crusher11 1101 Posted July 12, 2021 Author Posted July 12, 2021 9 minutes ago, vdatanet said: Well, that’s progress. If you click on the browser security lock, what information does the ssl certificate give you?
vdatanet 1617 Posted July 12, 2021 Posted July 12, 2021 I have no experience with Cloudflare because I use Nginx, but it looks like the browser connects directly to the server instead of using the Cloudflare proxy. Cloudflare origin certificate certificate is not trusted - Security - Cloudflare Community
crusher11 1101 Posted July 12, 2021 Author Posted July 12, 2021 7 minutes ago, vdatanet said: I have no experience with Cloudflare because I use Nginx, but it looks like the browser connects directly to the server instead of using the Cloudflare proxy. Cloudflare origin certificate certificate is not trusted - Security - Cloudflare Community Because we changed CloudFlare from proxied to DNS only. I changed it back. https://domain is still not secure, but now it says the certificate is valid.
vdatanet 1617 Posted July 12, 2021 Posted July 12, 2021 1 minute ago, crusher11 said: Because we changed CloudFlare from proxied to DNS only. I changed it back. https://domain is still not secure, but now it says the certificate is valid. Clear the browser cache.
crusher11 1101 Posted July 12, 2021 Author Posted July 12, 2021 (edited) 9 minutes ago, vdatanet said: Clear the browser cache. https://domain is now secure. remoteip:443 still gives an empty response error though. Not that people should be accessing it via IP anyway. Edited July 12, 2021 by crusher11
vdatanet 1617 Posted July 12, 2021 Posted July 12, 2021 4 minutes ago, crusher11 said: remoteip:443 still gives an empty response error though It does not make sense to access an ssl web using an IP.
crusher11 1101 Posted July 12, 2021 Author Posted July 12, 2021 1 minute ago, vdatanet said: It does not make sense to access an ssl web using an IP. Right, like I said, nobody should be accessing via IP so it doesn't really matter. Now where are we at?
vdatanet 1617 Posted July 12, 2021 Posted July 12, 2021 (edited) 4 minutes ago, crusher11 said: Right, like I said, nobody should be accessing via IP so it doesn't really matter. Now where are we at? For me everything is correct, if you want to make things more complicated, then go to the forums of Emby - Synology asking for help to make Nginx work on Synology (I can not help here). When you have Nginx running on Synology, we can review its settings. Edited July 12, 2021 by vdatanet
crusher11 1101 Posted July 12, 2021 Author Posted July 12, 2021 Just now, vdatanet said: For me everything is correct, if you want to make things more complicated, then go to the forums of Emby - Synology asking for help to make Nginx work on Synology (I can not help here). When you have Nginx running on Synology, we can review its settings. I have NGINX set up in a docker container, that's already good to go.
vdatanet 1617 Posted July 12, 2021 Posted July 12, 2021 2 minutes ago, crusher11 said: I have NGINX set up in a docker container, that's already good to go. Let's test it: http://nasip https://nasip Are you still redirected to port 5000 and 5001, showing the DSM operating system?
crusher11 1101 Posted July 12, 2021 Author Posted July 12, 2021 Just now, vdatanet said: Let's test it: http://nasip https://nasip Are you still redirected to port 5000 and 5001, showing the DSM operating system? Should I be turning NGINX on before doing this, or not?
vdatanet 1617 Posted July 12, 2021 Posted July 12, 2021 Just now, crusher11 said: Should I be turning NGINX on before doing this, or not? Yes
crusher11 1101 Posted July 12, 2021 Author Posted July 12, 2021 2 minutes ago, vdatanet said: Yes Yep, I'm getting the DSM login screen on both addresses.
