DSM 7 -- Emby 4.6.4.0-3001 // Can't set custom HTTPS port

[rideekulous 0]

Missed the boat on the thread regarding DSM6 > DSM7 migration... so I'm just redeploying.

In DSM6 I was able to use a custom HTTPS port 8741, but that value doesn't seem to be taking in DSM7.

... I have configured the custom port and its reflected on the dashboard, but https still only listens on the default 8920 port.

[rideekulous 0]

... while I'm here, is it possible to restore a backup from my DSM6 version (4.5.4.0) to my DSM7 version (4.6.4.0)?

[Carlo 4330]

Hi, how are you testing the port?  Are you testing with www.canyouseeme.org?

[rideekulous 0]

I'm testing it by accessing it from inside and outside of my network.

I have an internal DNS zone that matches my external public DNS zone (name), but the "emby.domain.com" resolves to an internal address when looked up from inside my network.

I only have port 8741 forwarded to my Synology/Emby on my edge firewall, so 8920 is blocked when accessing from outside of my network.

From inside my network if I go to https://emby.domain.com:8920 it loads, but when I go to https://emby.domain.com:8741 I get no response.

Edit: You can see in my previous screenshot that it says "Running on http port 8096, and https port 8920." But then under Remote (WAN) Access, it shows https://emby.domain.com:8741. So it knows that I've configured 8741, but its not actually listening there.

Edited August 8, 2021 by rideekulous

[Carlo 4330]

It sounds like something is blocking port 8741.

What does the port forwarding in your router look like for this?

[rideekulous 0]

Port forwarding on my router is configured the exact same way it has been for the several years it's been working on the DSM6 version.

The only change here is that I'm on a clean DSM7 installation now.

Do you not see an issue with the fact that I've configured it to use 8741 and it's actually listening (or "running") on 8920?

Edited August 9, 2021 by rideekulous

[Carlo 4330]

You need to verify your NAS is the same IP that is used for port forwarding.

Next you want to make sure the proxy running on Synology isn't intercepting the incoming connection.
You also need to make sure there is no firewall settings on Synology blocking this as well.

[rideekulous 0]

Help me understand this, if you would please.

I've configured my public https port number as 8741...

... and the dashboard is showing that its running on 8920...

... and I can access the server on port 8920...

... and get "connection refused" on port 8741, which is typical behavior when a web server isn't listening on a specific port...

... previously when I configured my port to 8741, the web server no longer ran on 8920 (default)... because the web server was configured for 8741.

Seems that the Emby web service is not properly updating its configuration... or it's trying to but can't because of some port lock (?) from before the DSM7 upgrade?

To test this I configured my port for 8742, but the behavior is the same, the server is still running on 8920...

Also... my Synology firewall is disabled as I use my edge firewall to control access. To be clear, this means that when accessing emby from inside of my network there is no firewall between my host and the Synology where Emby is hosted.

Edited August 9, 2021 by rideekulous

[rideekulous 0]

@Luke apologies for the direct tag, but do you have any insight/guidance here?

[Carlo 4330]

So you know have to check both your edge firewall to make sure it's letting your ports inbound for 8920 on the inside and 8742 from the outside as your need:

WAN 8742 to Emby Server 8920 for TCP port forwarding.

[rideekulous 0]

@cayars - all due respect, I don't believe you're grasping my issue... at all.

I'm not even coming in from the outside, there is no firewall in play here.

I don't want Emby server to run/listen on 8920, I want it to run/listen on 8741 (or 8742, either one is fine). There is an option in Emby's network settings (see the first screenshot of my previous post) that allows you to change your listening port from the default 8920, this doesn't seem to be working... and this is my issue.

Edit: This is how it worked in my DSM6 version, and how I'd expect it to work in the DSM7 version... is this not the case, or no longer supported?

Edited August 9, 2021 by rideekulous

[Carlo 4330]

Yes, I wasn't getting what you were saying because you kept saying 8920 was working inside but 8741 wasn't working outside.
On DSM 7 internally Emby will always listen on ports 8096 and 8920 and you can't change this from the UI.
It should make no difference what the SSL port is internally as you don't need to use it inside your network as you don't need things encrypted so port 8096 is fine for local use.

For remote use you can change the external/wan port to be anything your want for non or SSL encrypted and just need to forward that external port to 8920 on the Emby Server.

If you really don't want to use ports 8096 and/or 8920 locally you can change them but have to change the system.xml file located in /volume1/@appdata/EmbyServer/confi folder.

Shutdown Emby Server before changing this file!

Look for these lines and change the port number according to your needs.
 

<HttpServerPortNumber>8096</HttpServerPortNumber>
<HttpsPortNumber>8920</HttpsPortNumber>

Let me know if this is what you were trying to do.
Now you will have to change the external/remote port forwarding to forward to whatever port you enter here.

[rideekulous 0]

Yes, that is what I'm trying to do. To clarify why, other than "because I want it"... with my configuration our devices can be inside or outside of the network and connect to Emby via the same IP/Port of emby.domain.com:8742, instead of having an inside and outside connection.

I'm curious if this is this a change that is introduced in DSM7 version? Because I've only ever changed the https port in the network section of the admin UI and achieved the same results.

Edit: Editing the system.xml file was the correct answer, thank you.

Edited August 9, 2021 by rideekulous

[Carlo 4330]

Yes it's a DSM 7 thing due to the way the setup now needs to be done.

You're setup really isn't unique in this respect as this is quite common to use the same clients both on and off LAN and they will adapt on their own.

PS changing the port number from 8920 to 8742 does nothing for you as any port scan will find either port quite easily as that's the nature of TCP.

Edited August 9, 2021 by cayars

[rideekulous 0]

7 minutes ago, cayars said:

PS changing the port number from 8920 to 8742 does nothing for you as any port scan will find either port quite easily as that's the nature of TCP.

Yeah, this is more of a somewhat unnecessary obfuscation habit for the script kiddies who target specific ports in the interest of speed. Of course this doesn't do much if someone is doing a full scan of all TCP ports on my public IP... but if someone is merely scanning a block of thousands of residential IPs with the intent to specifically discover Emby hosts (say, for a vulnerability/exploit validation), its likely they will target the default ports and this small measure of obfuscation will be useful in that case.

Anyways, thank you for clarifying and pointing me in the direction of the system.xml file.

Edited August 9, 2021 by rideekulous

[Luke 37095]

The reason we don't put the settings in the UI is because the ports have to be defined in the Synology app manifest, so they defaults are essentially hard-coded there.