Search the Community
Showing results for tags 'SSL'.
-
It's 2016 and Emby (Community) still doesn't use proper TLS. This page has an Qualys SSL Labs rating of F (this should be A or A+) Most links on this page redirect back to HTTP Most pages are only partially HTTPS You can't login securely without editing the form manually You can't register securely without editing the form manually You can't post in the forum securely without editing the form manually Side note: Your PHP exposes its version freely in your X-Powered-By header Also, your plugin catalog images are loaded solely via HTTP. This results in some of them being blocked by modern browsers. In a year where SSL certificates are free and there is more than enough documentation on securing a TLS connection it's not acceptable for a company trying to sell products for up to 100$ to be this insecure. I would love to see this done properly. edit: Also just saw the pinned thread. Feel free to move it in there.
-
Hi Emby crowd! I have an emby server visible on the internet via SSL/HTTPS only. My server has DDNS so is accessed via URL rather than IP address. I'll be off on a family holiday soon and we're looking to be able to watch our Emby movies on the TV in our destination. The problem is that I have found that Emby app support for HTTPS seems to be quite patchy... - iOS works perfectly with HTTPS. I can watch movies from other networks, from 3G/LTE etc no probs... but of course is is not a big screen family experience. - Samsung TV app works well - family members are able to stream from my Emby server... but I wont be sideloading TV apps on someone elses TV - Amazon fire stick - not working with HTTPS. It fails when trying to select an HTTPS address - Emby sideloaded to Now TV box (aka a roku 3) - does not work with HTTPs - Chromecast - TBC need to test it today One other option is to use the (very pricey) Apple lightning HDMI adapter to watch from iOS app on the TV. Does anyone know if the Apple lightning HDMI adapter works with Emby app? Does anyone have any good (well proven) ideas on how to stream Emby via SSL? Which apps/devices will work? What do you guys do? Note that I have direct access to the wifi network at my travel destination. Its not a hotel wifi with captive portal thank god. (The amazon fire stick is potentially the holy grail of Emby travel since it supports hotel wifi... but sadly not SSL connections) Big thanks in advance for you inputs!!
-
I decided to try and install my SSL certificate to my emby install earlier, and when i created my pfx and set it to use that it worked, however when browsing to it in chrome or firefox is said it was insecure because it did not have the bundle in the .pfx file, So i generated a .pfx with both the certificate and the bundle in the certificate field, however after doing so i now get an error_connection_closed whenever i access over wan or lan, So i switched back to the original pfx without the bundle and i get the same thing, i have restarted it a few times and tried a few different ports, any idea on how to get this to work? OS Server2012R2 DC Mobo Supermicro X8DTN+ CPU X5650x2 Memory 192GB DDR3 Registered, SSL Provider Startcom
-
Hi there, I am trying to access my Emby server from the "outside" world. To do so, I have configured the public port on my emby server instance as 8920 and left the field for the server-cert blank, hoping emby would provide its own. I did forward the port in my router. But sadly, nothing works. My browser keeps loading forever. Doing the same for the standard http-port, 8096, works like charm, however, unencrypted. I am completely new to the whole SSL thing via http, is there anything else to do, or is there a tutorial on how to get my emby server public? Thanks!
