Jump to content

Search the Community

Showing results for tags 'https'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • General
    • Announcements
    • Emby Premiere Purchase/Subscription Support
    • Feature Requests
    • Tutorials and Guides
  • Emby Server
    • General/Windows
    • Android Server
    • Asustor
    • FreeBSD
    • Linux
    • NetGear ReadyNAS
    • MacOS
    • QNAP
    • Synology
    • TerraMaster NAS
    • Thecus
    • Western Digital
    • DLNA
    • Live TV
  • Emby Apps
    • Amazon Alexa
    • Android Mobile
    • Android TV / Fire TV
    • Emby Theater
    • iOS
    • Apple TV
    • Kodi
    • Raspberry Pi
    • Roku
    • Samsung Smart TV
    • Sony PlayStation
    • LG Smart TV
    • Web App
    • Windows Media Center
    • Plugins
  • Language-specific support
    • Arabic
    • Dutch
    • French
    • German
    • Italian
    • Portuguese
    • Russian
    • Spanish
    • Swedish
  • Community Contributions
    • Ember for Emby
    • Fan Art & Videos
    • Tools and Utilities
    • Web App CSS
  • Other
    • Non-Emby General Discussion
    • Developer API
    • Hardware
    • Media Clubs
    • Legacy Support


  • Emby Blog

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

  1. Hello, I wanted I have my emby server running on a server that is accessed by a reverse proxy. This allows me to have multiple domains (other services) under the same IP address. This works great, and I have it running for some time now. Now I would like to enhance the security by adding a required Client Certificate Authentication, so that only authorised personal have access to the server. I configured it on the reverse proxy, and now when I access the server by the Webbrowser (desktop and android) it works, only people that have the certificate installed can communicate with the server. But the app does not work. When I access by the browser it asks me what is the client certificate to use, but in the app I simply can't connect. Is this possible? Or I have some miss configuration? Thank you
  2. FoxBlackeagle

    EMBY über HTTPS

    Hallo zusammen Ich habe folgendes Problem. Mein Emby Server soll mittels HTTPS (über Port 443) und einem Zertifikat das von Certify the Web erstellt worden ist erreicht werden. Das Zertifikat habe ich aus dem IIS Exportiert und in den Emby Einstellungen Hinterlegt (auch mit dem Korrekten Passwort). Ich habe es auch mit dem Standard Port versucht und diesen auf meinem Router Freigegeben allerdings ohne erfolg. Leider kann ich mit der Error Meldung im Log File (Im Anhang) nichts anfangen. Ich danke bereits viel mal im Voraus für eure Hilfe Grüsse Fabian embyserver.txt
  3. So, i needed to enable remote connections for Emby server, and i wanted to secure it with https. I have seen quite a few guides on how to enable https on emby server, but i find this to be an easier way if you own an asus router that supports Lets Encrypt. Im not sure which models that support this, but my AC-86U did. All i did to get a hold of the ssl ceritifactes was to enable this in the WAN-DDNS section in the router, then export files like this: Then i converted the cert and key file to a pfx file with "Win64OpenSSL_Light-1_1_0L" https://slproweb.com/products/Win32OpenSSL.html and imported this in to Emby: I used this command: "openssl pkcs12 -inkey key.pem -in cert.pem -export -out output.pfx" Of course you also have to port forward the needed ports to make this work. Thats it, so if you own an ASUS router with this option you can save a lot of time, and a bonus, the router also automaticly renews the certificates. If this already has been posted i apologize, and feel free to leave comments if there are things i have missed or if this method seems like a bad idea.
  4. I have all of the settings and a certificate set up for https, but for some reason the server is not running on https and is blocking all incoming connections on port 8920. I don't even know what info would be needed to diagnose. Here are my Network settings (private information obscured): LAN Networks: Local IP address: Local http port number: 8096 Local https port number: 8920 Allow remote connections to this Emby Server: YES Remote IP address filter: <BLANK> Remote IP address filter mode: Blacklist Public http port number: 8096 Public https port number: 8920 External domain: media.[my domain name] Custom ssl certificate path: [path]/[name].p12 Certificate password: ********* Secure connection mode: Required for all remote connections Max simultaneous video streams: Unlimited Internet streaming bit rate (Mbps): <BLANK> The dashboard shows "Running on http port 8096."
  5. MrLinford

