Jump to content

Search the Community

Showing results for tags 'https'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Announcements
    • Emby Premiere Purchase/Subscription Support
    • Feature Requests
    • Tutorials and Guides
  • Emby Server
    • General/Windows
    • Android Server
    • Asustor
    • FreeBSD
    • Linux
    • NetGear ReadyNAS
    • MacOS
    • QNAP
    • Synology
    • TerraMaster NAS
    • Thecus
    • Western Digital
    • DLNA
    • Live TV
  • Emby Apps
    • Amazon Alexa
    • Android Mobile
    • Android TV / Fire TV
    • Emby Theater
    • iOS
    • Apple TV
    • Kodi
    • Raspberry Pi
    • Roku
    • Samsung Smart TV
    • Sony PlayStation
    • LG Smart TV
    • Web App
    • Windows Media Center
    • Plugins
  • Language-specific support
    • Arabic
    • Dutch
    • French
    • German
    • Italian
    • Portuguese
    • Russian
    • Spanish
    • Swedish
  • Community Contributions
    • Ember for Emby
    • Fan Art & Videos
    • Tools and Utilities
    • Web App CSS
  • Other
    • Non-Emby General Discussion
    • Developer API
    • Hardware
    • Media Clubs
    • Legacy Support

Blogs

  • Emby Blog

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

  1. Hi, I'm unable to connect to my Emby server from my LG smart TV (webos 4.70.85) over https. Certificate is properly configured and signed (Let's Encrypt Authority X3). I have no issues with connecting using Emby app on Android, iOS and even casting to Chromecast (and I always connect over https). Do you have any idea how can I address this issue?
  2. dougaddams

    Issues enableing HTTPS

    I have recently bought a certificate and wish to enable HTTPS, However I seem to be unable to enable it correctly, nomatter what my HTTP works, But I cannot get https to work correctly atall My settings are here below, followed by the error I get. Any suggestions?
  3. garrettjones331

    Reverse Proxy - ERR_TOO_MANY_REDIRECTS

    Hello, I used Swynol's guide on setting up a reverse proxy in attempt to set up my own (Reference Post #5 - https://emby.media/community/index.php?/topic/47508-how-to-nginx-reverse-proxy/). In terms of NGINX config set up, I essentially copy and pasted his last post replacing his domains and sub-domains with my own. For the Emby server set up I have the public https port to 443, the external domain set, and the secure connection mode set to "Reverse Proxy". I have manually checked the server config xml and verified that "requirehttps" is false. I also have my 80 and 443 ports forwarded to the NGINX server on my router. The issue I'm getting is that when I try to access my server I get a "ERR_TOO_MANY_REDIRECTS" in chrome. I've exhausted my google-fu techniques and come to seek knowledge from others who may be more savvy with NGINX and reverse proxies.
  4. Hi, I've been having issues since upgrading (fresh install and restore using backup plugin) to 3.4.1.0. Basically what happens is emby-server will be running for hours without issue (sometimes only minutes), and then it just stops. Usually while in the middle of playback. The service doesn't stop, it just stops responding to https or http requests. I've verified this by running a curl command to look at the headers returned when this is happening. curl --silent --insecure --connect-timeout 5 --max-time 8 --head http://emby.local:8096 | grep "HTTP/1.[01] 302 Found" curl --silent --insecure --connect-timeout 5 --max-time 8 --head https://emby.local:8920 | grep "HTTP/1.[01] 302 Found" My setup is the following: Hypervisor: ESXi 6.5.0 Update 1 (Build 7967591) CPU: AMD Ryzen 7 1700 OS: Ubuntu 18.04 LTS vCPUs: 8 RAM: 2GB What I've done to combat this is I've create a cron script that runs every minute to check on the status of emby's http/https responses and restart the service accordingly: sleep 10s date=`date '+%F %H:%M:%S'` if [[ $(netstat -ntlp | grep LISTEN | grep EmbyServer | grep 8096) ]]; then if [[ $(curl --silent --insecure --connect-timeout 5 --max-time 8 --head http://emby.local:8096 | grep "HTTP/1.[01] 302 Found") ]]; then if [[ $(netstat -ntlp | grep LISTEN | grep EmbyServer | grep 8920) ]]; then sleep 1s if [[ $(curl --silent --insecure --connect-timeout 5 --max-time 8 --head https://emby.local:8920 | grep "HTTP/1.[01] 302 Found") ]]; then sleep 1s else echo "$date : emby-server is not responding to https requests... restarting service" /usr/sbin/service emby-server restart fi else echo "$date : emby-server is not listening https requests... restarting service" /usr/sbin/service emby-server restart fi else echo "$date : emby-server is not responding to http requests... restarting service" /usr/sbin/service emby-server restart fi else echo "$date : emby-server is not listening http requests... restarting service" /usr/sbin/service emby-server restart fi I set this script up yesterday and I've already had a few occurrences: 2018-05-16 21:57:11 : emby-server is not responding to http requests... restarting service 2018-05-16 21:59:11 : emby-server is not responding to http requests... restarting service 2018-05-17 09:52:11 : emby-server is not responding to https requests... restarting service I've attached my server logs, but I really don't see what the issue is. I will note that *sometimes* when https doesn't work, http will continue to work. And when you log in to the admin console, it shows remote connections as http instead of https. This is making me feel like this is a config issue. Suggestions? Thanks! emby-server_logs.7z
  5. Hello, I wanted I have my emby server running on a server that is accessed by a reverse proxy. This allows me to have multiple domains (other services) under the same IP address. This works great, and I have it running for some time now. Now I would like to enhance the security by adding a required Client Certificate Authentication, so that only authorised personal have access to the server. I configured it on the reverse proxy, and now when I access the server by the Webbrowser (desktop and android) it works, only people that have the certificate installed can communicate with the server. But the app does not work. When I access by the browser it asks me what is the client certificate to use, but in the app I simply can't connect. Is this possible? Or I have some miss configuration? Thank you
  6. LIMABravo253