-
I have an SSL Certificate (letsencrypt.org) that is signed by - issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 This cert is in turn signed by - issuer=/O=Digital Signature Trust Co./CN=DST Root CA X3 I create a pkcs12 from the pem files using the following command openssl pkcs12 -export -out cert.pfx -in cert.pem -inkey privkey.pem -certfile x3chain.pem -nodes Where cert.pem is the certificate, privkey.pem is the private key and x3chain.pem is the issuing certificate (Let's Encrypt) and the rootCA (DST Root CA X3). I then provide this certificate to Emby and start it. When I connect from Chrome on desktop, everything is OK ("Let's Encrypt Authority X1" is trusted by Desktop Chrome). When I try to access using Android, "Let's Encrypt Authority X1" is not a trusted CA, however "DST Root CA X3" is. If the chain were being sent properly, the chain of trust is in tact and it should work. Unfortunately, Emby is not sending the full chain, just the top certificate (mine) and the "Let's Encrypt Authority X1" certificate. I have seen references to a Mono bug, however that bug was fixed in April of 2014. To try and answer some questions ahead of time, here is the output from the top of my log file - 2015-12-21 22:06:02.5739 Info Main: Emby Command line: /usr/pbi/emby-amd64/lib/emby-server/MediaBrowser.Server.Mono.exe -ffmpeg /usr/pbi/emby-amd64/bin/ffmpeg -ffprobe /usr/pbi/emby-amd64/bin/ffprobe -programdata /var/db/emby-server Operating system: Unix 9.1.0.0 Processor count: 4 64-Bit OS: True 64-Bit Process: True Program data path: /var/db/emby-server Mono: 4.2.1 (Stable 4.2.1.124/39edf24 Sun Dec 20 05:03:56 UTC 2015) Application Path: /usr/pbi/emby-amd64/lib/emby-server/MediaBrowser.Server.Mono.exe 2015-12-21 22:06:02.8854 Info App: Application version: 3.0.5781.8 2015-12-21 22:06:02.9482 Info App: Application configuration: {"EnableUPnP":true,"PublicPort":8097,"PublicHttpsPort":8096,"HttpServerPortNumber":8097,"HttpsPortNumber":8096,"EnableHttps":true,"CertificatePath":"/etc/ssl/cert.pfx","EnableInternetProviders":true,"IsPortAuthorized":true,"SeasonZeroDisplayName":"Specials","SaveLocalMeta":true,"EnableLocalizedGuids":true,"DisableStartupScan":true,"EnableUserViews":false,"EnableLibraryMetadataSubFolder":true,"PreferredMetadataLanguage":"en","MetadataCountryCode":"US","SortReplaceCharacters":[".","+","%"],"SortRemoveCharacters":[",","&","-","{","}","'"],"SortRemoveWords":["the","a","an"],"MinResumePct":5,"MaxResumePct":90,"MinResumeDurationSeconds":300,"RealtimeLibraryMonitorDelay":40,"EnableDashboardResponseCaching":true,"EnableDashboardResourceMinification":true,"DashboardSourcePath":"","MergeMetadataAndImagesByName":true,"EnableStandaloneMetadata":true,"ImageSavingConvention":"Compatible","MetadataOptions":[{"ItemType":"Book","ImageOptions":[{"Type":"Backdrop","Limit":1,"MinWidth":1280}],"DisabledMetadataSavers":[],"LocalMetadataReaderOrder":[],"DisabledMetadataFetchers":[],"MetadataFetcherOrder":[],"DisabledImageFetchers":[],"ImageFetcherOrder":[]},{"ItemType":"Movie","ImageOptions":[{"Type":"Backdrop","Limit":1,"MinWidth":1280},{"Type":"Art","Limit":0,"MinWidth":0},{"Type":"Disc","Limit":0,"MinWidth":0},{"Type":"Primary","Limit":1,"MinWidth":0},{"Type":"Banner","Limit":0,"MinWidth":0},{"Type":"Thumb","Limit":1,"MinWidth":0},{"Type":"Logo","Limit":1,"MinWidth":0}],"DisabledMetadataSavers":["Emby Xml"],"LocalMetadataReaderOrder":[],"DisabledMetadataFetchers":[],"MetadataFetcherOrder":[],"DisabledImageFetchers":[],"ImageFetcherOrder":[]},{"ItemType":"MusicVideo","ImageOptions":[{"Type":"Backdrop","Limit":1,"MinWidth":1280},{"Type":"Art","Limit":0,"MinWidth":0},{"Type":"Disc","Limit":0,"MinWidth":0},{"Type":"Primary","Limit":1,"MinWidth":0},{"Type":"Banner","Limit":0,"MinWidth":0},{"Type":"Thumb","Limit":1,"MinWidth":0},{"Type":"Logo","Limit":1,"MinWidth":0}],"DisabledMetadataSavers":["Emby