    [DOCKER] HTTPS is not working

    Been a while since I have had to post so just a quick thank you. I am running EmbyServer in a docker on my unRAID server (emby/embyserver:latest) and I'm trying to get HTTPS to work through my Nginx Proxy. HTTP works no problem. Client: Docker Engine - Community Version: 20.10.5 API version: 1.41 Go version: go1.13.15 Git commit: 55c4c88 Built: Tue Mar 2 20:14:11 2021 OS/Arch: linux/amd64 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 20.10.5 API version: 1.41 (minimum version 1.12) Go version: go1.13.15 Git commit: 363e9a8 Built: Tue Mar 2 20:18:31 2021 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.4.3 GitCommit: 269548fa27e0089a8b8278fc4fc781d7f65a939b runc: Version: 1.0.0-rc93 GitCommit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec docker-init: Version: 0.19.0 GitCommit: de40ad0 Client: Context: default Debug Mode: false Server: Containers: 12 Running: 10 Paused: 0 Stopped: 2 Images: 12 Server Version: 20.10.5 Storage Driver: btrfs Build Version: Btrfs v4.20.1 Library Version: 102 Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: 269548fa27e0089a8b8278fc4fc781d7f65a939b runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec init version: de40ad0 Security Options: seccomp Profile: default Kernel Version: 5.10.28-Unraid Operating System: Slackware 14.2 x86_64 (post 14.2 -current) OSType: linux Architecture: x86_64 CPUs: 8 Total Memory: 15.34GiB Name: NEO ID: Y3GH:2DQQ:RWFG:TAIJ:3NPK:QLXK:M5QV:F22B:HCUV:QH5I:VBER:5M6B Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: Live Restore Enabled: false Product License: Community Engine docker run -d --name='Emby' --net='bridge' -e TZ="Europe/London" -e HOST_OS="Unraid" -e 'UID'='2' -e 'GID'='2' -e 'GIDLIST'='2,18' -p '8096:8096/tcp' -p '8920:8920/tcp' -v '/mnt/user/nas/':'/mnt':'rw' -v '/mnt/cache/appdata/EmbyServer/':'/config':'rw' --device=/dev/dri 'emby/embyserver:latest' When going to my https address I get 502. Looking in the container logs I noticed I only see `Info App: Adding HttpListener prefix http://+:8096/` I can not see HttpListener for 8920. Any thoughts why the container isn't starting HttpListener for 8920. Thank you, MrLinford
  6. My IPTV provider recently switched to using self-signed 10-year certificate. This has caused emby to throw an error about an untrusted cert and will no longer play any streams. How can I allow emby trust the certificate? Does the self signed cert need to be trusted at a system level or perhaps installing the cert to "/var/lib/emby/.dotnet/corefx/cryptography/x509stores/"? The IPTV server in question is @ I have attached the thrown error when attempting to connect to the stream. embyserver.txt
  7. sagefallon

