Search the Community
Showing results for tags 'ssl'.
-
Stuck Configuring Nginx Reverse Proxy with Cloudflare in front
MachineLearning posted a topic in General/Windows
Inspired by this article on how to host a website using cloudflare and nginx, i intend to do the same for my emby server. Like swynol, i have nginx server and emby server running on the very same machine which i station on my local home network. My OS however is ubuntu instead of windows. Ive tried both swynol's and lukecarrier's github codes, no avail, it wont redirect to the emby server no matter what. My nginx server was indeed running as both ports 80 and 443 are opened as tested by canyouseeme.org. It just wont redirect whenever i go to https://emby.mydomainname.com I dont even know where should i put the code, of the guides online, some say /etc/nginx/conf.d/mydomain.com, some say /etc/nginx/sites-available/mydomain.com with /etc/nginx/sites-enabled linked to earlier. I highly suspect that the code is the culprit. sudo nginx -t show no error, systemctl status nginx operational Shed some light anyone? Appreciate it. Update 16/12/2020 Here's my nginx code where I put under sites-available and then linked to sites-enabled via ln -s server { listen [::]:80; ## Listens on port 80 IPv6 listen 80; ## Listens on port 80 IPv4 listen [::]:443 ssl http2; ## Listens on port 443 IPv6 with http2 and ssl enabled listen 443 ssl http2; ## Listens on port 443 IPv4 with http2 and ssl enabled proxy_buffering off; ## Sends data as fast as it can not buffering large chunks. server_name emby.mydomainname.com; ## enter your service name and domain name here access_log /var/log/nginx/embyaccess.log; ## Creates a log file with this name and the log info above. ## SSL SETTINGS ## ssl_session_timeout 30m; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate /etc/ssl/mydomainname/cert.pem; ## Location of your public ssl_certificate_key /etc/ssl/mydomainname/key.pem; ## Location of your private PEM file. ssl_client_certificate /etc/ssl/mydomainname/cloudflare.crt; ##Authenticated Origin Pulls ssl_verify_client on; ##Authenticated Origin Pulls ssl_session_cache shared:SSL:10m; location ^~ /swagger { ## Disables access to swagger interface return 404; } location / { proxy_pass http://localhost:8096; ## Enter the IP here proxy_hide_header X-Powered-By; ## Hides nginx server version from bad guys. proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested. proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested. #proxy_set_header X-Real-IP $remote_addr; ## Passes the real client IP to the backend server. proxy_set_header X-Real-IP $http_CF_Connecting_IP; ## if you use cloudflare un-comment this line and comment out above line. proxy_set_header Host $host; ## Passes the requested domain name to the backend server. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## Adds forwarded IP to the list of IPs that were forwarded to the backend server. ## ADDITIONAL SECURITY SETTINGS ## ## Optional settings to improve security ## ## add these after you have completed your testing and ssl setup ## ## NOTICE: For the Strict-Transport-Security setting below, I would recommend ramping up to this value ## ## See https://hstspreload.org/ read through the "Deployment Recommendations" section first! ## add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header Strict-Transport-Security "max-age=15552000; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; ## WEBSOCKET SETTINGS ## Used to pass two way real time info to and from emby and the client. proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } } Big thanks to @pir8radio for the configuration, my configuration is based on his. Setting up authenticated origin pulls is optional, here's where I download the cert. https://support.cloudflare.com/hc/en-us/articles/204899617-Authenticated-Origin-Pulls#section6- 13 replies
-
So this is a bit wierd, emby on my nas was all working fine over https until this google outage this morning. (Why this should make a difference, no idea, but it's the only thing that has changed) Now it does not seem to be working. I have tried the default port (8920) and the one I want to use: (9920) And it does not seem to be listening on either of these ports. If I run a port checker on my local network the port does not appear to be listening (and fwiw I see no mention of the https port in the start up logs) I have disabled the firewall on the nas, but it has made no difference. I have rebooted the nas and reinstalled emby, again these made no difference The 9920 port is listed in my config file I have to admit I am confused. Before I would see these lines: 2020-12-04 19:36:21.263 Info App: Adding HttpListener prefix http://+:8196/ 2020-12-04 19:36:21.263 Info App: Adding HttpListener prefix https://+:9920/ But now I only see: 2020-12-14 13:26:52.310 Info App: Adding HttpListener prefix http://+:8196/ the second line is missing...