Xml"],"LocalMetadataReaderOrder":[],"DisabledMetadataFetchers":[],"MetadataFetcherOrder":[],"DisabledImageFetchers":[],"ImageFetcherOrder":[]},{"ItemType":"Series","ImageOptions":[{"Type":"Backdrop","Limit":1,"MinWidth":1280},{"Type":"Art","Limit":0,"MinWidth":0},{"Type":"Primary","Limit":1,"MinWidth":0},{"Type":"Banner","Limit":1,"MinWidth":0},{"Type":"Thumb","Limit":1,"MinWidth":0},{"Type":"Logo","Limit":1,"MinWidth":0}],"DisabledMetadataSavers":["Emby Xml"],"LocalMetadataReaderOrder":[],"DisabledMetadataFetchers":[],"MetadataFetcherOrder":[],"DisabledImageFetchers":[],"ImageFetcherOrder":[]},{"ItemType":"MusicAlbum","ImageOptions":[{"Type":"Backdrop","Limit":0,"MinWidth":1280},{"Type":"Disc","Limit":0,"MinWidth":0}],"DisabledMetadataSavers":["Emby Xml"],"LocalMetadataReaderOrder":[],"DisabledMetadataFetchers":[],"MetadataFetcherOrder":[],"DisabledImageFetchers":[],"ImageFetcherOrder":[]},{"ItemType":"MusicArtist","ImageOptions":[{"Type":"Backdrop","Limit":1,"MinWidth":1280},{"Type":"Banner","Limit":0,"MinWidth":0},{"Type":"Art","Limit":0,"MinWidth":0},{"Type":"Logo","Limit":0,"MinWidth":0}],"DisabledMetadataSavers":["Emby Xml"],"LocalMetadataReaderOrder":[],"DisabledMetadataFetchers":[],"MetadataFetcherOrder":[],"DisabledImageFetchers":[],"ImageFetcherOrder":[]},{"ItemType":"BoxSet","ImageOptions":[{"Type":"Backdrop","Limit":1,"MinWidth":1280},{"Type":"Primary","Limit":1,"MinWidth":0},{"Type":"Thumb","Limit":1,"MinWidth":0},{"Type":"Logo","Limit":1,"MinWidth":0},{"Type":"Art","Limit":0,"MinWidth":0},{"Type":"Disc","Limit":0,"MinWidth":0},{"Type":"Banner","Limit":0,"MinWidth":0}],"DisabledMetadataSavers":[],"LocalMetadataReaderOrder":[],"DisabledMetadataFetchers":[],"MetadataFetcherOrder":[],"DisabledImageFetchers":[],"ImageFetcherOrder":[]},{"ItemType":"Season","ImageOptions":[{"Type":"Backdrop","Limit":0,"MinWidth":1280},{"Type":"Primary","Limit":1,"MinWidth":0},{"Type":"Banner","Limit":0,"MinWidth":0},{"Type":"Thumb","Limit":0,"MinWidth":0}],"DisabledMetadataSavers":["Emby Xml"],"LocalMetadataReaderOrder":[],"DisabledMetadataFetchers":[],"MetadataFetcherOrder":[],"DisabledImageFetchers":[],"ImageFetcherOrder":[]},{"ItemType":"Episode","ImageOptions":[{"Type":"Backdrop","Limit":3,"MinWidth":1280}],"DisabledMetadataSavers":["Emby Xml"],"LocalMetadataReaderOrder":[],"DisabledMetadataFetchers":[],"MetadataFetcherOrder":[],"DisabledImageFetchers":[],"ImageFetcherOrder":[]},{"ItemType":"Video","ImageOptions":[{"Type":"Backdrop","Limit":3,"MinWidth":1280}],"DisabledMetadataSavers":["Emby Xml"],"LocalMetadataReaderOrder":[],"DisabledMetadataFetchers":[],"MetadataFetcherOrder":[],"DisabledImageFetchers":[],"ImageFetcherOrder":[]}],"EnableAutomaticRestart":true,"PathSubstitutions":[{"From":"/mnt/Data","To":"\\\\**redacted**"}],"WanDdns":"home.**redacted**.com","UICulture":"en-us","PeopleMetadataOptions":{"DownloadActorMetadata":true,"DownloadDirectorMetadata":true,"DownloadProducerMetadata":false,"DownloadWriterMetadata":false,"DownloadComposerMetadata":false,"DownloadOtherPeopleMetadata":false,"DownloadGuestStarMetadata":false},"FindInternetTrailers":true,"InsecureApps9":["Chromecast","iOS","Unknown app","iPad","iPhone","Windows Phone"],"SaveMetadataHidden":false,"ContentTypes":[],"EnableAudioArchiveFiles":false,"EnableVideoArchiveFiles":false,"RemoteClientBitrateLimit":0,"DenyIFrameEmbedding":true,"EnableLibraryMonitor":"Auto","SharingExpirationDays":30,"DisableXmlSavers":true,"EnableWindowsShortcuts":false,"EnableVideoFrameByFrameAnalysis":false,"EnableDateLastRefresh":false,"Migrations":["5767.1"],"EnableDebugLevelLogging":true,"EnableAutoUpdate":true,"SystemUpdateLevel":"Release","LogFileRetentionDays":3,"RunAtStartup":false,"IsStartupWizardCompleted":true,"EnableCustomPathSubFolders":true} 