Jump to content

Search the Community

Showing results for tags 'ssl'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Announcements
    • Emby Premiere Purchase/Subscription Support
    • Feature Requests
    • Tutorials and Guides
  • Emby Server
    • General/Windows
    • Android Server
    • Asustor
    • FreeBSD
    • Linux
    • NetGear ReadyNAS
    • MacOS
    • QNAP
    • Synology
    • TerraMaster NAS
    • Thecus
    • Western Digital
    • DLNA
    • Live TV
  • Emby Apps
    • Amazon Alexa
    • Android Mobile
    • Android TV / Fire TV
    • Emby Theater
    • iOS
    • Apple TV
    • Kodi
    • Raspberry Pi
    • Roku
    • Samsung Smart TV
    • Sony PlayStation
    • LG Smart TV
    • Web App
    • Windows Media Center
    • Plugins
  • Language-specific support
    • Arabic
    • Dutch
    • French
    • German
    • Italian
    • Portuguese
    • Russian
    • Spanish
    • Swedish
  • Community Contributions
    • Ember for Emby
    • Fan Art & Videos
    • Tools and Utilities
    • Web App CSS
  • Other
    • General Discussion
    • Developer API
    • Hardware
    • Media Clubs
    • Legacy Support

Blogs

  • Emby Blog

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 77 results

  1. NB: This script only supports debian O/S, and debian based distributions (ubuntu etc). The script requires systemctl and apt which is present in all newer distributions. This script will probably not work as intended on Debian below v7 and Ubuntu below 14. A while back I created a script that will: Check if Apache and/or Nginx is running, and if running stop them. Disable UFW (firewall). Flush iptables. Check if certbot is installed, and if not, install it. Check if certificate is located in the emby directory, and if found, delete it. Ask for your FQDN of your emby server. Create a new certificate that's valid for 90 days. Convert the certificate to PFX and copy it to your emby directory. Ask for your emby group and user and change permissions of the PFX to the specified user (default is emby). Re-enable UFW (firewall). Re-enable Apache and/or Nginx (if it was stopped). Restart the Emby system service. After you have downloaded and placed the script on your server, you must unzip it and give the script execution permission. To do that, run the command: unzip embycert.zip && chmod +x embycert.sh This script should be run every 3 months to keep your certificate up-to-date. This script MUST be run as root with either SU or SUDO. SUDO is not native in Debian, and I would recommend to run this script it as root. NB: After installation, you must define the path to the certificate (under Network tab) which is: /var/lib/emby/emby.pfx and then again manually restart the emby server system service. Remember, if the FQDN is not typed correctly, the installation will fail, so be sure to spell it correctly, and make sure that the A record is valid and working. embycert.sh
  2. Hello Emby community! So today I decided to give Emby a try in order to maybe replace Plex that I have been using for years. So far, I loved almost everything about Emby (maybe not the fact that we can't change the green accent in the AndroidTV app, but that's a story for another day ). I have one question though, for which I couldnt seem to find precise info. I run all my services from a machine in my house, which runs OpenMediaVault (i.e. Debian). I use Docker for most of the services, with bridge mode for their network interface. I also have, among those services, an Nginx container that serves as a reverse-proxy, so I can access my services more easily. The OpenMediaVault web interface proposes the option to connect using a self-signed SSL certificate, which I decided to use when I set it all up. I then re-used this same SSL certificate for all my other reverse-proxies, by mounting the certificate files as read-only into the Nginx container, so that I only had one exception to add to my browsers in order to reach all my services like so: https://servicename.hostname.lan So far, so good, as I only access these services from my home lan, and since I used Plex until now, I never had to mess with secure remote access: since the connection is routed through their servers, it was an easy setup with no configuration on my side (only authorizing the default Plex port for outgoing connections in my machine's iptables as well as ESTABLISHED,RELATED incoming connections, then once it was connected I had nothing more to do for their servers to detect my machine, not even setting port redirection on my router or allowing anything through my router's firewall). But now, I'd like to switch to Emby, and here's my question: am I not able to allow secure remote access if I don't have a domain name pointing to my home router's IP? What else could I do? I can post the nginx configs (with purged personal info) if needed. Many thanks in advance!
