Search the Community

Pour ceux qui ont un certificat Let's Encrypt sur leur Synology, voici un script pour le transformer automatique en fichier P12 pour être utilisé par EMBY #!/bin/sh # CONFIGURATION #script_folder=/volume2/Emby backup/Certificats à conserver script_folder=/volume2/video # p12 file p12_file_path=$script_folder/certificate_auto.pfx # Synology's Default Let's encrypt folder letsencrypt_cert_folder=/usr/syno/etc/certificate/system/default # renew timestamp renew_timestamp=renew_emby_timestamp.txt # p12 password p12cert_password=EMBY # DO NOT CHANGE BELOW UNLESS YOU'RE A WIZARD generate_p12=false current_date=`date +"%s"` current_certificate_date=`openssl x509 -enddate -noout -in $letsencrypt_cert_folder/RSA-cert.pem | cut -d'=' -f2` current_certificate_timestamp=`date -d "$current_certificate_date" +"%s"` # check if the renew_timestamp file exists if [ ! -f $script_folder/$renew_timestamp ]; then echo "Generate timestamp for the current renew date... " echo $current_certificate_timestamp > $script_folder/$renew_timestamp chmod +rw $script_folder/$renew_timestamp chown admin:users $script_folder/$renew_timestamp # generate the first p12 file generate_p12=true else renew_date=`cat $script_folder/$renew_timestamp` # check if it is necessary to renew the certificate or not if expr "$current_date" ">" "$renew_date" > /dev/null; then # generate a new p12 file echo "Renewing certificate..." generate_p12=true # update timestamp in the file echo $current_certificate_timestamp > $script_folder/$renew_timestamp else echo "It is not necessary to renew the certificate, abort." exit 0 fi fi # generate a new certificate file if necessary, and restart EMBY Server if expr "$generate_p12" "=" "true" > /dev/null; then echo "Generating the p12 certificate file..." openssl pkcs12 -export -in $letsencrypt_cert_folder/RSA-fullchain.pem -inkey $letsencrypt_cert_folder/RSA-privkey.pem -out $p12_file_path -password pass:$p12cert_password chmod +r $p12_file_path chown admin:users $p12_file_path echo "Restarting EMBY Server..." synopkg restart EmbyServer echo "Done." fi A lancer en "Root" quotidiennement

Hey Guys. I want to add Emby to my current setup with a nginx reverse proxy, lets encrypt and nextcloud. I already tried some things but it didnt worked so I hope you can help me. docker-compose.yml: version: '2' services: proxy: image: jwilder/nginx-proxy container_name: proxy ports: - 80:80 - 443:443 volumes: - ./proxy/conf.d:/etc/nginx/conf.d - ./uploadlimit.conf:/etc/nginx/conf.d/uploadlimit.conf:ro - ./proxy/vhost.d:/etc/nginx/vhost.d - ./proxy/html:/usr/share/nginx/html - ./proxy/certs:/etc/nginx/certs:ro - /var/run/docker.sock:/tmp/docker.sock:ro networks: - proxy-tier restart: always letsencrypt-companion: image: jrcs/letsencrypt-nginx-proxy-companion container_name: letsencrypt-companion volumes_from: - proxy volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./proxy/certs:/etc/nginx/certs:rw restart: always web: image: nginx container_name: nextcloud_webserver volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro links: - app volumes_from: - app environment: - VIRTUAL_HOST=nextcloud.mydomain.de, alternative.domain.de - VIRTUAL_NETWORK=nginx-proxy - VIRTUAL_PORT=80 - LETSENCRYPT_HOST=nextcloud.mydomain.de, alternative.domain.de - LETSENCRYPT_EMAIL=my@email.de networks: restart: always app: image: nextcloud:fpm container_name: nextcloud_fpm links: - db volumes: - ./nextcloud/apps:/var/www/html/apps - ./nextcloud/config:/var/www/html/config - /mainstorage/nextcloud/data:/var/www/html/data networks: - proxy-tier restart: always db: image: mariadb container_name: db volumes: - /mainstorage/nextcloud/db:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD=securepw - MYSQL_DATABASE=nextcloud - MYSQL_USER=user - MYSQL_PASSWORD=anothersecurepw networks: - proxy-tier restart: always networks: proxy-tier: external: name: nginx-proxy nginx.conf: user www-data; events { worker_connections 768; } http { upstream backend { server app:9000; } include /etc/nginx/mime.types; default_type application/octet-stream; server { listen 80; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; root /var/www/html; client_max_body_size 10G; # 0=unlimited - set max upload size fastcgi_buffers 64 4K; gzip off; index index.php; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; rewrite ^/.well-known/carddav /remote.php/dav/ permanent; rewrite ^/.well-known/caldav /remote.php/dav/ permanent; location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location / { rewrite ^/remote/(.*) /remote.php last; rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; try_files $uri $uri/ =404; } location ~ \.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice fastcgi_pass backend; fastcgi_intercept_errors on; } # Adding the cache control header for js and css files # Make sure it is BELOW the location ~ \.php(?:$|/) { block location ~* \.(?:css|js)$ { add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } # Optional: Don't log access to other assets location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { access_log off; } } } I already tried something like adding emby: image: emby/embyserver container_name: emby volumes: - /mainstorage/emby/config:/config - /mainstorage/nextcloud/data/user1/files/:/mnt/share1 - /mainstorage/nextcloud/data/user2/files/:/mnt/share2 devices: - /dev/dri/renderD128 networks: - proxy-tier restart: always to the docker-compose file but it didnt work. My Goal is to be able to access emby from a different subdomain than my nextcloud. Like nextcloud access is under nextcloud.mydomain.de and emby is emby.mydomain.de. I hope someone can help me

Let's Encrypt offers free automated SSL certificates that are valid for 3 months. They can then be automatically renewed without any user interaction. https://letsencrypt.org/ I would like to see this implemented as either a plug in or natively in emby server to solve the issues with using https specifically with the android and Chromecasts but also the media browser. This would allow easy to use signed and valid https connections and would take the hassle out of renewal every 3 months.