-
Ok this is going to be a long post. In this thread I will show you 2 different ways in which I setup a HTTPS connection to my emby server. Both ways require a certificate which again I will show you how i got mine using Lets Encrypt on Windows. I will break the posts up into Sections. Part.1 - Setting up a DDNS (Dynamic DNS host) Only require if you ISP IP is dynamic i.e. changes. Part.1.A - Setting Up DDNS using your own Domain Name Part.2 - Getting a Domain Name (Optional but looks fancier) Part.3 - Getting a SSL Cert from Lets Encrypt the easy way. Part 3a - Using LE.exe to get Certificates (recommended) Part.4 - Setting up HTTPS by changing default port to 443 Part.5 - Setting up HTTPS using reverse proxy
- 218 replies
-
- 12
-
-
Hello Emby community! So today I decided to give Emby a try in order to maybe replace Plex that I have been using for years. So far, I loved almost everything about Emby (maybe not the fact that we can't change the green accent in the AndroidTV app, but that's a story for another day ). I have one question though, for which I couldnt seem to find precise info. I run all my services from a machine in my house, which runs OpenMediaVault (i.e. Debian). I use Docker for most of the services, with bridge mode for their network interface. I also have, among those services, an Nginx container that serves as a reverse-proxy, so I can access my services more easily. The OpenMediaVault web interface proposes the option to connect using a self-signed SSL certificate, which I decided to use when I set it all up. I then re-used this same SSL certificate for all my other reverse-proxies, by mounting the certificate files as read-only into the Nginx container, so that I only had one exception to add to my browsers in order to reach all my services like so: https://servicename.hostname.lan So far, so good, as I only access these services from my home lan, and since I used Plex until now, I never had to mess with secure remote access: since the connection is routed through their servers, it was an easy setup with no configuration on my side (only authorizing the default Plex port for outgoing connections in my machine's iptables as well as ESTABLISHED,RELATED incoming connections, then once it was connected I had nothing more to do for their servers to detect my machine, not even setting port redirection on my router or allowing anything through my router's firewall). But now, I'd like to switch to Emby, and here's my question: am I not able to allow secure remote access if I don't have a domain name pointing to my home router's IP? What else could I do? I can post the nginx configs (with purged personal info) if needed. Many thanks in advance!