    Setting UP External Connection

    Hey, I have read most of the posts on the forum and i am still really struggling with setting up external connection and SSL. Now I have bought a domain through namecheap.com and have been following the guide Setting up SSL for Emby (WIP) by Swynol Now i have followed every step but I cant seem to get it to work. now I am not that technically gifted but know my way around a computer. Please could some help even further or dumb the process a bit even though its dumbed down already. I struggle with ssl free as it never finds my txt line to verify my domain. So any help would be greatfully appreciated Setting up SSL for Emby (WIP)
  7. Hello Guys, facts: installed emby on a debian vps. allow 8096 and 8920 in ufw buy a Domain at namecheap. create A Record for the VPS IP. create a letsencrypt cert (https://emby.media/community/index.php?/topic/42315-creating-a-letsencrypt-ssl-certificate-for-emby/ Emby config: add certfolder to /opt/emby-server/ssl/ssl.pfx Emby config: add external Domain "https://xxx.xxx" Problem: I got emby over "http://xxx.xxx:8096"but on "https://xxx.xxx:8920" I got "ERR_TUNNEL_CONNECTION_FAILED" can you help me with this issue? thanks
  8. budssgc

    Server won't run on HTTPS

    I migrated my Emby server from a Windows based to an CentOS based, and before the migration, my Emby server would say on the dashboard, "Running on HTTP Port# and HTTPS Port#, now it only says "Running on HTTP Port# " I have added both ports used for HTTP and HTTPS to the /etc/firewalld/services/embyserver.xml , and i know the firewall settings have not changed. I have confirmed its not a port issue since i switched the used ports in emby for http and https and both ports are able to get out. At this point I'm not really sure what the problem is. Thanks in advance
  9. Hi, Some time ago i read that the ORSAY third party app dev's did not see a problem in not developing HTTPS support. My Samsung is run remotely through the Internet, and I would really like that developers think of security. Anyway... How would the Third Party App behave if i enable the new setting on the server to redirect to HTTPS.. Will the App ignore this and still use HTTP because it does not support HTTPS? Thanks /Blob
  10. XBOX ONE will not connect to Emby server via https using port 8920. I can connect with Chrome on https to the server with no issues and I was connected to it via https before but I deleted the server from my XBOX because I wanted to re-add it by DNS name instead IP like it was. After doing that i can only connect via port 8096 and that works with either DNS or IP. Below is the part of the logs on my last failed connection attempt, is there something I need to change on the server? Thanks GaminKake 2017-09-19 18:04:30.745 Error HttpServer: Error in ProcessAccept *** Error Report *** Version: 3.2.30.0 Command line: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe -programdata /var/lib/emby-server -restartpath /usr/lib/emby-server/restart.sh Operating system: Unix 4.4.0.93 64-Bit OS: True 64-Bit Process: True Mono: 5.2.0.215 (tarball Mon Aug 14 15:46:12 UTC 2017) Processor count: 2 Program data path: /var/lib/emby-server Application directory: /usr/lib/emby-server/bin Mono.Btls.MonoBtlsException: Ssl error:1000009c:SSL routines:OPENSSL_internal:HTTP_REQUEST at /build/mono-5.2.0.215/external/boringssl/ssl/handshake_server.c:581 at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in <d2c057d9d34d4e029e580897bd60340c>:0 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncProtocolRequest asyncRequest, Mono.Net.Security.AsyncOperationStatus status) [0x0002a] in <d2c057d9d34d4e029e580897bd60340c>:0 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (Mono.Net.Security.AsyncOperationStatus