Jump to content
linuxserver.io

[Support] Linuxserver.io - Ombi

409 posts in this topic Last Reply

Recommended Posts

I want to set this up for my family that lives out of state. Anyone have a guide on how to best secure this?

 

Using letsencrypt reverse proxy, get that setup first, after that, configuring it to proxy this is straightforward.

 

Share this post


Link to post
16 minutes ago, CHBMB said:

 

Using letsencrypt reverse proxy, get that setup first, after that, configuring it to proxy this is straightforward.

 

I was looking at that but don't know too much about it and was wondering if there was a guide. I guess I'll just mess around with it first once I find the time.

Share this post


Link to post
Just now, bobbintb said:

I was looking at that but don't know too much about it and was wondering if there was a guide. I guess I'll just mess around with it first once I find the time.

 

Once you've got a domain name and your DNS setup, then the template is pretty self-explanatory.  Problem with doing a guide is the domain name and DNS setup are the awkward bits and it varies from supplier to supplier in terms of how you accomplish this exactly.

Share this post


Link to post
22 hours ago, bobbintb said:

I was looking at that but don't know too much about it and was wondering if there was a guide. I guess I'll just mess around with it first once I find the time.

 

It's easy to setup. Setup teamviewer so I can remote in and help you out

Share this post


Link to post
12 hours ago, jrdnlc said:

 

It's easy to setup. Setup teamviewer so I can remote in and help you out

Oh it will be a while before I'll have the time. I'm sure I can do it if I can just sit down and spend some time with it. It's about time I got comfortable with certificates anyway but I'll definitely hit you up if it comes to that. Thanks.

Share this post


Link to post

I think I got my letsencrypt done. I got a dynamic dns and ran the letsencrypt docker. I can go to my dns in a web browser and it show the example page and it has the green lock so that's good. How do I implement Ombi now?

Share this post


Link to post
2 hours ago, bobbintb said:

I think I got my letsencrypt done. I got a dynamic dns and ran the letsencrypt docker. I can go to my dns in a web browser and it show the example page and it has the green lock so that's good. How do I implement Ombi now?

Log into Ombi as the admin, go to admin => settings  => ombi configuration and change the Base URL to ombi now restart the docker container.  You will need to change the webui parameter in your docker template to http://[IP]:[PORT:3579]/ombi

 

Now edit /config/nginx/site-confs/default and paste in the following code, changing $UNRAID-IP to and $PORT to whatever fits your setup.

 

    location /ombi {
        proxy_pass http://$UNRAID-IP:$PORT/ombi;
        include /config/nginx/proxy.conf;
    }

Restart letsencrypt and you should be good

  • Upvote 1

Share this post


Link to post
6 hours ago, CHBMB said:

Log into Ombi as the admin, go to admin => settings  => ombi configuration and change the Base URL to ombi now restart the docker container.  You will need to change the webui parameter in your docker template to http://[IP]:[PORT:3579]/ombi

 

Now edit /config/nginx/site-confs/default and paste in the following code, changing $UNRAID-IP to and $PORT to whatever fits your setup.

 


    location /ombi {
        proxy_pass http://$UNRAID-IP:$PORT/ombi;
        include /config/nginx/proxy.conf;
    }

Restart letsencrypt and you should be good

 

Ok, I had gleaned bits and pieces of that but didn't quit get it. Probably because it was 2am at that point. And on a work night too. I followed your instructions but I am getting this error from letsencrypt:

 

nginx: [emerg] "location" directive is not allowed here in /config/nginx/site-confs/default:78

EDIT: Nevermind, I had to move the code in default so that it was inside the server block. I'm trying to tweak it a bit because I don't want the base url of /ombi. I just want to use the DNS with no base URL. I should be able to figure that out on my own though. Thanks for the help.

Edited by bobbintb

Share this post


Link to post
30 minutes ago, bobbintb said:

I don't want the base url of /ombi. I just want to use the DNS with no base URL. 

 

Then just use this, without changing Base URL in th Ombi webui.

 

location / {
        proxy_pass http://$UNRAID-IP:$PORT;
        include /config/nginx/proxy.conf;
    }

 

Share this post


Link to post
14 minutes ago, CHBMB said:

 

Then just use this, without changing Base URL in th Ombi webui.

 


location / {
        proxy_pass http://$UNRAID-IP:$PORT;
        include /config/nginx/proxy.conf;
    }

 

Thanks, that did it. I had tried removing ombi form the location/ part but left it in the proxy_pass and buseurl of ombi but that didn't work. I also had to comment out the existing location section in default:

 

	location / {
		try_files $uri $uri/ /index.html /index.php?$args =404;
	}

It's working now. Thanks again.

One last thing. Do I need to do anything with .htpasswd for this? I've seen mentions of it but didn't seem to need it. Is that a security issue?

Edited by bobbintb

Share this post


Link to post
3 minutes ago, bobbintb said:

Do I need to do anything with .htpasswd for this? I've seen mentions of it but didn't seem to need it. Is that a security issue?