-
This started to happen 7 days ago. I am running no fancy plugins and the server version 3.2.27.0 (I know it is not the latest but it works) has served me well. Attached is the log as well as a picture from the Dashboard. I searched the forum and it looks like that there is a problem with the SSL connection. No idea what I need to do on my side. But any updates through the Dashboard seems to be impossible. Please advise. O2G server-63655498727.txt
-
I'm not sure if this is where I should be posting, Emby is on server 2019 but the majority of issues and posibly all of them exist outside of the server. I have been trying to make the move from Plex to Emby for a decent while now. I hate a lot of changes Plex is making and Emby has a lot of things I like WAY more. However, I am stuck when it comes to trying to setup SSL and none of the guides I have found are complete enough to actually help. The last guide I tried to follow was this one, https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windows the only deviation I believe exists is instead of being a 'namecheap' domain it is a godaddy domain because thats what i have access to as a free test (friend's and is letting me test/borrow it) I follow it to the T but at the Certify step when you click 'request certificate' it fails. I strongly feel there is something missing from the guide in the form of a prep on the domain side. At the beginning it simply says you need a domain, it doesn't say anything about a way to prep it to be able to generate and accept a cert. Is a cert from let's encrypt supposed to be added to the domain? From everything I have been seeing it appears to add a cert to the domain would require the domain to have 'web hosting'. Is it a requirement that everyone seems to consistently leave out of their guides? Other guides say I need to have DNS on my server and for a Cname to be created on the domain to point to my DNS. This guide doesn't have that at all though, I guess what I am basically saying is im completely lost. What I have, duckdns on my emby server with it set up and working to point duckdns address to my IP. port forwarding on my router for port 80 to the Emby server IIS installed on the Emby Server (currently has configuration set up as outlined in the guide above) Emby installed on the Emby server (I have made 0 changes to this) Certify installed on the Emby server access to a go-daddy domain (does not have anything set up) I don't care if it uses all of the above or not. Its just a statement of what exactly I have done. My question is, with what on earth should I be doing to try and get this to work? if there a particular guide you believe i should follow instead of trying to work through the one I have above please let me know. Also, please dont assume anything has been done that hasn't been explicitly ask for in the guide (except the presence of duckdns) from the guide above because there isn't.
-
https://support.emby.media/support/solutions/articles/44001159601-hosting-settings is where I ended up when searching for help on entering new SSL certificate. However, the dashboard now has a 'Network' node which is were I found the relevant information; the help should probably be updated.
-
Hi all, I am having an issue whereby I am unable to connect to my Emby Server remotely when using a domain. I have a SSL certificate that is correctly associated with the domain and works as it should. I have port forward setup on my router, and as a test I have used the external IP of my router as the external domain and this worked correctly and allowed me to access remotely. I've taken a log to show that it accepts the connection via the external IP as the external domain. If you require any further information please let me know. Thanks, Michael
- 26 replies
-
- QNAP
- Emby Server
-
(and 6 more)
Tagged with:
-
Hey! So I just finished the SSL certificate and all connections are secure BUT only when I enter my Dynamic DNS address. Not when I visit using the "app.emby.media" site on my iPhone, it shows "Not Secure". Included some pictures to show my configuration.
-
Good morning everyone. First I'd like to say how incredible this platform is, and express what a kick ass job you all are doing. Miles beyond my previous Plex setup, more streamlined, and just incredible. I was wondering if someone could point me in the direction of a configuration file, or process for restricting which SSL/TLS connection configurations are accepted by the Emby web server. A review of accepted connections is showing the server accepting TLSv1.0 which is insecure, TLSv1.1 which is coming up on phase out this year, and a mix of insecure/anonymous ciphers. I would like to restrict the server from accepting connections using these configurations, but am having trouble locating any form of proper configuration file within my qnap directories (Granted qnap CLI is not the best). I am aware of the potential issue with disabling these items and that it could cause issues with certain devices, but I would rather lock this down since it will be open to the net. Thanks for any assistance. Keep up the good work! Edit: Almost forgot. I'm running version 4.3.1.0 on a Qnap TS-451 on firmware 4.4.1.1146.