status) [0x0006b] in <d2c057d9d34d4e029e580897bd60340c>:0 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation () [0x0000d] in <d2c057d9d34d4e029e580897bd60340c>:0 at Mono.Net.Security.AsyncProtocolRequest.StartOperation () [0x00000] in <d2c057d9d34d4e029e580897bd60340c>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <204f770036d441bb8dfd3daba3550e83>:0 at Mono.Net.Security.MobileAuthenticatedStream.EndProcessAuthentication (System.IAsyncResult result) [0x00064] in <d2c057d9d34d4e029e580897bd60340c>:0 at Mono.Net.Security.MobileAuthenticatedStream.EndAuthenticateAsServer (System.IAsyncResult asyncResult) [0x00000] in <d2c057d9d34d4e029e580897bd60340c>:0 at System.Threading.Tasks.TaskFactory`1[TResult].FromAsyncCoreLogic (System.IAsyncResult iar, System.Func`2[T,TResult] endFunction, System.Action`1[T] endAction, System.Threading.Tasks.Task`1[TResult] promise, System.Boolean requiresSynchronization) [0x00019] in <204f770036d441bb8dfd3daba3550e83>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <204f770036d441bb8dfd3daba3550e83>:0 at SocketHttpListener.Net.HttpConnection+<InitStream>c__async0.MoveNext () [0x000fd] in <551a698639e347b7b41ff2457f619ff3>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <204f770036d441bb8dfd3daba3550e83>:0 at SocketHttpListener.Net.HttpConnection+<Create>c__async1.MoveNext () [0x000bb] in <551a698639e347b7b41ff2457f619ff3>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[TResult].GetResult () [0x00000] in <204f770036d441bb8dfd3daba3550e83>:0 at SocketHttpListener.Net.EndPointListener+<ProcessAccept>c__async0.MoveNext () [0x00126] in <551a698639e347b7b41ff2457f619ff3>:0 Mono.Btls.MonoBtlsException at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in <d2c057d9d34d4e029e580897bd60340c>:0 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncProtocolRequest asyncRequest, Mono.Net.Security.AsyncOperationStatus status) [0x0002a] in <d2c057d9d34d4e029e580897bd60340c>:0 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (Mono.Net.Security.AsyncOperationStatus status) [0x0006b] in <d2c057d9d34d4e029e580897bd60340c>:0 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation () [0x0000d] in <d2c057d9d34d4e029e580897bd60340c>:0 at Mono.Net.Security.AsyncProtocolRequest.StartOperation () [0x00000] in <d2c057d9d34d4e029e580897bd60340c>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <204f770036d441bb8dfd3daba3550e83>:0 at Mono.Net.Security.MobileAuthenticatedStream.EndProcessAuthentication (System.IAsyncResult result) [0x00064] in <d2c057d9d34d4e029e580897bd60340c>:0 at Mono.Net.Security.MobileAuthenticatedStream.EndAuthenticateAsServer (System.IAsyncResult asyncResult) [0x00000] in <d2c057d9d34d4e029e580897bd60340c>:0 at System.Threading.Tasks.TaskFactory`1[TResult].FromAsyncCoreLogic (System.IAsyncResult iar, System.Func`2[T,TResult] endFunction, System.Action`1[T] endAction, System.Threading.Tasks.Task`1[TResult] promise, System.Boolean requiresSynchronization) [0x00019] in <204f770036d441bb8dfd3daba3550e83>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <204f770036d441bb8dfd3daba3550e83>:0 at SocketHttpListener.Net.HttpConnection+<InitStream>c__async0.MoveNext () [0x000fd] in <551a698639e347b7b41ff2457f619ff3>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <204f770036d441bb8dfd3daba3550e83>:0 at SocketHttpListener.Net.HttpConnection+<Create>c__async1.MoveNext () [0x000bb] in <551a698639e347b7b41ff2457f619ff3>:0 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <204f770036d441bb8dfd3daba3550e83>:0 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[TResult].GetResult () [0x00000] in <204f770036d441bb8dfd3daba3550e83>:0 at SocketHttpListener.Net.EndPointListener+<ProcessAccept>c__async0.MoveNext () [0x00126] in <551a698639e347b7b41ff2457f619ff3>:0
  11. Arelion