 

Personally as it locks into the Plex auth I'd leave it at that.

Share this post


Link to post
Just now, CHBMB said:

 

Personally as it locks into the Plex auth I'd leave it at that.

Ok. I only plan on exposing Ombi anyway. I was hoping I'd get a little more familiar with certs with this but letsencrypt is so automated. I have to deal with certs for my servers at work and it's not my thing. But it's been a learning experience none the less. I got a little better at reverse proxies, with I'll be doing soon as well so that's good. I'm really liking Ombi so far. I never got into setting up any of the older solutions like Plex Requests because I just didn't really like the layout. It just felt clunky.

Share this post


Link to post

You can still use .hpasswd with other components that you reverse proxy.  I have it on for some things and not for others.  Yeah LE does make it a lot easier, renewing my certs with StartSSL was a major ballache...

Share this post


Link to post

What exactly does the .htpasswd part do? Encrypt https logins or something?

Share this post


Link to post

You create a .htpasswd file with username and passwords, using a site like this is the easiest way.  Then you can password protect access.

 

Like so:

    	location ^~ /books {
		proxy_pass http://192.168.0.1:82/;
		auth_basic "Restricted";
      		auth_basic_user_file /config/nginx/.htpasswd;
		include /config/nginx/proxy.conf;
	}

The two middle lines are the bits appertaining to .htpasswd

Edited by CHBMB

Share this post


Link to post
30 minutes ago, CHBMB said:

You create a .htpasswd file with username and passwords, using a site like this is the easiest way.  Then you can password protect access.

 

Like so:


    	location ^~ /books {
		proxy_pass http://192.168.0.1:82/;
		auth_basic "Restricted";
      		auth_basic_user_file /config/nginx/.htpasswd;
		include /config/nginx/proxy.conf;
	}

The two middle lines are the bits appertaining to .htpasswd

Oh, so it adds a basic auth login to webuis that don't have one?

Share this post


Link to post

Yep.... and in my mind it's better to implement it at the reverse proxy level than let some random app handle it.  

Share this post


Link to post

I just thought I'd share something. No endorsement implied but I found two websites were you can automatically create an app out of a website. If you make your Ombi publicly available (making sure you secure it, of course) you can very easily create an app for your friends and family to use for making Plex requests. The sites are appsgeyser.com and gonative.io. I get a message every once in a while with the gonative.io app when I open it informing me that it cannot be published without licensing. That can be a little annoying but can be turned off in the Android settings. The appsgeyser one doesn't seem to save cookies even though the option is on so users have to log in every time. That might be fixable but I haven't tried. You can change the icon and splash screen from the default and use whatever image you like. I just used the Ombi logo from the site. Both sites are free to use.

Edited by bobbintb
  • Upvote 1

Share this post


Link to post
38 minutes ago, bobbintb said:

I just thought I'd share something. No endorsement implied but I found two websites were you can automatically create an app out of a website. If you make your Ombi publicly available (making sure you secure it, of course) you can very easily create an app for your friends and family to use for making Plex requests. The sites are appsgeyser.com and gonative.io. I get a message every once in a while with the gonative.io app when I open it informing me that it cannot be published without licensing. That can be a little annoying but can be turned off in the Android settings. The appsgeyser one doesn't seem to save cookies even though the option is on so users have to log in every time. That might be fixable but I haven't tried. You can change the icon and splash screen from the default and use whatever image you like. I just used the Ombi logo from the site. Both sites are free to use.

Nice, got to say, I'm impressed.

Share this post


Link to post

Anyone using their plex credential to login? Are you able to request for a movie / tv show? I keep getting "Sorry, you do not have the correct permissions to request a <movie / tv show>" error message. Not sure if it's related to this release or general issue.

Share this post


Link to post
9 minutes ago, ziggie216 said:

Anyone using their plex credential to login? Are you able to request for a movie / tv show? I keep getting "Sorry, you do not have the correct permissions to request a <movie / tv show>" error message. Not sure if it's related to this release or general issue.

I'm not having any issues. I hate to state the obvious but are you using the right username and password? 

Share this post


Link to post
17 hours ago, bobbintb said:

I'm not having any issues. I hate to state the obvious but are you using the right username and password? 

 

Yes. I know it work with local user, but just not with plex user account. 

Share this post


Link to post
4 hours ago, ziggie216 said:

 

Yes. I know it work with local user, but just not with plex user account. 

I'm not having any issues with Plex account is what I'm saying. Screenshot?

Share this post


Link to post

I always have that login issue, but logging in as the default user admin works fine.  

 

Any idea how to set the default branch to early access? The docker image update keeps resetting me to the default branch and I have to update manually again inside the ombi admin panel. 

Share this post


Link to post

For those having login issues, are you using your Plex username? It needs the username, not the email. You also have to add Plex users to Ombi that are allowed to make requests.

Edited by bobbintb

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now