-
Hello, I was able to successfully configure windows IIS as a reverse proxy using URL re-write and AAR. I also enabled SSL offloading so I can put my Let's Encrypt cert in IIS and manage it through there as well as control the level of SSL Ciphers that IIS can use. Emby comes up perfectly and works.. Right up until you click play on a movie. The playback seems to take forever to load, it eventually does but then another issue comes up. The CPU on the server jumps to 99% and it never stops. From what I can tell of the logs it is doing a Remux of the file and then playing it which is causing the CPU to run hot. I was playing "The Fifth Element" as a test and when I viewed the stats for nerds it states that the "media bitrate exceeds limit" which I find odd as the movies overall bitrate is just 12/Mb. As a test I then disabled the reverse proxy and used the built in emby way of encrypting the server. I passed the .pfx12 file and its password and changed the port to 443 and did another test with the same movie and it played perfectly. It loaded instantly and the CPU stayed at around 1% usage. Could it be the SSL offloading that is causing this ? Could it be IIS itself ? Is there specific things I need to change within IIS in order for this to work correctly ? Has anyone here been able to successfully get an IIS reverse proxy with SSL offloading to work with emby ? Let me know Thank You
-
I have had a few people ask me to explain how I set up my Apache server to forward to my Emby server. Here is a breakdown of how mine is set up should anyone else wish to try this. This is just my way of doing this (yeah, I know, Nginx exists but I have always been an Apache user). Note that I use RPM based distributions, and my frontend Apache server is running on Fedora Server Edition (so that I can have the http/2 goodness). My instructions will emphasize this type of Linux distribution, so you will need to read up on how your particular flavor of Linux handles Apache installations. First off, here is an overview of my network. Everyone's network is different, but this is what I have set up: edge firewall -> wireless ap/firewall -> apache server -> media server (where the media files are actually stored) On my firewalls, I only have ports 80 and 443 tcp opened up, and they forward to my Apache server. No other ports are exposed to the Internet. My Emby server is not configured with SSL. All SSL is terminated at my Apache server. This way, I can use one SSL certificate to encrypt any web services that I run on my network, without trying to get a certificate for each individual server installation. Anything that comes in on port 80 automatically gets forced over to port 443 (this is done by my Apache server itself). I am also using HTTP/2 which has helped with the various web services that my Apache frontend is exposing to the web. Also, all of my internal servers are running host-based firewalls. There is nothing wrong with security in depth here, and I have personally not heard a valid reason to not run a host-based firewall for your networking services. I use https://letsencrypt.org/ for my SSL certificate. It's free, and their tools are awesome. If you use their services, please donate to them as they are providing a valuable service to practically every community. I also have my own domain name set up and registered, with a dynamic IP from my ISP. There are a plethora of services that will let you register your dynamic IP for a domain name, so search around for the one that suits you best. Personally, I am using Google Domains for mine. My firewall assists in keeping my latest IP registered for my domain. This is extremely handy for mobile devices and family members who wish to use my Emby server remotely. Here are the general steps I would recommend to someone setting this up for themselves: Use an edge firewall. The extra protection is worth it. Use your edge firewall to keep track of your public IP, and use whatever agent that your dynamic DNS provider provides to keep your latest IP registered for your domain. I do not recommend doing this from your Apache server, as your Apache server should be further into your network and protected by your other firewall(s). Set up an SSL certificate for your domain. Again, LetsEncrypt is pretty awesome. Install Apache on a server that can handle a fair amount of network traffic. If you are using LetsEncrypt, set up the agent to keep up with your SSL certificate on this server. dnf groupinstall "Web Server" dnf install mod_http2 Configure your Apache server. On a Fedora, CentOS, RHEL system create a file called /etc/httpd/conf.d/00_yourdomain.conf (the two zeroes are there to make sure that your domain file is loaded first). Here are snippets of my configuration (cleaned up a bit for, you know, security): <VirtualHost *:80> Protocols h2c http/1.1 # Send everything over to https instead, best practice over mod_rewrite ServerName example.com Redirect / https://example.com/ </VirtualHost> <VirtualHost _default_:443> # Enable http/2 Protocols h2 http/1.1 <IfModule http2_module> LogLevel http2:info </IfModule> SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DH-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 SSLHonorCipherOrder On SSLCompression off Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains" Header always set X-Frame-Options SAMEORIGIN Header always set X-Content-Type-Options nosniff SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 ServerName example.com ServerAlias example.com ErrorLog logs/example-error_log RewriteEngine on RewriteRule ^/emby(.