    Need help to install certificate

    Hi, I've tried to follow all the guides out there to add a certificate to my Emby server, unfortunately without success. Today I'm running my Emby server on Ubuntu 17.04. I own my own domain but I already use the main domain for another server that I has as a webserver. So I would like to have a sub-domain for my Emby, so I have created an address that looks like this: emby.domain.com I have managed to use free certificates on my web server via Certbot, but when I try to do the same way on my Emby server with my sub-domain I get some authentication error message. So I would really appreciate if someone would give me some really good instructions on how to install a certificate on my Emby-server. Have tried this already: https://emby.media/community/index.php?/topic/44757-setting-up-ssl-for-emby-wip/
  12. There have been a few posts around the Forum recently regarding SSL, HTTPS and Security. I'm by no means an expert on reverse proxies but have had alot of dealings with them over the past few months and with the help of @@pir8radio and @@shorty1483 have a fairly well setup and secure system to access my services from outside of my LAN. This guide is to help people access their Emby Server and any other services behind a reverse proxy. This is based on NGINX but it also works for Apache and IIS. So firstly, what is and why do i need a reverse proxy? If you’re like me and have many services running on servers or PCs in your home, i.e. Emby, Plex, Sonarr, Radarr, Ombi, Organizer, CP, home automation, CCTV and anything else. Then you have to open multiple ports on your router to direct traffic to where it needs to go. With a Reverse Proxy you only have to open 1 or 2 ports. Normally all HTTP traffic is sent over port 80 and HTTPS traffic over port 443. In my case I want all traffic served over HTTPS and port 443 so I close all ports bar 443. Another reason to use a reverse proxy is that you can use your own domain certs easily and fine tune your security settings. If you want to test your Domain security go here - https://securityheaders.io/ Chances are your rating will be an F. with reverse proxy you can easily attain a B+/A Grade. You can also setup a web faced server running NGINX and then have additional servers behind that hidden on your LAN, however if your like me I have NGINX running on the same machine as emby. I only access Emby remotely do i still need a reverse proxy? Difficult to answer. No you dont need a reverse proxy to access Emby, but if you do then you can fine tune the security. This guide assumes you have a Domain name, your own Certs to go with your domain name and either have your domain name pointed to a static PC (your home WAN IP) or have Dynamic DNS setup. Have I convinced you yet? I run Windows OS at home so this guide follows a Windows setup but the config will be the same across all OS. 1. Download the latest version of NGINX from here - http://nginx-win.ecsds.eu/ as of writing this guide its version 1.13.0.1 Violet. 2. Extract the ZIP file somewhere easy to find. C:\NGINX. a. To make future updating easier when you extract the ZIP the file is called nginx 1.13.0.1 Violet. Rename it to just NGINX. 3. Before we get started on the config of NGINX lets install it as a service. a. Download NSSM b. Extract the ZIP c. Copy correct x86 or x64 nssm.exe to C:\Windows\System32 d. Open a CMD, type ‘nssm install nginx’ e. Fill in the Application Path – C:\NGINX\nginx.exe Startup directory – C:\NGINX Service name – NGINX. Install Service Don’t Start the service yet, we need to configure NGINX. To create a config I use notepad++. I will go through each setting first before supplying a copy of my current config. This is how the config starts. worker_processes 2; events { worker_connections 8192; } http { include mime.types; default_type application/octet-stream; server_tokens off; sendfile off; gzip on; gzip_disable "msie6"; gzip_comp_level 6; gzip_min_length 1100; gzip_buffers 16 8k; gzip_proxied any; gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/rss+xml image/svg+xml; tcp_nodelay on; server_names_hash_bucket_size 128; map_hash_bucket_size 64; ## Start: Timeouts ## client_body_timeout 10; client_header_timeout 10; keepalive_timeout 30; send_timeout 10; keepalive_requests 10; ## End: Timeouts ## } This part is fairly standard. anything starting with # is disabled or just a comment. The config is broken down into blocks. the first block here is the HTTP block. The HTTP block contains all the headers required to do the work of the reverse proxy for example when someone browses to emby.mydomain.com it matches a header in NGINX and it knows where to forward the data. The only change in the section above over a default config is the addition of server_tokens off; this is the first of our security tweaks. This removes the version of NGINX from being visible outside your network and less chances of attackers being able to exploit version weaknesses. ## Default Listening ## server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301 https://$host$request_uri; } This