and only allow SSL then your Emby Server is only available via Cloudflare and not directly by IP hence no need for a tunnel or Argo.
cryzis 7 Posted April 18, 2021 Author Posted April 18, 2021 2 hours ago, cayars said: Emby clients work just fine through normal Cloudflare just fine without needing to modify anything. I use Cloudflare myself as well as have helped a dozen or so users with it. There is no need to use Argo unless you have a specific reason. If you use a Cloudflare cert and only allow SSL then your Emby Server is only available via Cloudflare and not directly by IP hence no need for a tunnel or Argo. Correct, I was trying to avoid opening up any ports.
KingMovies 8 Posted April 18, 2021 Posted April 18, 2021 5 hours ago, cayars said: Emby clients work just fine through normal Cloudflare just fine without needing to modify anything. I use Cloudflare myself as well as have helped a dozen or so users with it. There is no need to use Argo unless you have a specific reason. If you use a Cloudflare cert and only allow SSL then your Emby Server is only available via Cloudflare and not directly by IP hence no need for a tunnel or Argo. do you cache your emby? Can you help me with that ?
Carlo 4560 Posted April 18, 2021 Posted April 18, 2021 I used to but have turned off the two caching rules I had in place. It seems to cause a problem with the login screen for me. I've been meaning to look into this to see why that is the case.
KingMovies 8 Posted April 18, 2021 Posted April 18, 2021 Just now, cayars said: I used to but have turned off the two caching rules I had in place. It seems to cause a problem with the login screen for me. I've been meaning to look into this to see why that is the case. does that look right for emby beta?
Luke 42077 Posted April 18, 2021 Posted April 18, 2021 That might be too aggressive but play with it. I would suggest opting into individual extensions rather than everything
Carlo 4560 Posted April 18, 2021 Posted April 18, 2021 If you hit a problem with logins or anything else that seems unusual in Emby deactivating rule 1.
KingMovies 8 Posted April 18, 2021 Posted April 18, 2021 Just now, cayars said: If you hit a problem with logins or anything else that seems unusual in Emby deactivating rule 1. so far so good. No problem. But cache is still Percent Cached 0%
Carlo 4560 Posted April 19, 2021 Posted April 19, 2021 Will likely always appear like that as images compared to the streaming media will be under 1% I'd imagine.
pir8radio 1312 Posted April 19, 2021 Posted April 19, 2021 (edited) he wants to use clouflare's auth.. instead of emby for some reason.. Its not a good system i would advise against it. @cryzis And Argo are you sure you are using argo? That will cost you about $6 US per HD movie you stream........ It's not free... Even on my mildly used server it would cost me $303.85/month. Edited April 19, 2021 by pir8radio 1
cryzis 7 Posted April 20, 2021 Author Posted April 20, 2021 3 hours ago, pir8radio said: he wants to use clouflare's auth.. instead of emby for some reason.. Its not a good system i would advise against it. @cryzis And Argo are you sure you are using argo? That will cost you about $6 US per HD movie you stream........ It's not free... Even on my mildly used server it would cost me $303.85/month. So they just announced that they were splitting Argo up, they now offer the same functionality called cloudflare tunnel and that is free. I think using emby's auth is the right way to go here, I was definitely overthinking things. Tunnel + emby's auth and I can still avoid opening ports.
ebr 16169 Posted April 20, 2021 Posted April 20, 2021 12 hours ago, cryzis said: and I can still avoid opening ports Hi. You might "avoid" configuring something yourself but there is no way you are accessing your server externally without an open port...
cryzis 7 Posted April 20, 2021 Author Posted April 20, 2021 10 minutes ago, ebr said: Hi. You might "avoid" configuring something yourself but there is no way you are accessing your server externally without an open port... From their site Cloudflare’s lightweight Argo Tunnel daemon creates an encrypted tunnel between your origin web server and Cloudflare’s nearest data center — all without opening any public inbound ports.
Carlo 4560 Posted April 20, 2021 Posted April 20, 2021 I tried this yesterday and it does work. It's very similar to running behind a public VPN service. It's not the easiest setup to do but could be useful for those people who can't get a public IP address. On windows it requires use of powershell. I had to use a domain, get certs, configure the tunnel, set ingress rules, etc. Then create tunnel and match to service being used. I doubt many people without good networking knowledge will be able to use this in it's current state. If you just want to try the free tunnel with their random subdomain (free method) you can follow the guide here: https://developers.cloudflare.com/argo-tunnel/trycloudflare If you don't mind some random domain this might be worth checking out especially if you don't have a public IP. I think I'd still go for using a public VPN service however. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now