  3. Ok this is going to be a long post. In this thread I will show you 2 different ways in which I setup a HTTPS connection to my emby server. Both ways require a certificate which again I will show you how i got mine using Lets Encrypt on Windows. I will break the posts up into Sections. Part.1 - Setting up a DDNS (Dynamic DNS host) Only require if you ISP IP is dynamic i.e. changes. Part.1.A - Setting Up DDNS using your own Domain Name Part.2 - Getting a Domain Name (Optional but looks fancier) Part.3 - Getting a SSL Cert from Lets Encrypt the easy way. Part 3a - Using LE.exe to get Certificates (recommended) Part.4 - Setting up HTTPS by changing default port to 443 Part.5 - Setting up HTTPS using reverse proxy
  4. This started to happen 7 days ago. I am running no fancy plugins and the server version 3.2.27.0 (I know it is not the latest but it works) has served me well. Attached is the log as well as a picture from the Dashboard. I searched the forum and it looks like that there is a problem with the SSL connection. No idea what I need to do on my side. But any updates through the Dashboard seems to be impossible. Please advise. O2G server-63655498727.txt
  5. I'm not sure if this is where I should be posting, Emby is on server 2019 but the majority of issues and posibly all of them exist outside of the server. I have been trying to make the move from Plex to Emby for a decent while now. I hate a lot of changes Plex is making and Emby has a lot of things I like WAY more. However, I am stuck when it comes to trying to setup SSL and none of the guides I have found are complete enough to actually help. The last guide I tried to follow was this one, https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windows the only deviation I believe exists is instead of being a 'namecheap' domain it is a godaddy domain because thats what i have access to as a free test (friend's and is letting me test/borrow it) I follow it to the T but at the Certify step when you click 'request certificate' it fails. I strongly feel there is something missing from the guide in the form of a prep on the domain side. At the beginning it simply says you need a domain, it doesn't say anything about a way to prep it to be able to generate and accept a cert. Is a cert from let's encrypt supposed to be added to the domain? From everything I have been seeing it appears to add a cert to the domain would require the domain to have 'web hosting'. Is it a requirement that everyone seems to consistently leave out of their guides? Other guides say I need to have DNS on my server and for a Cname to be created on the domain to point to my DNS. This guide doesn't have that at all though, I guess what I am basically saying is im completely lost. What I have, duckdns on my emby server with it set up and working to point duckdns address to my IP. port forwarding on my router for port 80 to the Emby server IIS installed on the Emby Server (currently has configuration set up as outlined in the guide above) Emby installed on the Emby server (I have made 0 changes to this) Certify installed on the Emby server access to a go-daddy domain (does not have anything set up) I don't care if it uses all of the above or not. Its just a statement of what exactly I have done. My question is, with what on earth should I be doing to try and get this to work? if there a particular guide you believe i should follow instead of trying to work through the one I have above please let me know. Also, please dont assume anything has been done that hasn't been explicitly ask for in the guide (except the presence of duckdns) from the guide above because there isn't.
  6. bflagg