next block is called a server block and it nested inside the HTTP block. This block is optional, it is only used to redirect any users from HTTP to HTTPS if you want to force users on HTTPS only. listen 80 and listen [::] 80 are default ports for HTTP traffic for IPv4 and IPv6. return 301 https://$host$request_uri; is what rewrites the request from HTTP to HTTPS. Again only needed if you are forcing everyone to use HTTPS only. ##EMBY Server## server { listen 80; listen [::] 80; listen [::]:443 ssl; listen 443 ssl; server_name emby.mydomain.com; ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate SSL/cert.pem; ssl_certificate_key SSL/private.key; ssl_session_cache shared:SSL:10m; #add_header Public-Key-Pins ' #pin-sha256="8TzXdhbnv+l6EjDG2Vj9EmgGiSmZenrTZSNaUFEwyUE="; #pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; #pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; #max-age=86400; includeSubDomains'; add_header X-Xss-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always; add_header X-Frame-Options "SAMEORIGIN" always; proxy_hide_header X-Powered-By; add_header 'Referrer-Policy' 'no-referrer'; add_header Content-Security-Policy "frame-ancestors mydomain.com emby.mydomain.com;"; location / { proxy_pass http://192.168.10.10:8096; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Next three lines allow websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } The next server block is where the magic happens. First the listen 80; and listen [::] 80; are only needed if you want to allow users to access your emby server on port 80. otherwise delete these 2 lines to force all users to HTTPS access. Listen 443 ssl; and listen [::] 443 ssl; are the default HTTPS ports again for IPv4 and IPv6. server_name emby.mydomain.com will be your subdomain and how you access emby from outside your network. Now lets look at the SSL certificates, for my setup I created a .pem file. this file contains both my cert, intermediate and CA root cert in one file. This link gives you an idea how to do it - https://www.digicert.com/ssl-support/pem-ssl-creation.htm you should now have your cert.pem and a private.key file. for simplicity copy these files to C:\NGINX\conf\SSL (you have to create the SSL folder) This tells NGINX where to find the certs. ssl_certificate SSL/cert.pem; ssl_certificate_key SSL/private.key; For now I am going to skip over the #add_header Public-Key-Pins - as you can see i have it disabled by using # in front of it. I will explain why later on. The next section adds further security tweaks, you will need to change the content-security-policy domain names to your own. you need to list all your subdomains i.e. sonarr.mydomain.com radarr.mydomain.com emby.my....... you get the idea. add_header X-Xss-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always; add_header X-Frame-Options "SAMEORIGIN" always; proxy_hide_header X-Powered-By; add_header 'Referrer-Policy' 'no-referrer'; add_header Content-Security-Policy "frame-ancestors mydomain.com emby.mydomain.com;"; The next part is called the location block. This is what tells your domain name emby.mydomain.com where the data should go. In this case it forwards everything to proxy_pass http://192.168.10.10:8096 you can also forward to proxy_pass http://127.0.0.1:8096 if it runs on the same box as NGINX. the rest of the location block is default stuff to help the data get to where it is needed. Your Config should now look like the one below. we need to save it to C:\NGINX\conf and name it nginx.conf worker_processes 2; events { worker_connections 8192; } http { include mime.types; default_type application/octet-stream; server_tokens off; sendfile off; server_names_hash_bucket_size 128; map_hash_bucket_size 64; ## Start: Timeouts ## client_body_timeout 10; client_header_timeout 10; keepalive_timeout 30; send_timeout 10; keepalive_requests 10; ## End: Timeouts ## ## Default Listening ## server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301 https://$host$request_uri; } ##EMBY Server## server { listen [::]:443 ssl; listen 443 ssl; server_name emby.mydomain.com; ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate SSL/cert.pem; ssl_certificate_key SSL/private.key; ssl_session_cache shared:SSL:10m; #add_header Public-Key-Pins ' #pin-sha256="8TzXdhbnv+l6EjDG2Vj9EmgGiSmZenrTZSNUFEwyUE="; #pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/utLMkBgFF2Fuihg="; #pin-sha256="Vjs8r4z+80wjNcr1KepWQboSIRi63WsWXhIMN+eWys="; #max-age=86400; includeSubDomains'; add_header X-Xss-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always; add_header X-Frame-Options "SAMEORIGIN" always; proxy_hide_header X-Powered-By; add_header 'Referrer-Policy' 'no-referrer'; add_header Content-Security-Policy "frame-ancestors mydomain.com emby.mydomain.com;"; location / { proxy_pass http://192.168.10.10:8096; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Next three lines allow websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } } And thats it, you can now start your NGINX services by running services.msc and starting NGINX.
  13. sstt671

