Jump to content

Security and SSL


Beecon
 Share

Recommended Posts

Beecon

I want to use a sub domain of godaddy to access my emby. It shows it’s not secure when logging in externally.

I like to know if the SSL provided by synology for the server also covers emby access? 
how do I refer to that certificate in emby?

Link to comment
Share on other sites

Beecon

The SSL security coverage is shown in the security tab on the Synology control panel.

The need for a link is shown on Emby security menu.

The main domain SSL of Godaddy domain is covered by my Google sites, which I use for hosting.

The subdomain I want to use is excluded from this, and Godaddy asks 250$ for SSL for subdomains, which is clearly a waste of money. I have two free options:
- either I use the Synology server cert
- I use the provided quickconnect link by Synology

Both may not provide https security out of the box, unless I link the SSL cert to the emby server. Correct?

Screen Shot 2021-09-22 at 12.16.20 PM.jpg

Screen Shot 2021-09-22 at 12.18.28 PM.jpg

Link to comment
Share on other sites

I haven't tried this myself but if you set this up to go through DSM you're actually using nginx in DSM.

Thus I'm thinking you would put the subdomain in the External domain field.  The port being used for https public use in Emby.
Then you would change the secure connection mode to handled with secure proxy.

Link to comment
Share on other sites

Beecon

The https port is 8920 is presume.

How do you do this? "Then you would change the secure connection mode to handled with secure proxy."

Any link to a kb?

Link to comment
Share on other sites

Nope, no KB article on this as I haven't done it yet. I have all ports blocked from outside use on my Synology except for Emby ports.

If you like we could setup a remote support session to figure out exactly how to do this. I could then use this info to create a KB article or tutorial.
We could try it a couple of ways using the Synology server cert or using quickconnect to see which method would work best.
 

 

Link to comment
Share on other sites

Beecon

OK. let me study this "secure proxy" magic a bit first.

 

Edited by Beecon
Link to comment
Share on other sites

Beecon

Hi, I checked the workings, and get confused with settings as expected.

My guess is to use to the same port number to:
- router-in <> router-out <> proxy <> emby server

proxy setting :
- allow IP of known user to watch movies
- allow incoming router IP (external IP address) (is it necessary?)

Any other suggestion?

When I run this trial, the other apps cannot get access to the web anymore, so somehow those packages also need to be included in the proxy settings, incl the ports they need to communicate.

 

 

Link to comment
Share on other sites

Beecon

Cloudflare is recommended on this thread. It appears the easy way out. Let me check it out as well in case this doesn’t work.

 

Link to comment
Share on other sites

I wouldn't worry about Cloudflare until you get remote working first.
You can get non-SSL port 8096 working first (even if you turn it off right away) then setup for SSL.

 

Link to comment
Share on other sites

I use a ddns URL and have a certificate using synology letsencrypt. Not sure if this helps 

 

Edited by DJX
Link to comment
Share on other sites

Beecon
7 hours ago, cayars said:

I wouldn't worry about Cloudflare until you get remote working first.
You can get non-SSL port 8096 working first (even if you turn it off right away) then setup for SSL.

 

I’ve got that working now. 

Link to comment
Share on other sites

Beecon
4 hours ago, DJX said:

I use a ddns URL and have a certificate using synology letsencrypt. Not sure if this helps 

 

Thanks for the link! The image for conversion is gone. Any chance you can refresh that?

Link to comment
Share on other sites

Beecon
19 hours ago, cayars said:

Nope, no KB article on this as I haven't done it yet. I have all ports blocked from outside use on my Synology except for Emby ports.

If you like we could setup a remote support session to figure out exactly how to do this. I could then use this info to create a KB article or tutorial.
We could try it a couple of ways using the Synology server cert or using quickconnect to see which method would work best.
 

 

Thanks for the offer. After study, the proxy needs me to figure out all the 'allow' rules.

I prefer to go for a simple SSL option, using the 2 suggestions.

  • Like 1
Link to comment
Share on other sites

Beecon

Hi, I got it to work :


1. Set-up ddns xxx.synology.me domain in Synology Control Panel/Security
    - this step is really necessary? To be verified.
    - Synology can create a free 'Let's certify' SSL.
    - When I export it I cannot activate it. I gave up on this and went for other free SSL. (see 3.)
2. From the Control Panel/Security export the SSL cert to my harddisk
3. Get the free SSL cert files from https://www.sslforfree.com/ (3 month expiry)
4. Download the zip file (with pem format cert files) to my harddisk
5. Download the CA bundle file from https://www.ssls.com/knowledgebase/where-do-i-get-a-ca-bundle-file/
     - I downloaded both, but used only the ECC format for conversion.
6. Convert the pem files into PKCS#12 format: https://decoder.link/converter
     - cert file, private key file and CA bundle file
     - set the password for the certificate (use in control panel/network)
7. Check the SSL with my xxx.synology.me domain using checker tool on the same site.
8. Upload the cert file to the emby content folder on my nas.
9. Enter the SSL file and password info in the Emby server/Network settings
10. Map https: ports in router and firewall, and
     - Check that you assigned the same port in Emby/Network settings...

Hope its helpful.

Edited by Beecon
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...