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.Plugins.PushBulletNotifications, Version=3.0.5810.33455, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.Api, Version=3.0.5781.8, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.WebDashboard, Version=3.0.5781.8, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.Model, Version=3.0.5781.8, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.Common, Version=3.0.5781.8, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.Controller, Version=3.0.5781.8, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.Providers, Version=3.0.5781.8, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.Common.Implementations, Version=3.0.5781.8, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.Server.Implementations, Version=3.0.5781.8, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.MediaEncoding, Version=3.0.5781.8, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.Dlna, Version=3.0.5781.8, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.LocalMetadata, Version=3.0.5781.8, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.XbmcMetadata, Version=3.0.5781.8, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.IsoMounting.Linux, Version=1.0.5131.24779, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.Server.Mono, Version=3.0.5781.8, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:02.9590 Info App: Loading MediaBrowser.Server.Startup.Common, Version=3.0.5781.8, Culture=neutral, PublicKeyToken=null 2015-12-21 22:06:03.0498 Info SqliteUserRepository: Sqlite 3.8.8.3 opening /var/db/emby-server/data/users.db 2015-12-21 22:06:03.1207 Info SqliteFileOrganizationRepository: Sqlite 3.8.8.3 opening /var/db/emby-server/data/fileorganization.db 2015-12-21 22:06:03.1282 Info AuthenticationRepository: Sqlite 3.8.8.3 opening /var/db/emby-server/data/authentication.db 2015-12-21 22:06:03.1399 Info SyncRepository: Sqlite 3.8.8.3 opening /var/db/emby-server/data/sync14.db 2015-12-21 22:06:03.2005 Info ImageMagick: ImageMagick version: ImageMagick 6.9.0-10 Q8 amd64 2015-12-11 http://www.imagemagick.org 2015-12-21 22:06:03.2314 Info ImageProcessor: ImageProcessor started with 4 max concurrent image processes 2015-12-21 22:06:03.2845 Info App: FFMpeg: /usr/pbi/emby-amd64/bin/ffmpeg 2015-12-21 22:06:03.2845 Info App: FFProbe: /usr/pbi/emby-amd64/bin/ffprobe 2015-12-21 22:06:03.2857 Info SharingRepository: Sqlite 3.8.8.3 opening /var/db/emby-server/data/shares.db 2015-12-21 22:06:03.3144 Info ActivityRepository: Sqlite 3.8.8.3 opening /var/db/emby-server/data/activitylog.db 2015-12-21 22:06:03.3293 Info SqliteDisplayPreferencesRepository: Sqlite 3.8.8.3 opening /var/db/emby-server/data/displaypreferences.db 2015-12-21 22:06:03.3419 Info SqliteItemRepository: Sqlite 3.8.8.3 opening /var/db/emby-server/data/library.db 2015-12-21 22:06:03.3546 Info SqliteProviderInfoRepository: Sqlite 3.8.8.3 opening /var/db/emby-server/data/refreshinfo.db 2015-12-21 22:06:03.3665 Info SqliteUserDataRepository: Sqlite 3.8.8.3 opening /var/db/emby-server/data/userdata_v2.db 2015-12-21 22:06:03.3755 Warn App: ffmpeg is missing decoder h264_qsv 2015-12-21 22:06:03.3766 Info SqliteNotificationsRepository: Sqlite 3.8.8.3 opening /var/db/emby-server/data/notifications.db 2015-12-21 22:06:03.3834 Warn App: ffmpeg is missing decoder mpeg2_qsv 2015-12-21 22:06:03.3909 Warn App: ffmpeg is missing decoder vc1_qsv 2015-12-21 22:06:03.7160 Info HttpServer: Calling ServiceStack AppHost.Init 2015-12-21 22:06:06.1848 Info ServiceStackHost: Initializing Application took 3025.623ms 2015-12-21 22:06:06.2013 Info ServerManager: Loading Http Server 2015-12-21 22:06:06.2041 Info HttpServer: attempting to load pfx: /etc/ssl/cert.pfx 2015-12-21 22:06:06.2506 Info HttpServer: Adding HttpListener prefix http://+:8097/ 2015-12-21 22:06:06.2511 Info HttpServer: Adding HttpListener prefix https://+:8096/ 2015-12-21 22:06:06.6102 Info App: Core startup complete If I am misreading the Mono commit and that bug is still unfixed in 4.2.1 I'll try and hack master together on FreeBSD and see what I get