vdatanet 1617 Posted July 12, 2021 Posted July 12, 2021 4 minutes ago, crusher11 said: Yep, I'm getting the DSM login screen on both addresses. Edit nginx config. Change this: server { listen [::]:80; ## Listens on port 80 IPv6 listen 80; ## Listens on port 80 IPv4 listen [::]:443 ssl http2; ## Listens on port 443 IPv6 with http2 and ssl enabled listen 443 ssl http2; ## Listens on port 443 IPv4 with http2 and ssl enabled For this: server { listen [::]:8080; ## Listens on port 8080 IPv6 listen 8080; ## Listens on port 8080 IPv4 listen [::]:4343 ssl http2; ## Listens on port 4343 IPv6 with http2 and ssl enabled listen 4343 ssl http2; ## Listens on port 4343 IPv4 with http2 and ssl enabled Restart nginx and test again: http://nasip:8080 https://nasip:4343
crusher11 1101 Posted July 12, 2021 Author Posted July 12, 2021 2 minutes ago, vdatanet said: Edit nginx config. Change this: server { listen [::]:80; ## Listens on port 80 IPv6 listen 80; ## Listens on port 80 IPv4 listen [::]:443 ssl http2; ## Listens on port 443 IPv6 with http2 and ssl enabled listen 443 ssl http2; ## Listens on port 443 IPv4 with http2 and ssl enabled For this: server { listen [::]:8080; ## Listens on port 8080 IPv6 listen 8080; ## Listens on port 8080 IPv4 listen [::]:4343 ssl http2; ## Listens on port 4343 IPv6 with http2 and ssl enabled listen 4343 ssl http2; ## Listens on port 4343 IPv4 with http2 and ssl enabled Restart nginx and test again: http://nasip:8080 https://nasip:4343 Connection refused on 8080, invalid certificate followed by what seems to be an infinite loading time on 4343.
crusher11 1101 Posted July 12, 2021 Author Posted July 12, 2021 Okay, 4343 finally loaded: it's a 502 bad gateway error from NGINX.
vdatanet 1617 Posted July 12, 2021 Posted July 12, 2021 2 minutes ago, crusher11 said: Connection refused on 8080, invalid certificate followed by what seems to be an infinite loading time on 4343. At least nginx works. Is this the correct certificate path?: ## SSL SETTINGS ## ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate ssl/cert.pem; ## Location of your public PEM file. ssl_certificate_key ssl/private.key; ## Location of your private PEM file. ssl_session_cache shared:SSL:10m; And you have this: location / { proxy_pass http://127.0.0.1:8096; ## Enter the IP and port of the backend emby server here.
crusher11 1101 Posted July 12, 2021 Author Posted July 12, 2021 I'm not sure about the SSL path...what's it relative to?
vdatanet 1617 Posted July 12, 2021 Posted July 12, 2021 Just now, crusher11 said: I'm not sure about the SSL path...what's it relative to? In my config file is absolute.
vdatanet 1617 Posted July 12, 2021 Posted July 12, 2021 (edited) When nginx works, then just change the router port forwarding: Public (80) to Private (8080) Public (443) to Private (4343) Llavors tindràs: Emby <-> Nginx <-> Cloudflare Edited July 12, 2021 by vdatanet
crusher11 1101 Posted July 12, 2021 Author Posted July 12, 2021 (edited) 8 minutes ago, vdatanet said: In my config file is absolute. Well mine seems to be relative to something, and I'm not sure how having it in a docker container affects things either. That said it fails on 8080 so can the cert be to blame? Edited July 12, 2021 by crusher11
vdatanet 1617 Posted July 12, 2021 Posted July 12, 2021 1 minute ago, crusher11 said: Well mine seems to be relative to something, and I'm not sure how having it in a docker container affects things either. NGINX and SSL On Docker on Synology NAS | Life, The Universe and ... Everything! (abubakar.net)
vdatanet 1617 Posted July 12, 2021 Posted July 12, 2021 Forget what you had before, it didn't work, you had it set up Emby - Cloudflare.
vdatanet 1617 Posted July 12, 2021 Posted July 12, 2021 (edited) Perhaps this document is clearer: Things Ian Says :: Enabling https with Nginx, Docker, and LetsEncrypt (ian-says.com) You have to use the mount path: Edited July 12, 2021 by vdatanet
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now