    HTTPS not working on TS-251+

    Hello, I am not able to setup SSL on my emby server hosted on QNAP TS-251+. Server details: QNAP TS-251+ Firmware v4.3.3 Emby v3.2.14 Qmono v4.6.2.7 (64bit) When I supply my own ssl cert with .pfx, I can connect via http but not https. Port forwarding is done correctly. Also, if I do not supply my own cert then connect via https works fine with warning. Here is the log snippet: 2017-05-08 14:46:32.9377 Error App: Error loading cert from /*****/SSLcertificate.pfx *** Error Report *** Version: 3.2.14.0 Command line: /*****/.qpkg/Emby/Emby/MediaBrowser.Server.Mono.exe Operating system: Unix 4.2.8.0 64-Bit OS: True 64-Bit Process: True Mono: 4.6.2 (Stable 4.6.2.7/08fd525 mercredi 23 novembre 2016, 17:45:54 (UTC+0100)) Processor count: 4 Program data path: /*****/.qpkg/Emby/Emby/ProgramData-Server Application directory: /*****/.qpkg/Emby/Emby System.Security.Cryptography.CryptographicException: Unable to decode certificate. ---> System.Security.Cryptography.CryptographicException: Input data cannot be coded as a valid certificate. ---> System.Security.Cryptography.CryptographicException: Input data cannot be coded as a valid certificate. at Mono.Security.X509.X509Certificate.Parse (System.Byte[] data) [0x00041] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 --- End of inner exception stack trace --- Any suggestions? Thanks,
  14. DarkMarkus88

    Emby-Server start geen HTTPS.

    Bij het starten van Emby-Server voor Ubuntu 16.04.2 (64bit) Versie 3.2.8.10 beta en Versie 3.2.8.9 beta en Versie 3.2.8.0 start hij geen instance. Dit staat in de logfile: "EnableUPnP":true,"PublicPort":****,"PublicHttpsPort":*****,"HttpServerPortNumber":****,"HttpsPortNumber":*****,"EnableHttps":true Hij staat aan, maar laat niet zien dat hij actief is. Volgens mij is hij ook niet actief. Heb ook al meerdere keren verwijderd en herinstalleert. Enig idee waarom zich dit voor doet? Ik heb alle andere progs die wel met https draaien. (Poortnummers zijn gemaskeerd) Ik lees net op het forum, dat het aan de mono versie 4.8 ligt. Ik hou dat in de gaten, in ieder geval bedankt!
  15. bhelm

    OGG and webplayer transcoding

    I would like to listen to 320Kbit OGG Audio and have two problems with that: 1. in Firefox 51 (linux, fresh profile, no addons, without nginx ssl proxy), there is no audio at all. song is stuck at 0:00. I can see the emby server transcoding in the logs. Playing mp3 works. 2. in Chromium (linux too) there is audio playing, but the OGG is transcoded to aac. is there a known problem with firefox and playing aac? can direct streaming of the ogg be enabled? i think chromium is able to play OGG. using latets emby on up-to-date debian jessie and with https. also using it behind nginx reverse ssl proxy because mono still seems to be unable to provide the certificate chain correctly?
  16. chali