-
2016-04-06 13:41:31.6854 Info HttpServer: attempting to load pfx: C:\Users\media\Desktop\mydomain.pfx 2016-04-06 13:41:31.6854 Error HttpServer: Exception loading certificate: C:\Users\media\Desktop\mydomain.pfx *** Error Report *** Version: 3.0.5912.0 Command line: C:\Users\media\AppData\Roaming\Emby-Server\System\MediaBrowser.ServerApplication.exe Operating system: Microsoft Windows NT 6.1.7601 Service Pack 1 Processor count: 4 64-Bit OS: True 64-Bit Process: True Program data path: C:\Users\media\AppData\Roaming\Emby-Server Application Path: C:\Users\media\AppData\Roaming\Emby-Server\System\MediaBrowser.ServerApplication.exe The specified network password is not correct. System.Security.Cryptography.CryptographicException at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName) at SocketHttpListener.Net.HttpListener.LoadCertificateAndKey(String certificateLocation) I've generated PFX multiple ways, with open ssl: penssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt I've tried to use StartCom export. No luck. I even tried to import and export on Windows as was in http://emby.media/community/index.php?/topic/33534-issue-with-ssl-cert-causing-server-to-refuse-connections/ ( http://emby.media/community/index.php?/topic/30792-howto-use-custom-ssl-cert-and-keep-private-key-secure/) I have verified, cert is correct when imported to Windows Certificate store, however emby fails to accept when same cert file is pointed in Emby config. This one single line buggs me when custom pfx is loaded: The specified network password is not correct. When custom serv is removed, error is not present. 2016-04-06 14:53:01.6084 Info HttpServer: attempting to load pfx: C:\Users\media\AppData\Roaming\Emby-Server\ssl\cert_d6a2b7fa3ab358ed7a19e0e99.pfx I've tried to put this file in any directory on Windows 7 and system can not read for some reason. I have tried to start Emby as a service (system and as a user) and as soon as custom cert is added, this same error is generated.
-
I have been trying to get Emby working with a custom SSL cert and having lots of trouble. Hopefully someone here can point me to what I am doing stupid. I own my own domain and have it hosted through NameCheap. I noticed last week that they have a DDNS client. So I went ahead and used that to point emby.mydomain.com to my IP address as supplied through the DDNS client. Success!! I can drop the free DDNS service I had been using and use my own domain! I tested this and am able to log in to Emby successfully from outside my network through the domain I setup. I also set the external WAN address in Emby server to be the address emby.mydomain.com (obviously this is not the actual address). For the SSL cert, I went with StartSSL and used their free personal SSL cert option. I received a class 1 SSL cert for emby.mydomain.com. I then used their StartCom tool to generate the PFX file using the .key and .cer files I received. I did NOT specify a password when generating the PFX file. I then placed that PFX file on the Emby server and set the custom certificate path to that file. Apply and reboot Emby. Wham, bam, thank you ma'am. Except....not. Now I can't even access Emby http or https. I removed the custom cert and went back to letting Emby generate it's own cert. Http and https both work. Re-add the custom cert. Broken again. Remove, everything works. Can anyone tell me what I am doing wrong? Emby 3.0.5882, normal ports (8096 and 8920), Windows 10 Pro
- 2 replies
-
- SSL
- custom SSL
-
(and 1 more)
Tagged with:
-
Issue with SSL cert causing Server to refuse connections.
