Jump to content

Search the Community

Showing results for tags 'SSL'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • General
    • Announcements
    • Emby Premiere Purchase/Subscription Support
    • Feature Requests
    • Tutorials and Guides
  • Emby Server
    • General/Windows
    • Android Server
    • Asustor
    • FreeBSD
    • Linux
    • NetGear ReadyNAS
    • MacOS
    • QNAP
    • Synology
    • TerraMaster NAS
    • Thecus
    • Western Digital
    • DLNA
    • Live TV
  • Emby Apps
    • Amazon Alexa
    • Android Mobile
    • Android TV / Fire TV
    • Emby Theater
    • iOS
    • Apple TV
    • Kodi
    • Raspberry Pi
    • Roku
    • Samsung Smart TV
    • Sony PlayStation
    • LG Smart TV
    • Web App
    • Windows Media Center
    • Plugins
  • Language-specific support
    • Arabic
    • Dutch
    • French
    • German
    • Italian
    • Portuguese
    • Russian
    • Spanish
    • Swedish
  • Community Contributions
    • Ember for Emby
    • Fan Art & Videos
    • Tools and Utilities
    • Web App CSS
  • Other
    • General Discussion
    • Developer API
    • Hardware
    • Media Clubs
    • Legacy Support


  • Emby Blog

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

  1. I've been looking, but I cannot find any examples of how to self-host Emby behind an NGINX reverse proxy at anything other than the root path on port 80. I host a website under the www subdomain at the root path on port 80, so that's not an option. I'm fine with any of these solutions: Use a different port (http://www.mydomain.com:8096/) Use a different subdomain (http://emby.mydomain.com/) Use a different path (http://www.mydomain.com/emby/) My current configuration is an attempt at solution #3 because that's the one I was able to get furthest on. I think I'd prefer solution #1 or #2, but I'm not picky. I'd also like to setup SSL, but I need to get this working before I can worry about encryption. That said, the SSL configuration for my website might be responsible for my current problem. All requests to port 80 are redirected to 443, which has SSL enabled. The server just directs everything on the /emby path to localhost:8096, which Emby binds to. I'm able to load the index page, but it fails to load the Javascript used to render any actual content. It looks like the server isn't able to serve the Javascript file over HTTPS. I have very limited experience with NGINX and Emby and I have no idea how to fix it. Here's my NGINX server configuration: server { listen 443 ssl default_server; listen [::]:443 ssl default_server; root /█████/website; server_name █████; ssl on; ssl_certificate /█████/cert.pem; ssl_certificate_key /█████/privkey.pem; ssl_stapling on; ssl_stapling_verify on; resolver; location /static { alias /█████/website/static; } location / { try_files $uri @wsgi; } location @wsgi { proxy_pass http://unix:/tmp/gunicorn.sock; include proxy_params; } location ~* .(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { access_log off; log_not_found off; expires max; } location /emby { proxy_pass; } } server { listen 80 default_server; listen [::]:80 default_server; server_name █████; return 301 https://$host$request_uri; }
  2. varmandra

    SSL not working <SOLVED>

    Hello This is my first post here, but I read here a lot and solved many problems I had, so first thanks this community. But now I have a Problem and no idea how to solve it. I use a lot how-to but I am not able to get an https connection to my Emby Server With this instructions I get no more a "could not connect", but I get a "PR_END_OF_FILE_ERROR" in Firefox and "ERR_CONNECTION_CLOSED" in Chrome. I´m not really familiar with SSL but with an apache or lighttpd I had no problems to set up an https connection, but with the Emby Server I don´t know any further. In the log file there are only the http request, nothing about https. Where should I search for this issue, are there other settings which affect to SSL? If you need more information from me, just ask. BdT Varmandra
  3. akoenig

