Libresonic+Lets encrypt+DynDNS

Sorry! Typo!
Only the files without .sample will be used. Damn typing on mobile phones!

Zitat von ieronymous

Hm..... so maybe I ll try to see if jellyfin lets me access it remotely doing the exact same steps as in airsonic but with the extra step to change the http and https ports to 90 and 50 accordingly to the docker changes. But should I create 3 files inside letsencrypt jellyfin.subdomain.conf / jellyfin.subdomain.conf.sample / jellyfin.subfolders.conf because all these pre existed for airsonic inside the folder of lets encrypt

Well, I already mentioned in this thread, there is a guide here for emby. I was using it is working for both Emby and jellyfin although on the latest got issue at login not related to the guide Dockers - Secure Emby with LetsEncrypt and Nginx Reverse Proxy on a subdomain
When you got emby working duplicate the file embysubdomain.conf save it as jellyfin.subdomain.conf and change the value for server_name and also at the line
set $upstream_emby emby; replace emby for both instance by jellfin.

For windows people I advice to use winscp to edit the proxy-confs and or change the permissions trust me it will me your life easier.

# make sure that your dns has a cname set for emby, if emby is running in bridge mode, the below config should work as is, although, 
# the container name is expected to be "emby", if not, replace the line "set $upstream_emby emby;" with "set $upstream_emby <containername>;"
# for host mode, replace the line "proxy_pass http://$upstream_emby:8096;" with "proxy_pass http://HOSTIP:8096;" HOSTIP being the IP address of emby
# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url,
# and set the "Secure connection mode" to "Handled by reverse proxy"


server {
    listen 443 ssl;


    server_name mXXXXXXs.*;


add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
    include /config/nginx/ssl.conf;


    client_max_body_size 0;


    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_emby emby;
        proxy_pass http://192.168.2.30:8096;
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Zitat von Nefertiti

That got me confuse since previously you mentioned you add the extra argument in airsonic so I added--network my-net and corrected some typo error in the airsonic.subdomain.conf
Now it is working with https and local, thank you to put me on the right way.

But my main concern, airsonic is still reachable from outside via http://myIPadress:4040 witch defeat the purpose!?

From outside you mean from the internet? And which ip? The ipv4 address your isp assigned to you?

Zitat von Nefertiti

This is my point in jellyfin or emby you can change the ports for http and https from inside the software in advanced page, but for airsonic it could be possible to redirect the port according to https://airsonic.github.io/doc…sites/#configure-airsonic but I should admit it is a little above me, maybe @Morlan , @TechnoDadLife or anybody else could make a guide regarding this part.

To my understanding you don't need to change the ports inside the program since you define the external docker port while configuring the bridged network.

On emby it's different because you run it in host mode.

Zitat von Morlan

From outside you mean from the internet? And which ip? The ipv4 address your isp assigned to you? To my understanding you don't need to change the ports inside the program since you define the external docker port while configuring the bridged network.

yes the ipv4 address my isp assigned to me witch is basically static for me .
I can access it from my phone no wifi or my pc with vpn "http://1XX.XX>XXX.XXX:4040/login" anf of course https://XXXXXXXX.duckdns.org
both are working http port 4040 and https port 433 !
could you clarify this part "you define the external docker port while configuring the bridged network."?

Did you forward port 4040 on your router? I don't think it should be open by default.

Zitat von Nefertiti

could you clarify this part "you define the external docker port while configuring the bridged network."?

when you set up a docker you specify the network mode, for example bridged or host.
The guy in the emby video also mentions this because emby seems to need host mode (where you can't change the ports directly) .
For airsonic I chose bridged as network type (like the letsencrypt docker). There I can change the internal needed port 4040 to something else externally (like in the TDL video when he changes the letsencrypt port from 443 to 450). But then the joined network is necessary.

@ieronymous have you got airsonic working? I just wonder because I have had a lot of problems before I got it to work. I started by following TDL videos. But finally I've got my omv working with letsencrypt, nextcloud and airsonic. So maybe I can explain how I did if you want.

Zitat von Morlan

Did you forward port 4040 on your router? I don't think it should be open by default.

when you set up a docker you specify the network mode, for example bridged or host.The guy in the emby video also mentions this because emby seems to need host mode (where you can't change the ports directly) .
For airsonic I chose bridged as network type (like the letsencrypt docker). There I can change the internal needed port 4040 to something else externally (like in the TDL video when he changes the letsencrypt port from 443 to 450). But then the joined network is necessary.

It was that I forgot to close it since now I got https woking

Thank you for clarifying for me make a lot of sens.

By the way I added the line like @blackhole video to prevent indexing by search engine
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";

server {
        listen 443 ssl;
        listen [::]:443 ssl;


        server_name XXXXXXXX.*;


        add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
        include /config/nginx/ssl.conf;


        client_max_body_size 0;


        location / {
            include /config/nginx/proxy.conf;
            resolver 127.0.0.11 valid=30s;
           set $upstream_airsonic airsonic;
           proxy_pass http://$upstream_airsonic:4040;
        }
    }

Zitat von ieronymous

Nope .... Also used the lineadd_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; restarted both letsencrypt and airsonic

First of all did you follow these 2 TDL videos "Nextcloud, your personal server, on Openmediavault" and "Securely Login to Nextcloud Remotely on Openmediavault". Or did you follow the newer video for letsencrypt and duckdns, "Free SSL Certificates with Letsencrypt on Openmediavault : Updated"
.