unholyrattrap posted a topic in General/Windows
I am running Emby 3.0.5912.0 on Server 2012 R2. I used II7 to put in a CSR, which i then exported to https://my.gogetssl.com to provide me a SSL. When Running 3.0.5781.5 the following steps worked and would like to know if there is something I am doing wrong, or if there is an issues I am experiencing. Put in a CSR using IIS Submit the CSR https://my.gogetssl.com, and get a *.crt back Import the *.crt into the servers local cert store Export the *.pfx Rename the cert to the <selfsignedname>.pfx restart the server Here is there it breaks in 3.0.5912.0 When i access the server over HTTPS, the server refuses connections and drops all HTTPS traffic. Looking through the server logs I see the following: 2016-04-04 23:30:44.4469 Error HttpServer: Exception loading certificate: C:\Users\Administrator\AppData\Roaming\Emby-Server\ssl\cert_9c31b7884ea5475c8687970fc5996297.pfx *** Error Report *** Version: 3.0.5912.0 Command line: C:\Users\Administrator\AppData\Roaming\Emby-Server\System\MediaBrowser.ServerApplication.exe Operating system: Microsoft Windows NT 6.2.9200.0 Processor count: 6 64-Bit OS: True 64-Bit Process: True Program data path: C:\Users\Administrator\AppData\Roaming\Emby-Server Application Path: C:\Users\Administrator\AppData\Roaming\Emby-Server\System\MediaBrowser.ServerApplication.exe The specified network password is not correct. System.Security.Cryptography.CryptographicException at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName) at SocketHttpListener.Net.HttpListener.LoadCertificateAndKey(String certificateLocation) 016-04-04 23:30:46.3340 Error HttpResultFactory: Error streaming data *** Error Report *** Version: 3.0.5912.0 Command line: C:\Users\Administrator\AppData\Roaming\Emby-Server\System\MediaBrowser.ServerApplication.exe Operating system: Microsoft Windows NT 6.2.9200.0 Processor count: 6 64-Bit OS: True 64-Bit Process: True Program data path: C:\Users\Administrator\AppData\Roaming\Emby-Server Application Path: C:\Users\Administrator\AppData\Roaming\Emby-Server\System\MediaBrowser.ServerApplication.exe Unable to write data to the transport connection: An existing connection was forcibly closed by the remote host. System.IO.IOException at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset, Int32 size) at SocketHttpListener.Net.ResponseStream.InternalWrite(Byte[] buffer, Int32 offset, Int32 count) at SocketHttpListener.Net.ResponseStream.Write(Byte[] buffer, Int32 offset, Int32 count) at System.IO.Stream.InternalCopyTo(Stream destination, Int32 bufferSize) at MediaBrowser.Server.Implementations.HttpServer.StreamWriter.WriteToInternal(Stream responseStream) InnerException: System.Net.Sockets.SocketException An existing connection was forcibly closed by the remote host at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags) at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset, Int32 size) 2016-04-04 23:30:46.3610 Error HttpAsyncTaskHandler: Error occured while Processing Request: Unable to write data to the transport connection: An existing connection was forcibly closed by the remote host. *** Error Report *** Version: 3.0.5912.0 Command line: C:\Users\Administrator\AppData\Roaming\Emby-Server\System\MediaBrowser.ServerApplication.exe Operating system: Microsoft Windows NT 6.2.9200.0 Processor count: 6 64-Bit OS: True 64-Bit Process: True Program data path: C:\Users\Administrator\AppData\Roaming\Emby-Server Application Path: C:\Users\Administrator\AppData\Roaming\Emby-Server\System\MediaBrowser.ServerApplication.exe Unable to write data to the transport connection: An existing connection was forcibly closed by the remote host. System.IO.IOException at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset, Int32 size) at SocketHttpListener.Net.ResponseStream.InternalWrite(Byte[] buffer, Int32 offset, Int32 count) at SocketHttpListener.Net.ResponseStream.Write(Byte[] buffer, Int32 offset, Int32 count) at System.Xml.XmlUtf8RawTextWriter.FlushBuffer() at System.Xml.XmlUtf8RawTextWriter.Flush() at System.Xml.XmlWellFormedWriter.Close() at System.Xml.XmlWriter.Dispose(Boolean disposing) at ServiceStack.Text.XmlSerializer.SerializeToStream(Object