Jump to content

Recommended Posts

Posted

I'm trying to set up a load balancer and reverse proxy (Kemp LoadMaster) to handle all incoming connections on port 443 and distribute to my various services in the local network, and to manage SSL certs.

I am completely unable to get Emby Server running on macOS to listen on HTTPS. I don't want to "allow remote connections to this Emby Server" or manage an SSL cert on the Emby instance.

203292114_ScreenShot2021-07-20at11_21_24.png.b38603ba2eeb45dc5be066751eb51e1b.png

377630019_ScreenShot2021-07-20at11_26_11.thumb.png.1fbe1ecc439d08a84d4aa0cc32740b79.png

As you can see below, the Emby Server is not listening on https (port 8920) even though it's reporting that it is. I've tried enabling "allow remote connections" for testing with "handed be reverse proxy" but still no dice.

sudo lsof | grep LISTEN | grep -i emby
EmbyServe 10196              *redacted*  148u     IPv6 0xe964fbfa92b187eb        0t0                 TCP *:8096 (LISTEN)
embytray  10197              *redacted*    4u     IPv4 0xe964fbfa79f4057b        0t0                 TCP localhost:8024 (LISTEN)

And no, there is nothing else listening on port 8920, and I have tried changing https port to no effect.

I'd really like to get this working without using EmbyConnect as I want to manage and monitor internal services through a single interface.

Emby Logs:

embyserver.txt.zip

 

Posted

Hi there, did your configure an ssl certificate in emby server? You need to do this before the server will listen on the ssl port.

But typically with a reverse proxy you would have it handle the ssl port and then forward the the http port in emby 

Posted
1 minute ago, Luke said:

Hi there, did your configure an ssl certificate in emby server? You need to do this before the server will listen on the ssl port.

But typically with a reverse proxy you would have it handle the ssl port and then forward the the http port in emby 

Thanks for the reply Luke. No I did not set up the SSL cert in Emby, as I want to manage that externally. I'm having issues forwarding my loadbalancer to the http port (due to other services running on https).

So is there no way to have Emby listening locally on https without setting up a cert? Even though the screenshot above says it is listening on 8920 (it is not).

 

Posted
Quote

Even though the screenshot above says it is listening on 8920 (it is not).

Where does it say that?

Quote

No I did not set up the SSL cert in Emby, as I want to manage that externally.

Then it is the reverse proxy that listens on the SSL port, not Emby.

Quote

So is there no way to have Emby listening locally on https without setting up a cert?

No, there is not.

Posted
6 minutes ago, Luke said:

Where does it say that?

174313852_ScreenShot2021-07-20at11_21_24.png.7049a623aa5d6b5184aaea6b0b18132f.png

7 minutes ago, Luke said:

Then it is the reverse proxy that listens on the SSL port, not Emby.

That's correct. But I can't have a single virtual IP in the load balancer that Listens on SSL then forwards to a mixture of http and https services. Which means setting up multiple virtual IPs, which breaks the convenience of listening on a single 443 inbound port to the network.

9 minutes ago, Luke said:

No, there is not.

What about a self signed certificate then? And how can I do this without enabling emby connect? The certificate options only show when "enable remote connections" is checked.....

I have seen a lot of posts regarding https issues. Surely we could have an option to enable https with a big warning flag like "hey, this may break app access if you do it wrong, be warned" ??

Posted

You'll want to make sure to use a certificate that the devices you'll be connecting from will trust. It's not possible on all platforms to override and force it to accept something that it's rejecting.

Posted

I'll give it a try. But it still feels like an advance option we should be able to enable local https without a certificate or emby connect enabled.

Thanks for your time Luke.

Posted
14 hours ago, nerdwork said:

I'll give it a try. But it still feels like an advance option we should be able to enable local https without a certificate or emby connect enabled.

Thanks for your time Luke.

The domain name and certificate has to come from somewhere. Where would it come from?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...