    https with app.emby.media

    Hello I have my Emby server configured to use ssl by inputting the external domain name and secure connection mode set to handled by reverse proxy. I have nginx secured with ssl and I can successfully hit my emby server using the custom domain url, and certificate is successfully verified for https. But it seems my users that go through the app.emby.media site and log in using emby connect are still directed to an http site with a not secure connection warning. Is there a simple step I'm missing to get that to redirect to the proper https wan url configured in Emby?
  4. So I am looking to migrate from plex to emby and so far so good, still needing a lot of testing. However one thing that is keeping me from migrating is the SSL encryption. With Plex, they actually provide their own proxy and they pay for the encryption and Emby seems like you have to have provide your own domain with SSL cert. With letsencrypt being main stream and free, this is fine and dandy. However, the way I understand their certs, they are only good for 90 days I believe and then you have to renew (again for free). This is quite an administrative task to do this every three months. Letsencrypt does have API to be able to do renew if you have an account. So my feature request would be to add the ability in emby to enter your lets encrypt credentials and have emby renew the cert automatically via letsencrypt api so this does not have to be done manually. I am curious if anyone else has found a better alternative to this.
  5. deecemobile

    Question about my SSL setup

    Hi guys, big thanks to all who have posted walk throughs for setting up domains, DDNS, SSLs, etc. So far I have the domain name and DDNS working for HTTP traffic. But for whatever reason HTTPS traffic just times out everytime. I am relying on the UPnP protocol on my router instead of port forwarding and the bindings are correct. 443 is going to 8920, 80 goes to 8096. But I cannot connect via https:// or :443 ever. Even setting up manual port forwarding does not work. So I cannot tell if my certificate is even working but I shouldn't need the certificate to even connect via HTTPS, right? If the port binding is there I should be able to connect I am using Certify the Web for the SSL and it has been correctly setup with my domain but I can't tell if Emby is really using it. Any help would be appreciated.
  6. https://letsencrypt.org/ the free certificate authority it in public beta now and allows everybody to get valid free SSL certificates. It would be nice to have support for getting SSL certificates via their ACME protocol directly from emby. This would make it really easy for people to setup secure access to the server from the internet.
  7. After several days of frustration, I have managed to setup SSL far enough to get a connection but the browser does not like like the certificate - see attached. I tried to follow the various sets of instructions around the site, the only config I could get to work is as follows; Static IP address on my router setup sub domain on my domain DNS with a forward to the router address and port My question is emby instructions say the server will create it's own SSL cert but I cannot get this to work. If I leave the field for the path to cert blank then I am unable to save - this is why I went the create your own cert route (which I cant get to work!). I have found an SSL folder in the emby folder structure (windows 10) but nothing is in there. I have read up all I can find but cannot get the inbuilt cert to work. Any suggestions?
  8. I finally decided it was time to look into getting a secure connection with SSL certificate set up on my server, so I went through the steps of grabbing a domain name and a SSL certificate. The name was easy and the certificate was alright, just a little slower to get because of my own stupidity. After various attempts doing incorrect things between Emby settings and port forwarding, I got the .pfx file linked in Emby, the domain name listed, and all the ports set up correctly. I went to test it by doing a complete new install of the Emby app on my android phone - entered my new HTTPS address in the path and 443 in the android port box, and it took me to the server's login page almost instantly, so I was super happy about that. I then set up an Apple TV box on an external network to try that, and again it loaded up the login screen right away after putting the address in. The oddity that I'm running into now is that I've also tested it in four different web browsers, both from two computers and an iPad on my local network as well as from two different computers off the network just to make sure, and came up with the following results in terms of how quickly the browsers would actually pull up the login page after entering the address in the browser bar: - Safari = almost instantly, 1-2 seconds - Chrome = 17-22 seconds - Firefox = 20-23 seconds - Internet Explorer = 22-26 seconds If I use my straight IP address to get to my server from any of those computers, it's a 1-2 second load time no matter what browser I use. I haven't had time to stream anything for a significant amount of time through the secure connection, so I don't know if streaming is affected or not yet - after a quick forum search, I did see a thread about reverse proxy potentially causing streaming issues, but I'm not running a reverse proxy at all. Has anyone noticed problems with streaming when going through a domain name with SSL? Anyway, after all that explanation, my real question about the login screen is whether others have seen it as a common thing for the login page to be pulled up so slowly when using a domain and SSL certificate to get to the server, especially with the major non-Apple browsers? Thanks for any feedback.
  9. From LDAP test-thread: For greater compatibility, can STARTTLS be implemented? It would save a lot of time mucking about with certificates when using MS AD. This is running perfectly with a Wordpress plugin I'm using. Only had to enter the DC IP, Base DN and credentials and up and running within a minute.
  10. garrettjones331