    Emby is not enabling https

    Hi i shifted router yesterday, and today Emby refuse to enable https port as external port? tride multiple enable/disable https, reboots, and multiple ports its only http ports that seem to work. /Regards logg.txt
  17. Ok this is going to be a long post. In this thread I will show you 2 different ways in which I setup a HTTPS connection to my emby server. Both ways require a certificate which again I will show you how i got mine using Lets Encrypt on Windows. I will break the posts up into Sections. Part.1 - Setting up a DDNS (Dynamic DNS host) Only require if you ISP IP is dynamic i.e. changes. Part.1.A - Setting Up DDNS using your own Domain Name Part.2 - Getting a Domain Name (Optional but looks fancier) Part.3 - Getting a SSL Cert from Lets Encrypt the easy way. Part 3a - Using LE.exe to get Certificates (recommended) Part.4 - Setting up HTTPS by changing default port to 443 Part.5 - Setting up HTTPS using reverse proxy
  18. I had posted about a similar issue prior and the thread was merged into another thread that really did not cover the same issue and there was never really a clear solution. I currently run an Emby server via HTTPS for secure WAN connections. Through the android app only I can only fast forward, rewind, and seek on random media playback. Sometimes it will only work for a short while until it decides it does not want to work anymore. When it does not work I can attempt to seek anywhere in the playback and it will not move to that spot but continue playing from where it currently is. If I pause and play it jumps back to its current location. If I pause and attempt to seek and hit play it jumps back to its current location. This happens on most of my media but not all, as some of my media I can seek freely through the playback. This has been a problem on my Nexus 5X, my Nexus 7, and now my Google Pixel. Also chromecast playback outside of my LAN does not work, it just says Emby on the chromecast screen, when the media is selected and said to be playing through the phone or web browser, it is not playing on the chromecast. This same problem occurs 50% of the time inside my LAN connected to the unencrypted connection. All certificates are stock to the Emby server. The problem is limited to the android app. I have not tested the iPhone app with the problem. (Side but far less important question that I am curious about is that I have the server running on a virtual machine with Windows Server 2012 installed with 16 cores dedicated to it. I see the server side settings that allows up to 8 cores selected or maximum, can the emby server take full advantage of the 16 cores I dedicated to the VM?)
  19. I have noticed this issue developing in the past few releases but I was not sure if it was something on my end or your end. I I have determined its your end and its a bug with the server after testing by completely uninstalling Emby and wiping all files to ensure a clean install. I have check my SSL certificate and chain which passes the check by using SSL Checker. I have other sites with SSL and they are having no issues with any sort of dropout using SSL. So, What happens well website just intermittently and without warning drops out and is unreachable. Q. What was I doing when this situation happens? Answer is: Nothing Q. Is there a way to force this issue to occur so it may be observed? Answer is: Yes Whenever I attempted to connect via my mobile phone within the network simply using the Firefox web browser the connection will fail and hang and will cause HTTPS connectivity to drop until the server is restarted but once this occurs nobody from any device can connect via HTTPS internally or externally but I'm still able to connect locally/internally without SSL I also thought it may be a firewall issue as well but I completely disabled the firewall and the issue is still occurring. Lastly, I also check router settings and everything is correct. Do you have any log files? Yes, please use the following info to connect via web browser from the exact machine that Emby server is running on to retrieve them. The info to connect is: URL: https://fileserver.jpwservices.net:446/ User is: emby Pass is: emby
  20. Hi Emby crowd! I have an emby server visible on the internet via SSL/HTTPS only. My server has DDNS so is accessed via URL rather than IP address. I'll be off on a family holiday soon and we're looking to be able to watch our Emby movies on the TV in our destination. The problem is that I have found that Emby app support for HTTPS seems to be quite patchy... - iOS works perfectly with HTTPS. I can watch movies from other networks, from 3G/LTE etc no probs... but of course is is not a big screen family experience. - Samsung TV app works well - family members are able to stream from my Emby server... but I wont be sideloading TV apps on someone elses TV - Amazon fire stick - not working with HTTPS. It fails when trying to select an HTTPS address - Emby sideloaded to Now TV box (aka a roku 3) - does not work with HTTPs - Chromecast - TBC need to test it today One other option is to use the (very pricey) Apple lightning HDMI adapter to watch from iOS app on the TV. Does anyone know if the Apple lightning HDMI adapter works with Emby app? Does anyone have any good (well proven) ideas on how to stream Emby via SSL? Which apps/devices will work? What do you guys do? Note that I have direct access to the wifi network at my travel destination. Its not a hotel wifi with captive portal thank god. (The amazon fire stick is potentially the holy grail of Emby travel since it supports hotel wifi... but sadly not SSL connections) Big thanks in advance for you inputs!!
  21. Is there a way to set the Emby tray icon to open "https://localhost:8920"by default instead of "http://localhost:8920/"? I have enabled HTTPS for Emby already.
  22. Hi there, I am trying to access my Emby server from the "outside" world. To do so, I have configured the public port on my emby server instance as 8920 and left the field for the server-cert blank, hoping emby would provide its own. I did forward the port in my router. But sadly, nothing works. My browser keeps loading forever. Doing the same for the standard http-port, 8096, works like charm, however, unencrypted. I am completely new to the whole SSL thing via http, is there anything else to do, or is there a tutorial on how to get my emby server public? Thanks!
  23. Greg Prz