    Step by Step for SSL

    Do you have a step by step for SSL setup for EMBY?
  7. https://support.emby.media/support/solutions/articles/44001159601-hosting-settings is where I ended up when searching for help on entering new SSL certificate. However, the dashboard now has a 'Network' node which is were I found the relevant information; the help should probably be updated.
  8. Hi all, I am having an issue whereby I am unable to connect to my Emby Server remotely when using a domain. I have a SSL certificate that is correctly associated with the domain and works as it should. I have port forward setup on my router, and as a test I have used the external IP of my router as the external domain and this worked correctly and allowed me to access remotely. I've taken a log to show that it accepts the connection via the external IP as the external domain. If you require any further information please let me know. Thanks, Michael
  9. Hello, I install Emby server on Raspberry pi 4 with Dietpi distro. I have also installed there Nextcloud as my NAS server. There's very easy way to install SSL certificate for Nextcloud. I make a domain myserver.ddns.net on NO-IP website, install certbot and run letsencrypt from dietpi-software. Now I want to add SSL for my Emby Server. I see there's tutorial but I don't know nothing about certificates and don't want to brake something. @@pir8radio @@Swynol Can somebody tell me do I have to make another domain with ddns? There's also information on the tutorial beginning to kill all process on port 80. When I enable https for nextcloud I delete rule for port forwarding on my router for port 80 but when I make command: `netstat -nlp | grep :80` ``` tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1191/kodi.bin_v8 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1032/lighttpd tcp6 0 0 :::8096 :::* LISTEN 26999/EmbyServer tcp6 0 0 :::8080 :::* LISTEN 1191/kodi.bin_v8 tcp6 0 0 :::80 :::* LISTEN 1032/lighttpd ``` Regards Przemek
  10. Im using Linux Ubuntu 16.04 64 bit and Asustor AS-604T ADM 3.2.1 This requires you do own a domain and have create a Lets Encrypt certificate! Following ports should be open: 80, 443, 8096 and 8920 1. Login to ADM web interface > Settings > Certificate Manager - Click on Export Certificate. 2. Extract certificate.zip and open the folder certifiate 3. right click in the folder - select open terminal 4. enter the command: * Please change the name of the give-me-a-name.pfx * After execution of this command you will be prompted to create a password, this is recommanded! openssl pkcs12 -export -out give-me-a-name.pfx -inkey ssl.key -in ssl.crt 5. Save the new create give-me-a-name.pfx file on your NAS in a shared folder of own choice 6. go to: http://local.ip.of.nas:8096/ 7. Go to Advanced and do the following Check that Allow remote connection to this Emby Server is marked. * add external domain name * Custon ssl certificate path (Click on the magnifier right to the text field and navigate to where the .pfx file is. * Certificate password - Add the password you entered after execution of step 4. * Secure connection mode - Set to preferred, but not required. 8. Hit save and navigate to Controlpanel > Restart - Now you should be able to access the Emby Media Server from outside.
  11. So, i needed to enable remote connections for Emby server, and i wanted to secure it with https. I have seen quite a few guides on how to enable https on emby server, but i find this to be an easier way if you own an asus router that supports Lets Encrypt. Im not sure which models that support this, but my AC-86U did. All i did to get a hold of the ssl ceritifactes was to enable this in the WAN-DDNS section in the router, then export files like this: Then i converted the cert and key file to a pfx file with "Win64OpenSSL_Light-1_1_0L" https://slproweb.com/products/Win32OpenSSL.html and imported this in to Emby: I used this command: "openssl pkcs12 -inkey key.pem -in cert.pem -export -out output.pfx" Of course you also have to port forward the needed ports to make this work. Thats it, so if you own an ASUS router with this option you can save a lot of time, and a bonus, the router also automaticly renews the certificates. If this already has been posted i apologize, and feel free to leave comments if there are things i have missed or if this method seems like a bad idea.
  12. hugo0814

    ANSWERED Non secure connection

    Hey! So I just finished the SSL certificate and all connections are secure BUT only when I enter my Dynamic DNS address. Not when I visit using the "app.emby.media" site on my iPhone, it shows "Not Secure". Included some pictures to show my configuration.
  13. cyphershadow

    Need a nudge in the correct direction

    Good morning everyone. First I'd like to say how incredible this platform is, and express what a kick ass job you all are doing. Miles beyond my previous Plex setup, more streamlined, and just incredible. I was wondering if someone could point me in the direction of a configuration file, or process for restricting which SSL/TLS connection configurations are accepted by the Emby web server. A review of accepted connections is showing the server accepting TLSv1.0 which is insecure, TLSv1.1 which is coming up on phase out this year, and a mix of insecure/anonymous ciphers. I would like to restrict the server from accepting connections using these configurations, but am having trouble locating any form of proper configuration file within my qnap directories (Granted qnap CLI is not the best). I am aware of the potential issue with disabling these items and that it could cause issues with certain devices, but I would rather lock this down since it will be open to the net. Thanks for any assistance. Keep up the good work! Edit: Almost forgot. I'm running version 4.3.1.0 on a Qnap TS-451 on firmware 4.4.1.1146.
  14. centuryx476

    IIS Reverse Proxy

    Hello, I was able to successfully configure windows IIS as a reverse proxy using URL re-write and AAR. I also enabled SSL offloading so I can put my Let's Encrypt cert in IIS and manage it through there as well as control the level of SSL Ciphers that IIS can use. Emby comes up perfectly and works.. Right up until you click play on a movie. The playback seems to take forever to load, it eventually does but then another issue comes up. The CPU on the server jumps to 99% and it never stops. From what I can tell of the logs it is doing a Remux of the file and then playing it which is causing the CPU to run hot. I was playing "The Fifth Element" as a test and when I viewed the stats for nerds it states that the "media bitrate exceeds limit" which I find odd as the movies overall bitrate is just 12/Mb. As a test I then disabled the reverse proxy and used the built in emby way of encrypting the server. I passed the .pfx12 file and its password and changed the port to 443 and did another test with the same movie and it played perfectly. It loaded instantly and the CPU stayed at around 1% usage. Could it be the SSL offloading that is causing this ? Could it be IIS itself ? Is there specific things I need to change within IIS in order for this to work correctly ? Has anyone here been able to successfully get an IIS reverse proxy with SSL offloading to work with emby ? Let me know Thank You
  15. riothamus