    Reverse Proxy - ERR_TOO_MANY_REDIRECTS

    Hello, I used Swynol's guide on setting up a reverse proxy in attempt to set up my own (Reference Post #5 - https://emby.media/community/index.php?/topic/47508-how-to-nginx-reverse-proxy/). In terms of NGINX config set up, I essentially copy and pasted his last post replacing his domains and sub-domains with my own. For the Emby server set up I have the public https port to 443, the external domain set, and the secure connection mode set to "Reverse Proxy". I have manually checked the server config xml and verified that "requirehttps" is false. I also have my 80 and 443 ports forwarded to the NGINX server on my router. The issue I'm getting is that when I try to access my server I get a "ERR_TOO_MANY_REDIRECTS" in chrome. I've exhausted my google-fu techniques and come to seek knowledge from others who may be more savvy with NGINX and reverse proxies.
  11. Hello, I have not been able to send email notifications using TLS/SSL using the email notification plug-in. I am able to send using non-secure settings. I have attached the log of the tests I have done. I am in the process of migrating my server to FreeNAS 11. I was not able to send using secure setting on my previous Freenas 9 set-up. Any help would be appreciated. Set-up Emby: (FreeNAS plugin build) OS: FreeNAS-11.2-RC1 Plug-in Version: embytlsemailerrorlog.txt
  12. I have been trying to follow the instructions from this Wiki https://github.com/MediaBrowser/Wiki/wiki/Secure-Your-Server to secure my Emby server running on a Windows 10 box. Has anyone tried these instructions lately using the free domain services offered by Freenom? I'm hoping so. It was relatively easy to set up a free domain with Freenom. I then went to SSL for Free and got two text files to upload to my newly acquired Freenom domain which were to be manually verified. I was able to upload them as directed in the Wiki, but then hit a snag with the SSL for Free instructions which require now require you to either confirm that a folder exists called ".well-known" for as a destination for uploading the files, or if no such folder is located to create one. I could not find any information on the Freenom website regarding the existence of or creation of the necessary "well-known" folder structure to house the test files so that the proper uploading to the Freenom could be verified. Hoping (don't we always) that perhaps "well-known" was the default folder structure that my uploads had been placed, I tried to verify the upload through SSL for Free, and always got a 404 not found return in my browser. I am hoping someone can lead me to an answer. Thanks in advance.
  13. So in the Plex Client in the settings page you can set a setting to "Prefer insecure connection" : "Always" . This means you will now connect over non-ssl. Firstly does the Emby Client on LG TV attempt to connect over SSL . And if it does, how can I tell the Client to not use SSL and to use an insecure connection ? Thanks
  14. jonomite