    Missing image from Continue Watching

    This was working, however all of a sudden the image is blank on the Continued Watching tile for any movie I watch. Any ideas on why this may have started happening? Is this a setting or a configurable item? My setup is emby in docker on synology using let's encrypt, reverse proxy and https.
  8. I'm trying to set up a load balancer and reverse proxy (Kemp LoadMaster) to handle all incoming connections on port 443 and distribute to my various services in the local network, and to manage SSL certs. I am completely unable to get Emby Server running on macOS to listen on HTTPS. I don't want to "allow remote connections to this Emby Server" or manage an SSL cert on the Emby instance. As you can see below, the Emby Server is not listening on https (port 8920) even though it's reporting that it is. I've tried enabling "allow remote connections" for testing with "handed be reverse proxy" but still no dice. sudo lsof | grep LISTEN | grep -i emby EmbyServe 10196 *redacted* 148u IPv6 0xe964fbfa92b187eb 0t0 TCP *:8096 (LISTEN) embytray 10197 *redacted* 4u IPv4 0xe964fbfa79f4057b 0t0 TCP localhost:8024 (LISTEN) And no, there is nothing else listening on port 8920, and I have tried changing https port to no effect. I'd really like to get this working without using EmbyConnect as I want to manage and monitor internal services through a single interface. Emby Logs: embyserver.txt.zip
  9. Im using Linux Ubuntu 16.04 64 bit and Asustor AS-604T ADM 3.2.1 This requires you do own a domain and have create a Lets Encrypt certificate! Following ports should be open: 80, 443, 8096 and 8920 1. Login to ADM web interface > Settings > Certificate Manager - Click on Export Certificate. 2. Extract certificate.zip and open the folder certifiate 3. right click in the folder - select open terminal 4. enter the command: * Please change the name of the give-me-a-name.pfx * After execution of this command you will be prompted to create a password, this is recommanded! openssl pkcs12 -export -out give-me-a-name.pfx -inkey ssl.key -in ssl.crt 5. Save the new create give-me-a-name.pfx file on your NAS in a shared folder of own choice 6. go to: http://local.ip.of.nas:8096/ 7. Go to Advanced and do the following Check that Allow remote connection to this Emby Server is marked. * add external domain name * Custon ssl certificate path (Click on the magnifier right to the text field and navigate to where the .pfx file is. * Certificate password - Add the password you entered after execution of step 4. * Secure connection mode - Set to preferred, but not required. 8. Hit save and navigate to Controlpanel > Restart - Now you should be able to access the Emby Media Server from outside.
  10. Hi i would like to know if its possible to reuse my certificate LetsEncrypt from my NAS TS-251 to connect through https ? i tried to put the path of the cert certificate but its not working. here is what i have Custom SSL certificate path: /mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert/cert error after restarting EmbyServer 2019-01-05 12:05:44.470 Info AuthenticationRepository: PRAGMA synchronous=1 2019-01-05 12:05:44.526 Error App: No private key included in SSL cert /mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert/cert. 2019-01-05 12:05:44.737 Info ActivityRepository: Default journal_mode for /share/CACHEDEV1_DATA/.qpkg/EmbyServer/programdata/data/activitylog.db is wal and in my web page Secure Connection Failed The connection to xxxxxxxxxxxxxxx.myqnapcloud.com:yyyyyy was interrupted while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. thanks for your help ade05fr
  11. LunchBolero