*) http://127.0.0.1:8096/emby$1 [proxy] RewriteRule ^/emby http://127.0.0.1:8096 [proxy] RewriteRule ^/embywebsocket(.*) http://127.0.0.1:8096/embywebsocket$1 [proxy] RewriteRule ^/embywebsocket http://127.0.0.1:8096 [proxy] <location /emby> ProxyPass http://127.0.0.1:8096/ ProxyPassReverse http://127.0.0.1:8096/ </location> <location /embywebsocket> ProxyPass http://127.0.0.1:8096/ ProxyPassReverse http://127.0.0.1:8096/ </location> </VirtualHost> So what this does for me is let Apache handle all incoming port 80 requests, and turns them into encrypted traffic. All connections to and from the server (that can support it) are encapsulated in HTTP/2 packets. All of my SSL encrypted web traffic is handled by one certificate, so I can have multiple URL paths served by the same domain name, with only the https port used, and it just plain looks cleaner. For example, you can have: https://example.com/emby https://example.com/nextcloud https://example.com/hello_kitty_island_adventure Or whatever suits your needs. My Emby server doesn't have to worry about any proxy configurations or SSL, as Apache takes care of all of that. My example is using the localhost IP address to direct all incoming and outgoing Emby requests, but if you are using a separate host that runs Emby, just make sure to use the IP of that system instaed and that you have port 8096 open and available. I hope that others may find this helpful.
-
Hey, I had it setup for a while with an Letsencrypt Certificate converted into p12. It worked flawlessly. Then my cert ran out and I had to renew it. So i did "certbot --renew" which worked and converted it into a p12 with openssl pkcs12 -export -out certificate.p12 -inkey privkey.pem -in cert.pem -certfile fullchain.pem But sinse then HTTPS is not working: (Sorry for German) I already tried to change the path, the certfile has all rights and I have no idea why it's not working. Also in the Dashboard it's not shown with HTTPS: The logs are attached. Maybe someone here has an idea. Thanks in Advance! embyserver.txt ffmpeg-remux-fee6f20e-34b8-41bf-8c2b-f9d6f324abf5_1.txt ffmpeg-transcode-ffc235e7-a070-4e74-965f-9e8f183059c8_1.txt hardware_detection-63715285219.txt
-
I've been looking, but I cannot find any examples of how to self-host Emby behind an NGINX reverse proxy at anything other than the root path on port 80. I host a website under the www subdomain at the root path on port 80, so that's not an option. I'm fine with any of these solutions: Use a different port (http://www.mydomain.com:8096/) Use a different subdomain (http://emby.mydomain.com/) Use a different path (http://www.mydomain.com/emby/) My current configuration is an attempt at solution #3 because that's the one I was able to get furthest on. I think I'd prefer solution #1 or #2, but I'm not picky. I'd also like to setup SSL, but I need to get this working before I can worry about encryption. That said, the SSL configuration for my website might be responsible for my current problem. All requests to port 80 are redirected to 443, which has SSL enabled. The server just directs everything on the /emby path to localhost:8096, which Emby binds to. I'm able to load the index page, but it fails to load the Javascript used to render any actual content. It looks like the server isn't able to serve the Javascript file over HTTPS. I have very limited experience with NGINX and Emby and I have no idea how to fix it. Here's my NGINX server configuration: server { listen 443 ssl default_server; listen [::]:443 ssl default_server; root /█████/website; server_name █████; ssl on; ssl_certificate /█████/cert.pem; ssl_certificate_key /█████/privkey.pem; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.4.4 8.8.8.8; location /static { alias /█████/website/static; } location / { try_files $uri @wsgi; } location @wsgi { proxy_pass http://unix:/tmp/gunicorn.sock; include proxy_params; } location ~* .(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { access_log off; log_not_found off; expires max; } location /emby { proxy_pass http://127.0.0.1:8096; } } server { listen 80 default_server; listen [::]:80 default_server; server_name █████; return 301 https://$host$request_uri; }
- 9 replies
-
- nginx
- reverse proxy
-
(and 2 more)
Tagged with:
-
Hello I have my Emby server configured to use ssl by inputting the external domain name and secure connection mode set to handled by reverse proxy. I have nginx secured with ssl and I can successfully hit my emby server using the custom domain url, and certificate is successfully verified for https. But it seems my users that go through the app.emby.media site and log in using emby connect are still directed to an http site with a not secure connection warning. Is there a simple step I'm missing to get that to redirect to the proper https wan url configured in Emby?