I hope you will get it to work! I also thought about writing a guide or do a FAQ for letsencrypt/reverse proxy.
But first of all I will do a little more testing when I get home next week.

A little bit out of context,
On the latest version of jellyfin 10.30.0 security login has been changed,.
so I am posting the emby one and the jellyfin conf .
Both are working.
I also i am using a different port and different subdomain, for each so you can have both working together if you need it. also for configuration inside jellyfin or emby use the guide from @blackhole .

# make sure that your dns has a cname set for emby, if emby is running in bridge mode, the below config should work as is, although, 
# the container name is expected to be "emby", if not, replace the line "set $upstream_emby emby;" with "set $upstream_emby <containername>;"
# for host mode, replace the line "proxy_pass http://$upstream_emby:8096;" with "proxy_pass http://HOSTIP:8096;" HOSTIP being the IP address of emby
# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url,
# and set the "Secure connection mode" to "Handled by reverse proxy"


server {
    listen 443 ssl;


    server_name XXXXXXX.*;


add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
    include /config/nginx/ssl.conf;


    client_max_body_size 0;


    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_emby emby;
        proxy_pass http://192.168.2.30:8096;
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

server {
    listen 443 ssl;


    server_name XXXXXXXX.*;


add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
    include /config/nginx/ssl.conf;


    client_max_body_size 0;


    location / {
      # Proxy main Jellyfin traffic
        proxy_pass http://192.168.2.30:8196;
        proxy_set_header Host $host; 
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;


 }
        location /embywebsocket {
       # Proxy Jellyfin Websockets traffic
         proxy_pass http://192.168.2.30:8196;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Forwarded-Protocol $scheme;
         proxy_set_header X-Forwarded-Host $http_host;
     }
 }

Well my experience with airsonic in real life with reverse proxy is terrible, although I can login, see my huge directory without problem, Playing the music is a different story: a lot of buffering basically nothing play or the fist few second and this on 3 different app. I did not have any of this playing from my public ip :4040 in the same condition, look like too much overhead for letsencrypt.

Because jellyfin changed in their way the handle nginx made me think libresonic development stop 2 years ago, contrary to airsonic and we should not use libresonic conf for it.
I guess we need to adapt the conf according to https://airsonic.github.io/docs/proxy/nginx/
What do you think @Morlan?

The airsonic.subdomains.conf was also only a modified copy of another .conf file. I don't know why the connection is so slow. I did not test it enough yet to have any experiences myself.
The standard nginx configuration provided by letsencrypt container works with the subfolder method. You could try if this is faster.

Zitat von Morlan

The airsonic.subdomains.conf was also only a modified copy of another .conf file. I don't know why the connection is so slow. I did not test it enough yet to have any experiences myself.
The standard nginx configuration provided by letsencrypt container works with the subfolder method. You could try if this is faster.

Basically it seems to brake it since it stop all download to the client cache. Is is possible that, I am not aware of some additional setting in airsonic itself
I never did the subfolder method I am looking at the sample kind of lost there!
Maybe some thing went wrong in my installation I am gonna remove airsonic config in appdatta and start again from scratch.

I can confirm brand new install the speed is about 8 to ten times slower with this conf. file using phone LTE only Ultrasonic application might show the download speed before playing I get around 500kb min without reverse proxy,
but with it the speed is around 45kb average never can go above 95 kb so the cache can never get fill got basically buffering and no playing

over the same phone can play video with emby reverse proxy without any issue

Zitat von Morlan

Otherwise try out the subfolder method. Specify the CONTEXT_PATH parameter in the airsonic container to /airsonic change the airsonic.subfolder.conf.sample to airsonic.subfolder.conf; restart letsencrypt container. Access the gui via https://myserver.duckdns.org/airsonic

Zitat von Morlan

If you have a setup like TDL's first video with nextcloud and letsencrypt. This is the best way to get Airsonic working.

Zitat von ieronymous

Which program and what conf.... So I ll try emby and leave pathetic airsonic giving me nightmares to set it up

I am talking about airsonic.subdomain.conf I think the problem although it connect to airsonic normally, the performances are not there because it is an adaptation from libresonic conf.
libresonic's development has been stopped two years ago, this is probably why I am getting into this issue witch can be OK if your client use internet directly from your ISP and not LTE, but to me the main advantages to use airsonic libresonic is the way i works under condition far from ideal, like at my gym, but right now the way it is configured with this old conf it is not working.
Hopefully someone will be able to make a new conf. according to https://airsonic.github.io/docs/proxy/nginx/ but so far I have tried but no luck.

Do you have any issue with emby or jellyfin?
As for me in term of performances with those and reverse proxy I cannot complain.
.