Shirka 0 Posted June 4, 2021 Posted June 4, 2021 (edited) Hi, Im sorry to have to ask this but I think I may have gotten a little bit lost somewhere, I have like many others here came over from Plex and would like to applaud the team behind Emby as it so much of a better user experience and runs smoothly but I have not much networking knowledge. So far I have managed to set up a DDNS accout with DuckDNS I have changed the Network Settings in Emby so that External domain: mydomain.duckdns.org, I then opened up the setting in my modem and added the ddns account and opened up ports 80,443 and 8096 so far so good (I hope) after that I have watched and read so many guides on NginX that I think I may have gotten lost along the way. I forgot to mention I am using Xubuntu 20.04, I have installed NginX as all the guides show the same method sudo apt-get install nginx I have allowed firewall rules in ufw for nginx (I hope im still doing ok so far lol). After this is followed a guide this guide: sudo nano /etc/nginx/conf.d/emby.conf and put the following in nano txt editor server { listen 80; server_name mydomain.duckdns.org; location / { proxy_pass http://mydomain.duckdns.org:8096; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #upgrade to WebSocket protocol when requested proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } } when I run nginx -t it says everything is good, So i then installed certbot and python3-certbot-nginx and then run the following command: sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --myemail@example.com -d mydomain.duckdns.org. now everything seems to be going well or is it IDK lol I have ad no errors running the commands when I run the nginx test it says everythins is good when I access the Emby app remotely everything is working but...... when I open a web browser and try remotely Nothing the page doesn't load. I was hoping if anyone checks this out could you please let me know if it's ok or do I need to change somethings if so could you please point me in the right direction please The guide I followed is here - https://www.linuxbabe.com/ubuntu/install-plex-media-server-ubuntu-18-04 all I didwas substitute Plex for Emby. Any help given is greatly appreciated and thank you for taking the time to read this, Also sorry if I have put this in the wrong section. This is actually my first time posting on a forum lol slightly nervous . Edited June 4, 2021 by Shirka Personal
Luke 42079 Posted June 4, 2021 Posted June 4, 2021 Hi, beyond SSL, the other thing I would look at is ensuring all of your local server users have passwords. 1
Shirka 0 Posted June 5, 2021 Author Posted June 5, 2021 Thank you Luke, Yeah all users have strong passwords generated by Bitwarden. Everything seems to be running very smoothly, when i enter my domain.duckdns.org I get directed to my emby server and it shows it is secure but on the emby dashboard it still shows as http : 8096 it also shows this remotely on the Emby App. Is there anything I can do to correct this or is this how it should be even with the changes made. Any help is greatly appreciated :)
mastrmind11 722 Posted June 5, 2021 Posted June 5, 2021 5 hours ago, Shirka said: Thank you Luke, Yeah all users have strong passwords generated by Bitwarden. Everything seems to be running very smoothly, when i enter my domain.duckdns.org I get directed to my emby server and it shows it is secure but on the emby dashboard it still shows as http : 8096 it also shows this remotely on the Emby App. Is there anything I can do to correct this or is this how it should be even with the changes made. Any help is greatly appreciated you're only redirecting 80 in your proxy and completely disregarding your ssl setup. here's mine: server { listen [::]:80 default_server; listen 80 default_server; listen [::]:443 ssl http2 default_server; listen 443 ssl http2 default_server; return 444; ssl_session_timeout 10m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate /etc/ssl/certs/cert.pem; ssl_certificate_key /etc/ssl/private/key.pem; } server { # SSL configuration include /etc/nginx/proxy.conf; listen 443 ssl http2; listen [::]:443 ssl http2; server_name my.domain.com; #Add HSTS Header add_header Strict-Transport-Security "max-age=15552000; preload" always; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection "1; mode=block"; add_header Referrer-Policy "no-referrer"; ssl on; ssl_certificate /etc/ssl/certs/cert.pem; ssl_certificate_key /etc/ssl/private/key.pem; # Root location root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.php index.nginx-debian.html; # Change the client side error pages (4xx) to prevent some information disclosure error_page 401 403 404 /404.html; # Deny access to .htaccess files, if Apache's document # root concurs with nginx's one location ~ /\.ht { deny all; } location / { proxy_pass http://10.0.1.152:8096; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Next three lines allow websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } }
Shirka 0 Posted June 5, 2021 Author Posted June 5, 2021 Wow Thank you Mastermind . Out of curiosity and stupid question but if I copy and paste that config and edit my info in would that work?.
Shirka 0 Posted June 6, 2021 Author Posted June 6, 2021 OK is this better (Fingers Crossed) server { server_name mydomain.duckdns.org; location / { proxy_pass http://my-ip:8096; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #upgrade to WebSocket protocol when requested proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/mydomain.duckdns.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/mydomain.duckdns.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot ssl_trusted_certificate /etc/letsencrypt/live/mydomain.duckdns.org/chain.pem; # managed by Certbot ssl_stapling on; # managed by Certbot ssl_stapling_verify on; # managed by Certbot } server { if ($host = mydomain.duckdns.org) { return 301 https://$host$request_uri; } # managed by Certbot return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name mydomain.duckdns.org; location / { proxy_pass http://mydomain.duckdns.org:8096; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #upgrade to WebSocket protocol when requested proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } } Again any help is very much greatly appreciated:)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now