obj, Stream stream) at ServiceStack.HttpResponseExtensionsInternal.WriteErrorToResponse(IResponse httpRes, IRequest httpReq, String contentType, String operationName, String errorMessage, Exception ex, Int32 statusCode) at ServiceStack.ServiceStackHost.OnUncaughtException(IRequest httpReq, IResponse httpRes, String operationName, Exception ex) at ServiceStack.HostContext.RaiseUncaughtException(IRequest httpReq, IResponse httpRes, String operationName, Exception ex) at ServiceStack.HttpResponseExtensionsInternal.WriteToResponse(IResponse response, Object result, ResponseSerializerDelegate defaultAction, IRequest request, Byte[] bodyPrefix, Byte[] bodySuffix) at ServiceStack.HttpResponseExtensionsInternal.WriteToResponse(IResponse httpRes, IRequest httpReq, Object result, Byte[] bodyPrefix, Byte[] bodySuffix) at ServiceStack.HttpResponseExtensionsInternal.WriteToResponse(IResponse httpRes, IRequest httpReq, Object result) at ServiceStack.Host.Handlers.ServiceStackHandlerBase.HandleResponse(Object response, Func`2 callback, Func`2 errorCallback) InnerException: System.Net.Sockets.SocketException An existing connection was forcibly closed by the remote host at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags) at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset, Int32 size) When I delete the cert, the self signed is regened and the HTTPS connections work again to load HTTPS with the self signed. I would like to get the HTTPS working with the cert I have purchased is the end goal. Note: If i browse and point at the .pfx from within the emby server browser the same is issue is repeated. -
A couple of days ago I posted a thread about how my website was failing to load when using SSL. I've finally figured out what the problem was. Since I use CloudFlare as my DNS for domain I use their SSL, Caching, etc. However, when I disable SSL and set the domain to not go through CloudFlare servers (by making the cloud on the DNS page turn grey) so it bypasses everything except basic DNS. Now Emby works flawlessly without any issues. I am a bit bummed that I cannot use CloudFlare for SSL but now everything is working. Does Emby support CloudFlare or is my hosting provider not liking CloudFlare? Thanks, Gabriel Gulla emby-server-2-1-16.pdf
- 9 replies
-
- cloudflare
- emby
-
(and 1 more)
Tagged with:
-
Hello, I currently have an Emby Server setup that streams over the internet to multiple users. I will put machine / network specs below. I use CloudFlare for DNS so I can route my domain to the server IP address. I also use CloudFlare for the free SSL they provide. I have tried using their Flexible and Full options, both of which give me the same problem. When using SSL the server will only load sometimes, if I continuously refresh the page then it may load after 10+ tries. Once it loads it seems like it works for a while until it isn't used anymore. If I connect with the direct IP via http then it works fine. The problem only occurs when SSL is on and I connect via https. Server Specs: Virtual Machine 4 vCPU's 8GB RAM 200GB SSD Windows Server 2012 R2 800Mbps Down / 800Mbps Up CloudFlare Settings: Main Domain pointed towards server IP with CloudFlare on SSL: Full Security Level: Low Cache: Standard Page Rules: 1. *<mydomain>.com/* always uses https. All other settings are untouched. Emby Settings: http port number: 80 https port number: 443 Report https as external address: yes Auto port mapping: yes Any help with this is greatly appreciated! Also, I'm willing to give domain to trusted people on the forums via PM. Thanks, Gabriel Gulla EDIT: Sorry, forgot log files, http://pastebin.com/zBbs3bd4
-
Hello everyone, Has anyone succeded in using Android app (Emby Connect) to connect to Emby via HTTPS port (internal network or internet)? I got my ports configured in a way that only HTTPS work, and HTTP is blocked to everyone, for security reasons. I can connect to Emby via WebClient (browsers) or Emby Theater (Windows) with no problem via HTTPS, using the 8920 port locally or some other port-forwarded to 8920. But when I try to use Android Emby Connect, using the same parameters, it never works. Anyone? Thanks in advance.