    Apache Proxy Frontend for Emby

    I have had a few people ask me to explain how I set up my Apache server to forward to my Emby server. Here is a breakdown of how mine is set up should anyone else wish to try this. This is just my way of doing this (yeah, I know, Nginx exists but I have always been an Apache user). Note that I use RPM based distributions, and my frontend Apache server is running on Fedora Server Edition (so that I can have the http/2 goodness). My instructions will emphasize this type of Linux distribution, so you will need to read up on how your particular flavor of Linux handles Apache installations. First off, here is an overview of my network. Everyone's network is different, but this is what I have set up: edge firewall -> wireless ap/firewall -> apache server -> media server (where the media files are actually stored) On my firewalls, I only have ports 80 and 443 tcp opened up, and they forward to my Apache server. No other ports are exposed to the Internet. My Emby server is not configured with SSL. All SSL is terminated at my Apache server. This way, I can use one SSL certificate to encrypt any web services that I run on my network, without trying to get a certificate for each individual server installation. Anything that comes in on port 80 automatically gets forced over to port 443 (this is done by my Apache server itself). I am also using HTTP/2 which has helped with the various web services that my Apache frontend is exposing to the web. Also, all of my internal servers are running host-based firewalls. There is nothing wrong with security in depth here, and I have personally not heard a valid reason to not run a host-based firewall for your networking services. I use https://letsencrypt.org/ for my SSL certificate. It's free, and their tools are awesome. If you use their services, please donate to them as they are providing a valuable service to practically every community. I also have my own domain name set up and registered, with a dynamic IP from my ISP. There are a plethora of services that will let you register your dynamic IP for a domain name, so search around for the one that suits you best. Personally, I am using Google Domains for mine. My firewall assists in keeping my latest IP registered for my domain. This is extremely handy for mobile devices and family members who wish to use my Emby server remotely. Here are the general steps I would recommend to someone setting this up for themselves: Use an edge firewall. The extra protection is worth it. Use your edge firewall to keep track of your public IP, and use whatever agent that your dynamic DNS provider provides to keep your latest IP registered for your domain. I do not recommend doing this from your Apache server, as your Apache server should be further into your network and protected by your other firewall(s). Set up an SSL certificate for your domain. Again, LetsEncrypt is pretty awesome. Install Apache on a server that can handle a fair amount of network traffic. If you are using LetsEncrypt, set up the agent to keep up with your SSL certificate on this server. dnf groupinstall "Web Server" dnf install mod_http2 Configure your Apache server. On a Fedora, CentOS, RHEL system create a file called /etc/httpd/conf.d/00_yourdomain.conf (the two zeroes are there to make sure that your domain file is loaded first). Here are snippets of my configuration (cleaned up a bit for, you know, security): <VirtualHost *:80> Protocols h2c http/1.1 # Send everything over to https instead, best practice over mod_rewrite ServerName example.com Redirect / https://example.com/ </VirtualHost> <VirtualHost _default_:443> # Enable http/2 Protocols h2 http/1.1 <IfModule http2_module> LogLevel http2:info </IfModule> SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DH-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 SSLHonorCipherOrder On SSLCompression off Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains" Header always set X-Frame-Options SAMEORIGIN Header always set X-Content-Type-Options nosniff SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 ServerName example.com ServerAlias example.com ErrorLog logs/example-error_log RewriteEngine on RewriteRule ^/emby(.*) http://127.0.0.1:8096/emby$1 [proxy] RewriteRule ^/emby http://127.0.0.1:8096 [proxy] RewriteRule ^/embywebsocket(.*) http://127.0.0.1:8096/embywebsocket$1 [proxy] RewriteRule ^/embywebsocket http://127.0.0.1:8096 [proxy] <location /emby> ProxyPass http://127.0.0.1:8096/ ProxyPassReverse http://127.0.0.1:8096/ </location> <location /embywebsocket> ProxyPass http://127.0.0.1:8096/ ProxyPassReverse http://127.0.0.1:8096/ </location> </VirtualHost> So what this does for me is let Apache handle all incoming port 80 requests, and turns them into encrypted traffic. All connections to and from the server (that can support it) are encapsulated in HTTP/2 packets. All of my SSL encrypted web traffic is handled by one certificate, so I can have multiple URL paths served by the same domain name, with only the https port used, and it just plain looks cleaner. For example, you can have: https://example.com/emby https://example.com/nextcloud https://example.com/hello_kitty_island_adventure Or whatever suits your needs. My Emby server doesn't have to worry about any proxy configurations or SSL, as Apache takes care of all of that. My example is using the localhost IP address to direct all incoming and outgoing Emby requests, but if you are using a separate host that runs Emby, just make sure to use the IP of that system instaed and that you have port 8096 open and available. I hope that others may find this helpful.
  16. atlas780

