nerdwork 0 Posted July 20, 2021 Posted July 20, 2021 I'm trying to set up a load balancer and reverse proxy (Kemp LoadMaster) to handle all incoming connections on port 443 and distribute to my various services in the local network, and to manage SSL certs. I am completely unable to get Emby Server running on macOS to listen on HTTPS. I don't want to "allow remote connections to this Emby Server" or manage an SSL cert on the Emby instance. As you can see below, the Emby Server is not listening on https (port 8920) even though it's reporting that it is. I've tried enabling "allow remote connections" for testing with "handed be reverse proxy" but still no dice. sudo lsof | grep LISTEN | grep -i emby EmbyServe 10196 *redacted* 148u IPv6 0xe964fbfa92b187eb 0t0 TCP *:8096 (LISTEN) embytray 10197 *redacted* 4u IPv4 0xe964fbfa79f4057b 0t0 TCP localhost:8024 (LISTEN) And no, there is nothing else listening on port 8920, and I have tried changing https port to no effect. I'd really like to get this working without using EmbyConnect as I want to manage and monitor internal services through a single interface. Emby Logs: embyserver.txt.zip
Luke 38498 Posted July 20, 2021 Posted July 20, 2021 Hi there, did your configure an ssl certificate in emby server? You need to do this before the server will listen on the ssl port. But typically with a reverse proxy you would have it handle the ssl port and then forward the the http port in emby
nerdwork 0 Posted July 20, 2021 Author Posted July 20, 2021 1 minute ago, Luke said: Hi there, did your configure an ssl certificate in emby server? You need to do this before the server will listen on the ssl port. But typically with a reverse proxy you would have it handle the ssl port and then forward the the http port in emby Thanks for the reply Luke. No I did not set up the SSL cert in Emby, as I want to manage that externally. I'm having issues forwarding my loadbalancer to the http port (due to other services running on https). So is there no way to have Emby listening locally on https without setting up a cert? Even though the screenshot above says it is listening on 8920 (it is not).
Luke 38498 Posted July 20, 2021 Posted July 20, 2021 Quote Even though the screenshot above says it is listening on 8920 (it is not). Where does it say that? Quote No I did not set up the SSL cert in Emby, as I want to manage that externally. Then it is the reverse proxy that listens on the SSL port, not Emby. Quote So is there no way to have Emby listening locally on https without setting up a cert? No, there is not.
nerdwork 0 Posted July 20, 2021 Author Posted July 20, 2021 6 minutes ago, Luke said: Where does it say that? 7 minutes ago, Luke said: Then it is the reverse proxy that listens on the SSL port, not Emby. That's correct. But I can't have a single virtual IP in the load balancer that Listens on SSL then forwards to a mixture of http and https services. Which means setting up multiple virtual IPs, which breaks the convenience of listening on a single 443 inbound port to the network. 9 minutes ago, Luke said: No, there is not. What about a self signed certificate then? And how can I do this without enabling emby connect? The certificate options only show when "enable remote connections" is checked..... I have seen a lot of posts regarding https issues. Surely we could have an option to enable https with a big warning flag like "hey, this may break app access if you do it wrong, be warned" ??
Luke 38498 Posted July 20, 2021 Posted July 20, 2021 You'll want to make sure to use a certificate that the devices you'll be connecting from will trust. It's not possible on all platforms to override and force it to accept something that it's rejecting.
nerdwork 0 Posted July 20, 2021 Author Posted July 20, 2021 I'll give it a try. But it still feels like an advance option we should be able to enable local https without a certificate or emby connect enabled. Thanks for your time Luke.
Luke 38498 Posted July 20, 2021 Posted July 20, 2021 14 hours ago, nerdwork said: I'll give it a try. But it still feels like an advance option we should be able to enable local https without a certificate or emby connect enabled. Thanks for your time Luke. The domain name and certificate has to come from somewhere. Where would it come from?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now