    unable to use https on qnap ts-251b

    hello, i've been using emby for a little while on my QNAP TS-251B, but recently noticed that my devices (browsers, an nvidia shield) only connect via unsecured http on the default port 8096. when trying to bring up the page (from within my lan) on the default https port of 8920, chrome gives me ERR_CONNECTION_REFUSED. in Emby Configuration > Server > Network, i do see that the port number is indeed set to 8920. however, when i run nmap against the device to scan for open ports, 8920 appears closed. i'm using Emby server version
  12. embyserverlogidentifyerror.txt I am unable to retrieve tv show metadata from the internet due to a TrustFailure - CERTIFICATE_VERIFY_FAILED Here an error snippet snippet from the attached log: 2021-01-05 11:09:54.348 Info HttpClient: HttpClientManager GET: https://www.thetvdb.com/api/GetSeries.php?seriesname=Downton+Abbey&language=en 2021-01-05 11:09:55.139 Error HttpClient: Error TrustFailure getting response from *** Error Report *** Version: Command line: /var/packages/EmbyServer/target/server/EmbyServer.exe -package synology -programdata /var/packages/EmbyServer/target/var -ffmpeg /var/packages/EmbyServer/target/ffmpeg/bin/ffmpeg -ffprobe /var/packages/EmbyServer/target/ffmpeg/bin/ffprobe -ffdetect /var/packages/EmbyServer/target/ffmpeg/bin/ffdetect -restartexitcode 121 Operating system: Unix 64-Bit OS: False 64-Bit Process: False User Interactive: False Mono: (tarball Wed Apr 8 20:33:25 UTC 2020) Runtime: file:///volume1/@appstore/EmbyServer/3rdparty/mono/ System.Environment.Version: 4.0.30319.42000 Processor count: 1 Program data path: /var/packages/EmbyServer/target/var Application directory: /volume1/@appstore/EmbyServer/releases/ System.Net.WebException: System.Net.WebException: Error: TrustFailure (Authentication failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED at /source/mono/external/boringssl/ssl/handshake_client.c:1132 at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00048] in <b373cc92cfb94ef6a19b4f1140645494>:0 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000da] in <b373cc92cfb94ef6a19b4f1140645494>:0 at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus,bool) at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <b373cc92cfb94ef6a19b4f1140645494>:0 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000fc] in <b373cc92cfb94ef6a19b4f1140645494>:0 --- End of inner exception stack trace --- at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Boolean runSynchronously, Mono.Net.Security.MonoSslAuthenticationOptions options, System.Threading.CancellationToken cancellationToken) [0x00262] in <b373cc92cfb94ef6a19b4f1140645494>:0 at Mono.Net.Security.MonoTlsStream.CreateStream (System.Net.WebConnectionTunnel tunnel, System.Threading.CancellationToken cancellationToken) [0x0016a] in <b373cc92cfb94ef6a19b4f1140645494>:0 at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x001ba] in <b373cc92cfb94ef6a19b4f1140645494>:0 --- End of inner exception stack trace --- at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x0021a] in <b373cc92cfb94ef6a19b4f1140645494>:0 at System.Net.WebConnection.InitConnection (System.Net.WebOperation operation, System.Threading.CancellationToken cancellationToken) [0x00141] in <b373cc92cfb94ef6a19b4f1140645494>:0 at System.Net.WebOperation.Run () [0x0009a] in <b373cc92cfb94ef6a19b4f1140645494>:0 at System.Net.WebCompletionSource`1[T].WaitForCompletion () [0x00094] in <b373cc92cfb94ef6a19b4f1140645494>:0 at System.Net.HttpWebRequest.RunWithTimeoutWorker[T] (System.Threading.Tasks.Task`1[TResult] workerTask, System.Int32 timeout, System.Action abort, System.Func`1[TResult] aborted, System.Threading.CancellationTokenSource cts) [0x000f8] in <b373cc92cfb94ef6a19b4f1140645494>:0 at System.Net.HttpWebRequest.EndGetResponse (System.IAsyncResult asyncResult) [0x00020] in <b373cc92cfb94ef6a19b4f1140645494>:0 at System.Threading.Tasks.TaskFactory`1[TResult].FromAsyncCoreLogic (System.IAsyncResult iar, System.Func`2[T,TResult] endFunction, System.Action`1[T] endAction, System.Threading.Tasks.Task`1[TResult] promise, System.Boolean requiresSynchronization) [0x0000f] in <9d3f0d4bd0fb4c1e8b6c2ac1ba1303ac>:0 Source: System TargetSite: System.Net.WebResponse EndGetResponse(System.IAsyncResult) InnerException: System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. Source: mscorlib TargetSite: Void Throw() at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Boolean runSynchronously, Mono.Net.Security.MonoSslAuthenticationOptions options, System.Threading.CancellationToken cancellationToken) [0x00262] in <b373cc92cfb94ef6a19b4f1140645494>:0 at Mono.Net.Security.MonoTlsStream.CreateStream (System.Net.WebConnectionTunnel tunnel, System.Threading.CancellationToken cancellationToken) [0x0016a] in <b373cc92cfb94ef6a19b4f1140645494>:0 at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x001ba] in <b373cc92cfb94ef6a19b4f1140645494>:0 InnerException: Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED at /source/mono/external/boringssl/ssl/handshake_client.c:1132 Source: System TargetSite: Boolean ProcessHandshake() at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00048] in <b373cc92cfb94ef6a19b4f1140645494>:0 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000da] in <b373cc92cfb94ef6a19b4f1140645494>:0 at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus,bool) at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <b373cc92cfb94ef6a19b4f1140645494>:0 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000fc] in <b373cc92cfb94ef6a19b4f1140645494>:0 Any help would be appreciated.
  13. Hi, I've been trying to solve a problem where when i go to my emby server through a Web browser then it'll go through http not https even though https is set up correctly and working. I have the preferred but not required setting and I need to keep it that way because a one of my TVs doesn't support https and there were too many problems with it. PS: sorry for my English it's not my primary language
  14. Ok this is going to be a long post. In this thread I will show you 2 different ways in which I setup a HTTPS connection to my emby server. Both ways require a certificate which again I will show you how i got mine using Lets Encrypt on Windows. I will break the posts up into Sections. Part.1 - Setting up a DDNS (Dynamic DNS host) Only require if you ISP IP is dynamic i.e. changes. Part.1.A - Setting Up DDNS using your own Domain Name Part.2 - Getting a Domain Name (Optional but looks fancier) Part.3 - Getting a SSL Cert from Lets Encrypt the easy way. Part 3a - Using LE.exe to get Certificates (recommended) Part.4 - Setting up HTTPS by changing default port to 443 Part.5 - Setting up HTTPS using reverse proxy
  15. bonjour à tous je voudrais savoir comment doit on procédé pour avoir une connexion sécurisé en https pour emby. J'ai comme FAI free , un nom de domaine redirigé sur ma delta box , le serveur emby est sur un de mes pc . les redirection de port vers ce Pc pour http 8096 et https 8920 sont faites. aucun problème de connexion en local ou a distance en ip direct ou avec le nom de domaine en http le https par contre ne fonctionne pas. je voudrais si possible savoir comment réalisé cette connexion en https. Merci pour toutes aides et autres explications. cordialement
  16. Hello Emby community! So today I decided to give Emby a try in order to maybe replace Plex that I have been using for years. So far, I loved almost everything about Emby (maybe not the fact that we can't change the green accent in the AndroidTV app, but that's a story for another day ). I have one question though, for which I couldnt seem to find precise info. I run all my services from a machine in my house, which runs OpenMediaVault (i.e. Debian). I use Docker for most of the services, with bridge mode for their network interface. I also have, among those services, an Nginx container that serves as a reverse-proxy, so I can access my services more easily. The OpenMediaVault web interface proposes the option to connect using a self-signed SSL certificate, which I decided to use when I set it all up. I then re-used this same SSL certificate for all my other reverse-proxies, by mounting the certificate files as read-only into the Nginx container, so that I only had one exception to add to my browsers in order to reach all my services like so: https://servicename.hostname.lan So far, so good, as I only access these services from my home lan, and since I used Plex until now, I never had to mess with secure remote access: since the connection is routed through their servers, it was an easy setup with no configuration on my side (only authorizing the default Plex port for outgoing connections in my machine's iptables as well as ESTABLISHED,RELATED incoming connections, then once it was connected I had nothing more to do for their servers to detect my machine, not even setting port redirection on my router or allowing anything through my router's firewall). But now, I'd like to switch to Emby, and here's my question: am I not able to allow secure remote access if I don't have a domain name pointing to my home router's IP? What else could I do? I can post the nginx configs (with purged personal info) if needed. Many thanks in advance!
  17. atlas780