    Yet another SSL thread

    Sorry for posting yet another SSL threadTM, but I'm not sure how to troubleshoot this. . I have a subdomain that I've registered through IONOS (formerly 1&1). I have an SSL certificate that IONOS is managing for me at my top-level domain. How do I get my subdomain to direct to my server? Do I just redirect to my server's remote IP address? Also, in reviewing the various other guides I've found on this, it looks like I may need to download my SSL certificate and keys an import those into emby? It doesn't appear I have the option to do that from my IONOS dashboard as I've configured it so that IONOS manages it and not me. Is that a deal breaker? Or is there another way around this? I feel like I have the basic pieces available to setup SSL for remote connections to my server, but I just need to take a few more steps to get to the finish line.
  15. I have had Emby for quite a time now and recently bought Emby Premiere so I could use it on more platforms. I have my Emby server running locally on Debian and can connect remotely through my domain (assume my.domain.com). Emby works fine (with SSL) on following the devices I tested: Android app iOS app Windows Store app Xbox One app Most PCs web interface However, I could not get it working with SSL on my LG TV with WebOS 3.5 (LG OLED55B6V if it matters). It did work on a non-secure connection, but when I try to add the server as SSL connection, it simply denies connection like it doesn't even exist. Even when I log onto my Emby Connect account, it simply doesn't show the server, where all other devices do. Now I've read some problems about the SSL certificate (https://emby.media/community/index.php?/topic/57575-lg-emby-app-106-ssl-problem-connecting-to-server/), I'm currently using Comodo PostiveSSL as a certificate, which I have seen at least one other person have problems with as wel. However, I've also seen that some people with Let'sEncrypt have this problem. (https://emby.media/community/index.php?/topic/61481-unable-to-connect-over-https/) There is suggested that LG is simply blocking my certificate, but when I go to my site with the WebOS webbrowser (same certificate), it allows the certificate and shows the site as 'secure'. So somewhere the TV actually does allow the certificate. So I'm not sure where the problem resides. Also, I've shortly tested it on a PS4 from a friend. There was no app, so I used the built-in webbrowser. It also didn't seem to work there, seemed to have the same problem: simply not showing the server. Didn't have much time to test it there, so don't pin me on this. My question is: does anyone have Emby running over SSL with any certificate on LG WebOS 3.5? If so, what certificate do you use?
  16. Hi I'm trying to use https for remote connections using Synology reverse proxy and letsencrypt certificate installed using DMS control panel. Here what I did so far: 1. Setup DDNS using synology.me service 2. Create a letsencrypt certificate for this domain using DMS control panel 3. Create a reverse proxy setting on port 8921 to redirect to localhost:8096 4. Setup the https://*:8921 service to use the "mydomain".synology.me certificate 5. Setup port forwarding on my router to forward port 8921 to my nas port 8921 6. Setup emby advance settings, I set the external domain, https port and the secure connection mode to "Handled by reverse proxy". Everthing is working greate except for 1 thing. If I use https://"mydomain".synology.me:8921, I get a secure connection to emby server with the message : Secure connection: verified by Let's Encrypt. However, if I use this url instead: https://"mypublicip":8921, I get to my emby server on a unsecure connection with this message: "mypublicip":8921 uses an invalid security certificate. The certificate is only valid for "mydomain".synology.me. I can add an exception in the browser and get to my emby server on an unsecure connection, which defeat the purposeto have a secure connection at the first place. Did I miss a setting somewhere, anything that could explain why I can get to my emby server on a unsecure connection through my public ip? Thank you
  17. The error message is: System.ObjectDisposedException: Cannot access a disposed object. Object name: 'SslStream'. Maybe this is related to these other reports but the error message I get is different (see attached file): https://emby.media/community/index.php?/topic/59531-external-ssl-connections-crashing https://emby.media/community/index.php?/topic/61243-server-crashing-within-minutes Thanks embyserver-63670224519.txt
  18. I just made the switch to using SSL for Emby and wanted to help anyone who is looking for an SSL certificate. I didn't want to spend a lot, as you know some are like $100 a year. I found this place https://www.ssls.com/ssl-certificates/comodo-positivessl They are cheap, $5 a year, but it is a slight pain in the butt for using with Emby. If you go with them you will need to convert the certificate to a compatible version. Plus if you are only running a sub-domain or domain without a web host or e-mail provider like me it is a bigger pain in the butt. For the price you cannot go wrong but be ready to spend an hour or two setting it up with their technical support team.
  19. Hello, I have a old ssl cert that has expired so I have loaded the new cert onto the server but it is still hosting the old cert. I have tried restarting the emby server application multiple times, restarting the server, recreating the .pfx and reloading it and it is still using the old cert. Any suggestions as to why this is happening? Thank you for your time,
  20. NYRANGERS423

    SSL Version Interference

    I am still having issues with the chrome browser. I get a message saying SSL Version Interference. I Attached is the mono version I have installed (5.2.0) I believe to understand that I have this issue because Chrome requires a higher TLS version.
  21. LIMABravo253