-
So I am looking to migrate from plex to emby and so far so good, still needing a lot of testing. However one thing that is keeping me from migrating is the SSL encryption. With Plex, they actually provide their own proxy and they pay for the encryption and Emby seems like you have to have provide your own domain with SSL cert. With letsencrypt being main stream and free, this is fine and dandy. However, the way I understand their certs, they are only good for 90 days I believe and then you have to renew (again for free). This is quite an administrative task to do this every three months. Letsencrypt does have API to be able to do renew if you have an account. So my feature request would be to add the ability in emby to enter your lets encrypt credentials and have emby renew the cert automatically via letsencrypt api so this does not have to be done manually. I am curious if anyone else has found a better alternative to this.
-
Hi guys, big thanks to all who have posted walk throughs for setting up domains, DDNS, SSLs, etc. So far I have the domain name and DDNS working for HTTP traffic. But for whatever reason HTTPS traffic just times out everytime. I am relying on the UPnP protocol on my router instead of port forwarding and the bindings are correct. 443 is going to 8920, 80 goes to 8096. But I cannot connect via https:// or :443 ever. Even setting up manual port forwarding does not work. So I cannot tell if my certificate is even working but I shouldn't need the certificate to even connect via HTTPS, right? If the port binding is there I should be able to connect I am using Certify the Web for the SSL and it has been correctly setup with my domain but I can't tell if Emby is really using it. Any help would be appreciated.
-
https://letsencrypt.org/ the free certificate authority it in public beta now and allows everybody to get valid free SSL certificates. It would be nice to have support for getting SSL certificates via their ACME protocol directly from emby. This would make it really easy for people to setup secure access to the server from the internet.
- 106 replies
-
- 10
-
-
After several days of frustration, I have managed to setup SSL far enough to get a connection but the browser does not like like the certificate - see attached. I tried to follow the various sets of instructions around the site, the only config I could get to work is as follows; Static IP address on my router setup sub domain on my domain DNS with a forward to the router address and port My question is emby instructions say the server will create it's own SSL cert but I cannot get this to work. If I leave the field for the path to cert blank then I am unable to save - this is why I went the create your own cert route (which I cant get to work!). I have found an SSL folder in the emby folder structure (windows 10) but nothing is in there. I have read up all I can find but cannot get the inbuilt cert to work. Any suggestions?
-
Set up Secure Connection w/Domain Name--Login Screen Loads SLOWLY
Rohanaj posted a topic in General/Windows
I finally decided it was time to look into getting a secure connection with SSL certificate set up on my server, so I went through the steps of grabbing a domain name and a SSL certificate. The name was easy and the certificate was alright, just a little slower to get because of my own stupidity. After various attempts doing incorrect things between Emby settings and port forwarding, I got the .pfx file linked in Emby, the domain name listed, and all the ports set up correctly. I went to test it by doing a complete new install of the Emby app on my android phone - entered my new HTTPS address in the path and 443 in the android port box, and it took me to the server's login page almost instantly, so I was super happy about that. I then set up an Apple TV box on an external network to try that, and again it loaded up the login screen right away after putting the address in. The oddity that I'm running into now is that I've also tested it in four different web browsers, both from two computers and an iPad on my local network as well as from two different computers off the network just to make sure, and came up with the following results in terms of how quickly the browsers would actually pull up the login page after entering the address in the browser bar: - Safari = almost instantly, 1-2 seconds - Chrome = 17-22 seconds - Firefox = 20-23 seconds - Internet Explorer = 22-26 seconds If I use my straight IP address to get to my server from any of those computers, it's a 1-2 second load time no matter what browser I use. I haven't had time to stream anything for a significant amount of time through the secure connection, so I don't know if streaming is affected or not yet - after a quick forum search, I did see a thread about reverse proxy potentially causing streaming issues, but I'm not running a reverse proxy at all. Has anyone noticed problems with streaming when going through a domain name with SSL? Anyway, after all that explanation, my real question about the login screen is whether others have seen it as a common thing for the login page to be pulled up so slowly when using a domain and SSL certificate to get to the server, especially with the major non-Apple browsers? Thanks for any feedback.- 3 replies
-
- web browsers
- SSL
- (and 5 more)
-
From LDAP test-thread: For greater compatibility, can STARTTLS be implemented? It would save a lot of time mucking about with certificates when using MS AD. This is running perfectly with a Wordpress plugin I'm using. Only had to enter the DC IP, Base DN and credentials and up and running within a minute.