    SSL not working after cert renewal

    Hey, I had it setup for a while with an Letsencrypt Certificate converted into p12. It worked flawlessly. Then my cert ran out and I had to renew it. So i did "certbot --renew" which worked and converted it into a p12 with openssl pkcs12 -export -out certificate.p12 -inkey privkey.pem -in cert.pem -certfile fullchain.pem But sinse then HTTPS is not working: (Sorry for German) I already tried to change the path, the certfile has all rights and I have no idea why it's not working. Also in the Dashboard it's not shown with HTTPS: The logs are attached. Maybe someone here has an idea. Thanks in Advance! embyserver.txt ffmpeg-remux-fee6f20e-34b8-41bf-8c2b-f9d6f324abf5_1.txt ffmpeg-transcode-ffc235e7-a070-4e74-965f-9e8f183059c8_1.txt hardware_detection-63715285219.txt
  18. Tomblarom

    HTTPS / acme-challenge setup

    Hey, I'm fairly new to Emby and securing your sites through SSL certificates, but pretty experienced in portforwarding, dyndns, debian... Nevertheless I wanted to make my Emby portal opened to the public, HTTPS only. I followed the steps of this guide (https://github.com/MediaBrowser/Wiki/wiki/Secure-Your-Server). I have a subdomain (example.spr.io) on freedns.afraid.org updated through DynDNS of my FritzBox router and running Emby on my Debian Homeserver utilizing Proxmox for the virtualization. I had Let's encrypt already setup correctly and my certificates under /etc/letsencrypt/live/example.spr.io. Then I generated the value for the TXT record using certbot -d example.spr.io --manual --preferred-challenges dns certonly. During the generation, I was asked to add the TXT record as _acme-challenge.example.spr.io to my freedns account and successfully done so: Afterwards I used the command openssl pkcs12 -export -out examplesprio.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem to generate the .pfx file, moved it to /opt/emby-server/etc/ssl/examplesprio.pfx and applied the new settings: Issue: In theory everything should be fine and running, but it's not. Directly getting ERR_CONNECTION_RESET on requesting the site..
  19. deecemobile