    Setting UP External Connection

    Hey, I have read most of the posts on the forum and i am still really struggling with setting up external connection and SSL. Now I have bought a domain through namecheap.com and have been following the guide Setting up SSL for Emby (WIP) by Swynol Now i have followed every step but I cant seem to get it to work. now I am not that technically gifted but know my way around a computer. Please could some help even further or dumb the process a bit even though its dumbed down already. I struggle with ssl free as it never finds my txt line to verify my domain. So any help would be greatfully appreciated Setting up SSL for Emby (WIP)
  22. Kimballslice1890

    Lets Encrypt Help

    So I recently bought a domain and anticipated using Lets Encrypt. I had an extremely difficult time following their tutorials on how to acquire and validate a certificate but I found a YouTube video in which I created a certificate via a LAMP server on Ubuntu. The cert works fine and is verified on the LAMP server but when tried to compile the pem files in the pfx and set it up in advanced settings in my emby server, I cannot connect to my server when the settings are applied. When I remove the cert and the domain in advanced, it works again perfectly with the self signed certificate. Looking for a little help on how to get this working, maybe I didn't approach this correctly? I force all connections to HTTPS and would like to get this working so basically every other device other than a web browser and android OS can access the server.
  23. fc7

    Hardening Emby login

    After using Emby for a while I'm so happy with it that I decided to publish it to the Internet so I can listen to my music when I'm away, without needing to VPN home. I'm publishing Emby behind a Squid reverse proxy, using SSL termination. Meaning: Internet Client -----HTTPS SSL connection-----> | Squid reverse-proxy -----PLAIN HTTP-----> Emby | INTERNET | LAN Now I have a couple of questions/features requests regarding publishing Emby to the "evil" Internet: Is there any known issue/concern that I should be aware off that is not too relevant while Emby is only visible in the LAN but that can be dangerous if Emby is visible from the Internet? I'm worried about brute force attacks. Is it possible to enable a captcha on the login screen so for example after 3 failed logins the user will need to validate the captcha to try to login again? About the login screen: would it be posible to have a configuration parameter in Emby to "harden" the login form like for example disabling autocomplete on the username field? Is it possible to enable a configuration parameter to hide all users from the login screen, server wide, instead of doing it on user basis only? How does the "in-network sign-in" with the easy pin code works? How does Emby know that the user is logging in from the LAN or from the Internet? What happen if the user is in the Internet but Emby is behind a reverse-proxy in the LAN (all requests comes from the LAN IP of the proxy)? Would Emby check the X-Forwarded-For HTTP header if the reverse-proxy provides it? I know these are a lot of questions and some things may not be even implemented right now, but if they are not, maybe they can be a good idea to implement in the near future since they can help us to protect our server for the "evil" Internet. Cheers
  24. Hello, I wanted I have my emby server running on a server that is accessed by a reverse proxy. This allows me to have multiple domains (other services) under the same IP address. This works great, and I have it running for some time now. Now I would like to enhance the security by adding a required Client Certificate Authentication, so that only authorised personal have access to the server. I configured it on the reverse proxy, and now when I access the server by the Webbrowser (desktop and android) it works, only people that have the certificate installed can communicate with the server. But the app does not work. When I access by the browser it asks me what is the client certificate to use, but in the app I simply can't connect. Is this possible? Or I have some miss configuration? Thank you
  25. Hello Guys, facts: installed emby on a debian vps. allow 8096 and 8920 in ufw buy a Domain at namecheap. create A Record for the VPS IP. create a letsencrypt cert (https://emby.media/community/index.php?/topic/42315-creating-a-letsencrypt-ssl-certificate-for-emby/ Emby config: add certfolder to /opt/emby-server/ssl/ssl.pfx Emby config: add external Domain "https://xxx.xxx" Problem: I got emby over "http://xxx.xxx:8096"but on "https://xxx.xxx:8920" I got "ERR_TUNNEL_CONNECTION_FAILED" can you help me with this issue? thanks
  • Create New...