    SSL not working after cert renewal

    Hey, I had it setup for a while with an Letsencrypt Certificate converted into p12. It worked flawlessly. Then my cert ran out and I had to renew it. So i did "certbot --renew" which worked and converted it into a p12 with openssl pkcs12 -export -out certificate.p12 -inkey privkey.pem -in cert.pem -certfile fullchain.pem But sinse then HTTPS is not working: (Sorry for German) I already tried to change the path, the certfile has all rights and I have no idea why it's not working. Also in the Dashboard it's not shown with HTTPS: The logs are attached. Maybe someone here has an idea. Thanks in Advance! embyserver.txt ffmpeg-remux-fee6f20e-34b8-41bf-8c2b-f9d6f324abf5_1.txt ffmpeg-transcode-ffc235e7-a070-4e74-965f-9e8f183059c8_1.txt hardware_detection-63715285219.txt
  17. I've been looking, but I cannot find any examples of how to self-host Emby behind an NGINX reverse proxy at anything other than the root path on port 80. I host a website under the www subdomain at the root path on port 80, so that's not an option. I'm fine with any of these solutions: Use a different port (http://www.mydomain.com:8096/) Use a different subdomain (http://emby.mydomain.com/) Use a different path (http://www.mydomain.com/emby/) My current configuration is an attempt at solution #3 because that's the one I was able to get furthest on. I think I'd prefer solution #1 or #2, but I'm not picky. I'd also like to setup SSL, but I need to get this working before I can worry about encryption. That said, the SSL configuration for my website might be responsible for my current problem. All requests to port 80 are redirected to 443, which has SSL enabled. The server just directs everything on the /emby path to localhost:8096, which Emby binds to. I'm able to load the index page, but it fails to load the Javascript used to render any actual content. It looks like the server isn't able to serve the Javascript file over HTTPS. I have very limited experience with NGINX and Emby and I have no idea how to fix it. Here's my NGINX server configuration: server { listen 443 ssl default_server; listen [::]:443 ssl default_server; root /█████/website; server_name █████; ssl on; ssl_certificate /█████/cert.pem; ssl_certificate_key /█████/privkey.pem; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.4.4 8.8.8.8; location /static { alias /█████/website/static; } location / { try_files $uri @wsgi; } location @wsgi { proxy_pass http://unix:/tmp/gunicorn.sock; include proxy_params; } location ~* .(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { access_log off; log_not_found off; expires max; } location /emby { proxy_pass http://127.0.0.1:8096; } } server { listen 80 default_server; listen [::]:80 default_server; server_name █████; return 301 https://$host$request_uri; }
  18. varmandra