    Question about my SSL setup

    Hi guys, big thanks to all who have posted walk throughs for setting up domains, DDNS, SSLs, etc. So far I have the domain name and DDNS working for HTTP traffic. But for whatever reason HTTPS traffic just times out everytime. I am relying on the UPnP protocol on my router instead of port forwarding and the bindings are correct. 443 is going to 8920, 80 goes to 8096. But I cannot connect via https:// or :443 ever. Even setting up manual port forwarding does not work. So I cannot tell if my certificate is even working but I shouldn't need the certificate to even connect via HTTPS, right? If the port binding is there I should be able to connect I am using Certify the Web for the SSL and it has been correctly setup with my domain but I can't tell if Emby is really using it. Any help would be appreciated.
  20. Greetings, I have run into what seems a very odd issue. Up to 2 days ago I been connecting into my QNAP TVS-862 4.4.1 / EMBY Version via HTTPS without any issue.. However suddenly that all changed two days ago and I am now getting a HTTPS: unexpectedly closed the connection on both Chrome and Firefox. Emby connects fine via HTTP to the same port and is running as expected and has been set to manage secure remote connections as preferred but not required EMBY is reachable via a secure route-able subdomain secured with a WILDCARD Lets Encrypt Certificate. I use the same certificate on a number of different apps including my web server so it is unlikely the certificate is at fault. (The certificate was renewed several weeks ago and is valid) but I have regenerated the PCK file using the same script I been using for over a year just incase without success and of course stopped and restarted the server. I can see internal traffic coming in via HTTPS but it seems Emby rejects the traffic 17:42:00.234526 IP xx.x.x.xx.xxx.55151 > xx.x.x.xx.xxx: Flags , seq 788513049, win 65535, options [mss 1400,sackOK,TS val 16018303 ecr 0,nop,wscale 8], length 0 17:42:00.234689 IP xx.x.x.xx.xxx > xx.x.x.xx.xxx.55151: Flags [s.], seq 554121205, ack 788513050, win 28960, options [mss 1460,sackOK,TS val 1609257401 ecr 16018303,nop,wscale 5], length 0 17:42:00.363132 IP xx.x.x.xx.xxx.55151 > xx.x.x.xx.xxx: Flags [.], ack 1, win 333, options [nop,nop,TS val 16018385 ecr 1609257401], length 0 17:42:00.363464 IP xx.x.x.xx.xxx > xx.x.x.xx.xxx.55151: Flags [F.], seq 1, ack 1, win 905, options [nop,nop,TS val 1609257529 ecr 16018385], length 0 17:42:00.363876 IP xx.x.x.xx.xxx > xx.x.x.xx.xxx.55151: Flags [R], seq 554121206, win 0, length 0 17:42:00.394241 IP xx.x.x.xx.xxx.55151 > xx.x.x.xx.xxx: Flags [F.], seq 317, ack 2, win 333, options [nop,nop,TS val 16018400 ecr 1609257529], length 0 17:42:00.394319 IP xx.x.x.xx.xxx > xx.x.x.xx.xxx.55151: Flags [R], seq 554121207, win 0, length 0 17:42:00.394546 IP xx.x.x.xx.xxx > xx.x.x.xx.xxx.55151: Flags [R], seq 554121207, win 0, length 0 17:42:00.415004 IP xx.x.x.xx.xxx.15355 > xx.x.x.xx.xxx: Flags , seq 1762434976, win 65535, options [mss 1400,sackOK,TS val 16018404 ecr 0,nop,wscale 8], length 0 17:42:00.415183 IP xx.x.x.xx.xxx > xx.x.x.xx.xxx.15355: Flags [s.], seq 589246179, ack 1762434977, win 28960, options [mss 1460,sackOK,TS val 1609257581 ecr 16018404,nop,wscale 5], length 0 17:42:00.454062 IP xx.x.x.xx.xxx.15355 > xx.x.x.xx.xxx: Flags [.], ack 1, win 333, options [nop,nop,TS val 16018415 ecr 1609257581], length 0 17:42:00.454403 IP xx.x.x.xx.xxx > xx.x.x.xx.xxx.15355: Flags [F.], seq 1, ack 1, win 905, options [nop,nop,TS val 1609257620 ecr 16018415], length 0 17:42:00.463142 IP xx.x.x.xx.xxx > xx.x.x.xx.xxx.15355: Flags [R], seq 589246180, win 0, length 0 17:42:00.494200 IP xx.x.x.xx.xxx.15355 > xx.x.x.xx.xxx: Flags [F.], seq 218, ack 2, win 333, options [nop,nop,TS val 16018428 ecr 1609257620], length 0 17:42:00.494593 IP xx.x.x.xx.xxx > xx.x.x.xx.xxx.15355: Flags [R], seq 589246181, win 0, length 0 17:42:00.494747 IP xx.x.x.xx.xxx > xx.x.x.xx.xxx.15355: Flags [R], seq 589246181, win 0, length 0 I cannot see any errors in the server log which is not ideal, a search of the logs 2 days ago shows connects via HTTPS working fine 2019-07-07 10:31:34.861 Info HttpServer: HTTP GET https://xxx.xxx.xxx:xxxx/emby/system/info/public. UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763 I have reached about as far as I can diagnose Hoping for some clever suggestions on what to do next.. Thanks and HELP!!
  21. https://letsencrypt.org/ the free certificate authority it in public beta now and allows everybody to get valid free SSL certificates. It would be nice to have support for getting SSL certificates via their ACME protocol directly from emby. This would make it really easy for people to setup secure access to the server from the internet.
  22. I finally decided it was time to look into getting a secure connection with SSL certificate set up on my server, so I went through the steps of grabbing a domain name and a SSL certificate. The name was easy and the certificate was alright, just a little slower to get because of my own stupidity. After various attempts doing incorrect things between Emby settings and port forwarding, I got the .pfx file linked in Emby, the domain name listed, and all the ports set up correctly. I went to test it by doing a complete new install of the Emby app on my android phone - entered my new HTTPS address in the path and 443 in the android port box, and it took me to the server's login page almost instantly, so I was super happy about that. I then set up an Apple TV box on an external network to try that, and again it loaded up the login screen right away after putting the address in. The oddity that I'm running into now is that I've also tested it in four different web browsers, both from two computers and an iPad on my local network as well as from two different computers off the network just to make sure, and came up with the following results in terms of how quickly the browsers would actually pull up the login page after entering the address in the browser bar: - Safari = almost instantly, 1-2 seconds - Chrome = 17-22 seconds - Firefox = 20-23 seconds - Internet Explorer = 22-26 seconds If I use my straight IP address to get to my server from any of those computers, it's a 1-2 second load time no matter what browser I use. I haven't had time to stream anything for a significant amount of time through the secure connection, so I don't know if streaming is affected or not yet - after a quick forum search, I did see a thread about reverse proxy potentially causing streaming issues, but I'm not running a reverse proxy at all. Has anyone noticed problems with streaming when going through a domain name with SSL? Anyway, after all that explanation, my real question about the login screen is whether others have seen it as a common thing for the login page to be pulled up so slowly when using a domain and SSL certificate to get to the server, especially with the major non-Apple browsers? Thanks for any feedback.
  23. garrettjones331