-
Hello, I used Swynol's guide on setting up a reverse proxy in attempt to set up my own (Reference Post #5 - https://emby.media/community/index.php?/topic/47508-how-to-nginx-reverse-proxy/). In terms of NGINX config set up, I essentially copy and pasted his last post replacing his domains and sub-domains with my own. For the Emby server set up I have the public https port to 443, the external domain set, and the secure connection mode set to "Reverse Proxy". I have manually checked the server config xml and verified that "requirehttps" is false. I also have my 80 and 443 ports forwarded to the NGINX server on my router. The issue I'm getting is that when I try to access my server I get a "ERR_TOO_MANY_REDIRECTS" in chrome. I've exhausted my google-fu techniques and come to seek knowledge from others who may be more savvy with NGINX and reverse proxies.
- 17 replies
-
- reverse proxy
- NGINX
-
(and 2 more)
Tagged with:
-
Hello, I have not been able to send email notifications using TLS/SSL using the email notification plug-in. I am able to send using non-secure settings. I have attached the log of the tests I have done. I am in the process of migrating my server to FreeNAS 11. I was not able to send using secure setting on my previous Freenas 9 set-up. Any help would be appreciated. Set-up Emby: 3.5.2.0 (FreeNAS plugin build) OS: FreeNAS-11.2-RC1 Plug-in Version: 3.1.2.0 embytlsemailerrorlog.txt
-
Securing Your Emby Server with SSL for Free Certificate
mobilelawyer posted a topic in General/Windows
I have been trying to follow the instructions from this Wiki https://github.com/MediaBrowser/Wiki/wiki/Secure-Your-Server to secure my Emby server running on a Windows 10 box. Has anyone tried these instructions lately using the free domain services offered by Freenom? I'm hoping so. It was relatively easy to set up a free domain with Freenom. I then went to SSL for Free and got two text files to upload to my newly acquired Freenom domain which were to be manually verified. I was able to upload them as directed in the Wiki, but then hit a snag with the SSL for Free instructions which require now require you to either confirm that a folder exists called ".well-known" for as a destination for uploading the files, or if no such folder is located to create one. I could not find any information on the Freenom website regarding the existence of or creation of the necessary "well-known" folder structure to house the test files so that the proper uploading to the Freenom could be verified. Hoping (don't we always) that perhaps "well-known" was the default folder structure that my uploads had been placed, I tried to verify the upload through SSL for Free, and always got a 404 not found return in my browser. I am hoping someone can lead me to an answer. Thanks in advance.- 3 replies
-
- ssl
- txt records
-
(and 3 more)
Tagged with:
-
So in the Plex Client in the settings page you can set a setting to "Prefer insecure connection" : "Always" . This means you will now connect over non-ssl. Firstly does the Emby Client on LG TV attempt to connect over SSL . And if it does, how can I tell the Client to not use SSL and to use an insecure connection ? Thanks