    SSL not working <SOLVED>

    Hello This is my first post here, but I read here a lot and solved many problems I had, so first thanks this community. But now I have a Problem and no idea how to solve it. I use a lot how-to but I am not able to get an https connection to my Emby Server With this instructions I get no more a "could not connect", but I get a "PR_END_OF_FILE_ERROR" in Firefox and "ERR_CONNECTION_CLOSED" in Chrome. I´m not really familiar with SSL but with an apache or lighttpd I had no problems to set up an https connection, but with the Emby Server I don´t know any further. In the log file there are only the http request, nothing about https. Where should I search for this issue, are there other settings which affect to SSL? If you need more information from me, just ask. BdT Varmandra
  19. Hello I have my Emby server configured to use ssl by inputting the external domain name and secure connection mode set to handled by reverse proxy. I have nginx secured with ssl and I can successfully hit my emby server using the custom domain url, and certificate is successfully verified for https. But it seems my users that go through the app.emby.media site and log in using emby connect are still directed to an http site with a not secure connection warning. Is there a simple step I'm missing to get that to redirect to the proper https wan url configured in Emby?
  20. So I am looking to migrate from plex to emby and so far so good, still needing a lot of testing. However one thing that is keeping me from migrating is the SSL encryption. With Plex, they actually provide their own proxy and they pay for the encryption and Emby seems like you have to have provide your own domain with SSL cert. With letsencrypt being main stream and free, this is fine and dandy. However, the way I understand their certs, they are only good for 90 days I believe and then you have to renew (again for free). This is quite an administrative task to do this every three months. Letsencrypt does have API to be able to do renew if you have an account. So my feature request would be to add the ability in emby to enter your lets encrypt credentials and have emby renew the cert automatically via letsencrypt api so this does not have to be done manually. I am curious if anyone else has found a better alternative to this.
  21. Hi guys, big thanks to all who have posted walk throughs for setting up domains, DDNS, SSLs, etc. So far I have the domain name and DDNS working for HTTP traffic. But for whatever reason HTTPS traffic just times out everytime. I am relying on the UPnP protocol on my router instead of port forwarding and the bindings are correct. 443 is going to 8920, 80 goes to 8096. But I cannot connect via https:// or :443 ever. Even setting up manual port forwarding does not work. So I cannot tell if my certificate is even working but I shouldn't need the certificate to even connect via HTTPS, right? If the port binding is there I should be able to connect I am using Certify the Web for the SSL and it has been correctly setup with my domain but I can't tell if Emby is really using it. Any help would be appreciated.
  22. https://letsencrypt.org/ the free certificate authority it in public beta now and allows everybody to get valid free SSL certificates. It would be nice to have support for getting SSL certificates via their ACME protocol directly from emby. This would make it really easy for people to setup secure access to the server from the internet.
  23. After several days of frustration, I have managed to setup SSL far enough to get a connection but the browser does not like like the certificate - see attached. I tried to follow the various sets of instructions around the site, the only config I could get to work is as follows; Static IP address on my router setup sub domain on my domain DNS with a forward to the router address and port My question is emby instructions say the server will create it's own SSL cert but I cannot get this to work. If I leave the field for the path to cert blank then I am unable to save - this is why I went the create your own cert route (which I cant get to work!). I have found an SSL folder in the emby folder structure (windows 10) but nothing is in there. I have read up all I can find but cannot get the inbuilt cert to work. Any suggestions?
  24. I finally decided it was time to look into getting a secure connection with SSL certificate set up on my server, so I went through the steps of grabbing a domain name and a SSL certificate. The name was easy and the certificate was alright, just a little slower to get because of my own stupidity. After various attempts doing incorrect things between Emby settings and port forwarding, I got the .pfx file linked in Emby, the domain name listed, and all the ports set up correctly. I went to test it by doing a complete new install of the Emby app on my android phone - entered my new HTTPS address in the path and 443 in the android port box, and it took me to the server's login page almost instantly, so I was super happy about that. I then set up an Apple TV box on an external network to try that, and again it loaded up the login screen right away after putting the address in. The oddity that I'm running into now is that I've also tested it in four different web browsers, both from two computers and an iPad on my local network as well as from two different computers off the network just to make sure, and came up with the following results in terms of how quickly the browsers would actually pull up the login page after entering the address in the browser bar: - Safari = almost instantly, 1-2 seconds - Chrome = 17-22 seconds - Firefox = 20-23 seconds - Internet Explorer = 22-26 seconds If I use my straight IP address to get to my server from any of those computers, it's a 1-2 second load time no matter what browser I use. I haven't had time to stream anything for a significant amount of time through the secure connection, so I don't know if streaming is affected or not yet - after a quick forum search, I did see a thread about reverse proxy potentially causing streaming issues, but I'm not running a reverse proxy at all. Has anyone noticed problems with streaming when going through a domain name with SSL? Anyway, after all that explanation, my real question about the login screen is whether others have seen it as a common thing for the login page to be pulled up so slowly when using a domain and SSL certificate to get to the server, especially with the major non-Apple browsers? Thanks for any feedback.
  25. From LDAP test-thread: For greater compatibility, can STARTTLS be implemented? It would save a lot of time mucking about with certificates when using MS AD. This is running perfectly with a Wordpress plugin I'm using. Only had to enter the DC IP, Base DN and credentials and up and running within a minute.
×
×
  • Create New...