    Reverse Proxy - ERR_TOO_MANY_REDIRECTS

    Hello, I used Swynol's guide on setting up a reverse proxy in attempt to set up my own (Reference Post #5 - https://emby.media/community/index.php?/topic/47508-how-to-nginx-reverse-proxy/). In terms of NGINX config set up, I essentially copy and pasted his last post replacing his domains and sub-domains with my own. For the Emby server set up I have the public https port to 443, the external domain set, and the secure connection mode set to "Reverse Proxy". I have manually checked the server config xml and verified that "requirehttps" is false. I also have my 80 and 443 ports forwarded to the NGINX server on my router. The issue I'm getting is that when I try to access my server I get a "ERR_TOO_MANY_REDIRECTS" in chrome. I've exhausted my google-fu techniques and come to seek knowledge from others who may be more savvy with NGINX and reverse proxies.
  24. lawprior


    I'm trying to connect to the hosted web app through HTTPS, because Chromecast now needs it to work properly. I'm told to select my server, and it won't connect to it. I can connect to it just fine on HTTP. So, does anyone know what's wrong and how I fix it?
  25. embyzone

    https port problem

    Hi All Still working things out coming from Plex. First thing I wanted was a secure https certificate so I set up a Let's encrypt and a internal reverse proxy pointing to the new server. But! Emby keeps adding the port to my domain, which is included in the domain, https://domain.com:8920 Anyway to tell Emby to not use the port number in the link? (Writing nothing in the external port is a no go)
  • Create New...