Jump to content

Recommended Posts

crusher11
Posted
9 minutes ago, vdatanet said:

Well, that’s progress. If you click on the browser security lock, what information does the ssl certificate give you?

image.png.243279b671b94b2c2b51f29347d0784c.png 

 

Screenshot 2021-07-12 15.41.36.png

Screenshot 2021-07-12 15.41.53.png

Screenshot 2021-07-12 15.41.57.png

crusher11
Posted
7 minutes ago, vdatanet said:

I have no experience with Cloudflare because I use Nginx, but it looks like the browser connects directly to the server instead of using the Cloudflare proxy. 

Cloudflare origin certificate certificate is not trusted - Security - Cloudflare Community

Because we changed CloudFlare from proxied to DNS only. I changed it back.

https://domain is still not secure, but now it says the certificate is valid.

vdatanet
Posted
1 minute ago, crusher11 said:

Because we changed CloudFlare from proxied to DNS only. I changed it back.

https://domain is still not secure, but now it says the certificate is valid.

Clear the browser cache.

crusher11
Posted (edited)
9 minutes ago, vdatanet said:

Clear the browser cache.

https://domain is now secure.

remoteip:443 still gives an empty response error though. Not that people should be accessing it via IP anyway.

Edited by crusher11
vdatanet
Posted
4 minutes ago, crusher11 said:

remoteip:443 still gives an empty response error though

It does not make sense to access an ssl web using an IP.

crusher11
Posted
1 minute ago, vdatanet said:

It does not make sense to access an ssl web using an IP.

Right, like I said, nobody should be accessing via IP so it doesn't really matter.

Now where are we at? 

vdatanet
Posted (edited)
4 minutes ago, crusher11 said:

Right, like I said, nobody should be accessing via IP so it doesn't really matter.

Now where are we at? 

For me everything is correct, if you want to make things more complicated, then go to the forums of Emby - Synology asking for help to make Nginx work on Synology (I can not help here). When you have Nginx running on Synology, we can review its settings.

Edited by vdatanet
crusher11
Posted
Just now, vdatanet said:

For me everything is correct, if you want to make things more complicated, then go to the forums of Emby - Synology asking for help to make Nginx work on Synology (I can not help here). When you have Nginx running on Synology, we can review its settings.

I have NGINX set up in a docker container, that's already good to go. 

vdatanet
Posted
2 minutes ago, crusher11 said:

I have NGINX set up in a docker container, that's already good to go. 

Let's test it:

http://nasip

https://nasip

Are you still redirected to port 5000 and 5001, showing the DSM operating system?

crusher11
Posted
Just now, vdatanet said:

Let's test it:

http://nasip

https://nasip

Are you still redirected to port 5000 and 5001, showing the DSM operating system?

Should I be turning NGINX on before doing this, or not? 

vdatanet
Posted
Just now, crusher11 said:

Should I be turning NGINX on before doing this, or not? 

Yes

crusher11
Posted
2 minutes ago, vdatanet said:

Yes

Yep, I'm getting the DSM login screen on both addresses.

vdatanet
Posted
4 minutes ago, crusher11 said:

Yep, I'm getting the DSM login screen on both addresses.

Edit nginx config. Change this:

server {
    listen [::]:80;   		## Listens on port 80 IPv6
    listen 80; 			## Listens on port 80 IPv4
    listen [::]:443 ssl http2;	## Listens on port 443 IPv6 with http2 and ssl enabled
    listen 443 ssl http2;	## Listens on port 443 IPv4 with http2 and ssl enabled

For this:

server {
    listen [::]:8080;   		## Listens on port 8080 IPv6
    listen 8080; 			## Listens on port 8080 IPv4
    listen [::]:4343 ssl http2;	## Listens on port 4343 IPv6 with http2 and ssl enabled
    listen 4343 ssl http2;	## Listens on port 4343 IPv4 with http2 and ssl enabled

Restart nginx and test again:

http://nasip:8080

https://nasip:4343

crusher11
Posted
2 minutes ago, vdatanet said:

Edit nginx config. Change this:


server {
    listen [::]:80;   		## Listens on port 80 IPv6
    listen 80; 			## Listens on port 80 IPv4
    listen [::]:443 ssl http2;	## Listens on port 443 IPv6 with http2 and ssl enabled
    listen 443 ssl http2;	## Listens on port 443 IPv4 with http2 and ssl enabled

For this:


server {
    listen [::]:8080;   		## Listens on port 8080 IPv6
    listen 8080; 			## Listens on port 8080 IPv4
    listen [::]:4343 ssl http2;	## Listens on port 4343 IPv6 with http2 and ssl enabled
    listen 4343 ssl http2;	## Listens on port 4343 IPv4 with http2 and ssl enabled

Restart nginx and test again:

http://nasip:8080

https://nasip:4343

Connection refused on 8080, invalid certificate followed by what seems to be an infinite loading time on 4343.

crusher11
Posted

Okay, 4343 finally loaded: it's a 502 bad gateway error from NGINX.

 

vdatanet
Posted
2 minutes ago, crusher11 said:

Connection refused on 8080, invalid certificate followed by what seems to be an infinite loading time on 4343.

At least nginx works. Is this the correct certificate path?:

     ## SSL SETTINGS ##
        ssl_session_timeout 30m;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
	ssl_certificate      ssl/cert.pem;  ## Location of your public PEM file.
	ssl_certificate_key  ssl/private.key;  ## Location of your private PEM file.
        ssl_session_cache shared:SSL:10m;

And you have this:

location / {
        proxy_pass http://127.0.0.1:8096;  ## Enter the IP and port of the backend emby server here.

 

crusher11
Posted

I'm not sure about the SSL path...what's it relative to?

 

vdatanet
Posted
Just now, crusher11 said:

I'm not sure about the SSL path...what's it relative to?

 

In my config file is absolute.

vdatanet
Posted (edited)

When nginx works, then just change the router port forwarding:

Public (80) to Private (8080)

Public (443) to Private (4343)

Llavors tindràs:

Emby <-> Nginx <-> Cloudflare

 

Edited by vdatanet
crusher11
Posted (edited)
8 minutes ago, vdatanet said:

In my config file is absolute.

Well mine seems to be relative to something, and I'm not sure how having it in a docker container affects things either. 

 

That said it fails on 8080 so can the cert be to blame? 

Edited by crusher11
vdatanet
Posted

In this example, I see absolute paths:

image.png.ef2403344baa69e9c0bb8427c4b138df.png

vdatanet
Posted

Forget what you had before, it didn't work, you had it set up Emby - Cloudflare.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...