-
Hello I am using Emby in a docker container that I am trying to set up with https connection. I was able to set it up but it took me some time since I was trying to use certificates generated by letsencrypt. Once I generated the cert and private key with it i ran openSSL to create the pfx file. The "issue" that I am having is that Chrome is not giving the connection a green light. I would really like to get the green verified https since my family will be using it and I dont want to explain to everyone what this means.
-
Let's Encrypt offers free automated SSL certificates that are valid for 3 months. They can then be automatically renewed without any user interaction. https://letsencrypt.org/ I would like to see this implemented as either a plug in or natively in emby server to solve the issues with using https specifically with the android and Chromecasts but also the media browser. This would allow easy to use signed and valid https connections and would take the hassle out of renewal every 3 months.
-
I bought an SSL Certificate. Converted it using openSSL to a pfx file. When I choose the SSL from the web interface and restart the server, I can no longer access the server via https. When the custom SSL is enabled I get a 404 page. When I remove the SSL I get get the trusted SSL warning message but the page loads.
-
Having a bit of an issue with ssl. I enabled https, point my web browser to my server, everything works fine. When I try to use my android clients, there are no images, and playback does not work. My server gives this error: 2015-09-25 19:00:01.3045 Error - HttpServer: Error in ProcessAccept *** Error Report *** Version: 3.0.5724.5 Command line: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe -programdata /mnt/config Operating system: Unix 3.19.3.200 Processor count: 12 64-Bit OS: True 64-Bit Process: True Program data path: /mnt/config Mono: 4.0.3 (Stable 4.0.3.20/d6946b4 Thu Aug 13 12:39:47 UTC 2015) Application Path: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe The authentication or decryption has failed. System.IO.IOException at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 InnerException: Mono.Security.Protocol.Tls.TlsException The authentication or decryption has failed. at Mono.Security.Protocol.Tls.RecordProtocol.ProcessAlert (AlertLevel alertLevel, AlertDescription alertDesc) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.RecordProtocol.ReceiveRecord (System.IO.Stream record) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslServerStream.EndNegotiateHandshake (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 I am trying to migrate from plex to emby, love emby so far. Can't wait to use it outside my network! Thanks! ( It seems other people have had this issue as well: https://github.com/MediaBrowser/Emby/issues/1097 )
- 14 replies
-
- ssl
- certificate
-
(and 3 more)
Tagged with:
-
Hey everybody, I want to use my emby server when not at home and wanted to use it with ssl encryption. I use the standard 8096 port for non-secured access, and port 8920 for https. When I am in my local network, http://ip-of-emby-sever:8096 in the browser sends me to emby, however, https://ip-of-emby-sever:8920 doesn't, Chrome prints out that the connection is not private and does not connect to emby. In the settings of the emby server, the external WAN port is set both local and public to 8920, "Report https as external address" is checked. Am I missing something?
-
Question on SSL for remote, http for local connections?
Florux posted a topic in Non-Emby General Discussion
Hi, Have tried to find a description on how to control when SSL can be forced. Is it possible to force SSL for all remote connections, but allow normal http for all connection from the local network? Under Dashboard->Advanced->Hosting it has a "Force https as external address", and I guess it's this checkbox I wonder if works as described above? Not much need for SSL locally, but would be great to be able to force it for everything coming and going to the outside network. -Florux -
Hi all, I've been trying to figure out why HTTPS doesn't work on my ubuntu server for the last few days and no luck unfortunately. Does anyone know (devs would be super useful) if this is supported on Linux (Ubuntu) at all? On my windows PC it works fine however on my Ubuntu server (14.04 LTS) and VM (Ubuntu 14.04.2 LTS) the connection is dropped almost instantly (I don't even see the page). EDIT: I have firewall turned off Telnet doesn't even seem to work either, everything you see in the terminal. Please see the below screenshots. Thank you! Chrome Firefox Telnet Any help would be greatly appreciated! Otherwise I'm really enjoying MediaBrowser and will likely use it over Plex if this feature works for me! Cheers, Glaive
-
Hi, I've read a lot about SSL / https support in Media Browser, but cannot find the settings for it anywhere - there's also no mention of it in the wiki. Could someone please point me in the right direction? -Florux