    Android App needs some lovin

    Hello, I know the technical reasons for the following issues have already been discussed but I was wondering when will they be fixed? Emby on my android phone running Marshmallow is pretty much useless at this point I might as well uninstall it. I definitely would not have bought the premier version if I were looking at it today. The big issues I see are: 1) Lack of External SD Card support. Mega Huge, Monstrous even, in my book. I can't even use the old work around of syncing to the external card and then using a 3rd party player anymore. 2) HTTPS doesn't work over wlan - meh no biggie except - 3) No offline playback support I'd rather not have to move to Plex (assuming they can do it) as I've already paid for Emby but I do want to use the nice 128GB SD card in my phone. Any timeline at all? Are we talking days, weeks, months, years???? Please? Thanks
  24. grouik1er

    Emby 3.0.5882.0

    Hello, Since the last update, https access does'nt work for me (8920) ERR_TIMED_OUT, http (8096) is ok. Someone have the same problem ? Thanks
  25. I am just another user converting from Plex, seems like a trend here. From what I have seen so far I am very impressed. My environment unraid 6.1.8 server with the official docker running. It is launched with this command: docker run -d --name="EmbyServer" --net="host" -e APP_UID="99" -e APP_GID="100" -e TZ="America/New_York" -p 8096:8096/tcp -v "/mnt/user/config/emby":"/config":rw -v "/mnt/user/Video/":"/mnt":rw emby/embyserver All seems to be going good accept I cannot playback video over https port 8920 on a Mac running OS 10.11.3 and Safari browser version 9.0.3. Any video I play just gives a video playback error. When connected to the host with http and port 8096 all is well and I can play back video just fine. This seems specific to the Safari browser with https. I can play back video in Chrome on Mac with https just fine, or on Windows. This is not a deal breaker for me but I just wanted to provide my feedback/log in case others have noticed this. I took a glance through the thread here and did not see a post. Keep up the great work and I am glad I have made the switch. It seems to work on other browsers to connect to https even though port 8920 is not exposed in the docker run command above so would not think that is it. 2016-02-18 18:39:45.2336 Info HttpServer: HTTP POST https://192.168.1.9:8920/emby/Sessions/Capabilities/Full. UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/601.4.4 (KHTML, like Gecko) Version/9.0.3 Safari/601.4.4 2016-02-18 18:39:45.2384 Info HttpServer: HTTP Response 204 to 192.168.1.16. Time: 5ms. https://192.168.1.9:8920/emby/Sessions/Capabilities/Full 2016-02-18 18:39:45.2570 Error HttpServer: Error in ProcessAccept *** Error Report *** Version: 3.0.5871.0 Command line: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe -programdata /config -ffmpeg /bin/ffmpeg -ffprobe /bin/ffprobe -restartpath /usr/lib/emby-server/restart.sh Operating system: Unix 4.1.17.0 Processor count: 2 64-Bit OS: True 64-Bit Process: True Program data path: /config Mono: 4.2.1 (Stable 4.2.1.102/6dd2d0d Tue Jan 19 01:36:09 UTC 2016) Application Path: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe The authentication or decryption has failed. System.IO.IOException at Mono.Security.Protocol.Tls.SslStreamBase.EndRead (IAsyncResult asyncResult) <0x419be640 + 0x00153> in <filename unknown>:0 at System.Net.Security.SslStream.EndAuthenticateAsServer (IAsyncResult asyncResult) <0x419be5a0 + 0x0003e> in <filename unknown>:0 at System.Net.Security.SslStream.AuthenticateAsServer (System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, Boolean clientCertificateRequired, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) <0x419a79f0 + 0x00055> in <filename unknown>:0 at System.Net.Security.SslStream.AuthenticateAsServer (System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate) <0x419a7530 + 0x00022> in <filename unknown>:0 at SocketHttpListener.Net.HttpConnection..ctor (ILogger logger, System.Net.Sockets.Socket sock, SocketHttpListener.Net.EndPointListener epl, Boolean secure, System.Security.Cryptography.X509Certificates.X509Certificate cert, System.String connectionId) <0x414f3990 + 0x00257> in <filename unknown>:0 at SocketHttpListener.Net.EndPointListener.ProcessAccept (System.Net.Sockets.Socket accepted) <0x414f3300 + 0x0010b> in <filename unknown>:0 InnerException: Mono.Security.Protocol.Tls.TlsException The client stopped the handshake. at Mono.Security.Protocol.Tls.SslServerStream.EndNegotiateHandshake (IAsyncResult asyncResult) <0x419c2ba0 + 0x00227> in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) <0x419c2610 + 0x0008d> in <filename unknown>:0
×
×
  • Create New...