https:// access on public Internet

[pir8radio 1292]

2 hours ago, dhenzler said:

Problem with this is it's Windows centric... I stopped supporting Bill Gates & his org 20 years ago.  Emby appears to be a Windows IIS server or close to it.  I'm not sure how Nginx under BSD would invoke or pass to that?  I'm lost in that area.

Played with it until I was worn out...

my nginx confg is not windows based lol....   update the file paths to match your os, and it will work.   lots of people use that config on different flavors of the Linux kernel.        You might want to dig in to the nginx basics first, figure out how it works.   make sure you actually need it for whatever you are wanting to do..  I didn't go back and read everything.  

[dhenzler 9]

Well not being a total nubie... Yes I need it for my purposes.  Wish to have a secure Public Internet presence with SSL protection.  SSL fails to work in the Emby install I've built in BSD on my DL380eG8 server running TrueNAS-12.0-U6.1 Intel(R) Xeon(R) CPU E5-2470 0 @ 2.30GHz  32 threads .

I want to have SSL for encapsulated data to keep prying eyes from seeing what I'm sending or receiving, and to enhance transmission speed.

95.9GiB

total available (ECC)

The trouble I'm having is how to invoke emby.... don't know what to put

server {
        listen 443 ssl;
        server_name e.myserver.com;

        if ($host !~ ^media(\.int)?\.yourdomain\.com$) {
                return 444;
        }

        root /var/www/html/emby;   <== Emby doesn't live here !

        ssl_certificate     /usr/local/openssl/emby_crt.pem;
        ssl_certificate_key /usr/local/openssl/emby_key.pem;

        location = / {
                return 301 http://192.168.15.115:8096/web/index.html;

Edited December 3, 2021 by dhenzler
correction to info provided

[dhenzler 9]

3 hours ago, metsuke said:

It doesn't matter what settings Emby is using internally as long as a web page displays at the end. The reverse proxy can point to it with no issue.

The file location in FreeBSD is /usr/local/etc/nginx/nginx.conf

Are you testing externally or internally? Does it work fine internally?
Have you tried using the config that I posted, replacing the <> variables with your own?

I've tested mostly internally, then switched to external using a cell phone to be sure it's not getting whacked by any leftover bs.

NO Dice on the Network configurations.  All have been tried now and a year ago... screwed up mess that someone should fix or remove.

Rev Proxy with Nginx may be my last possibility.  I have a working Plex system.  Just thought it would be nice to tweak an emby system into working and see how it ran.  I think emby's video may be a bit better than Plex.  Sound is about the same in my old ears.  Subtitles are sub-standard, often out of sync.  Not easily selectable.

Other than that... it's all my experience to date...

[Luke 37064]

Quote

Subtitles are sub-standard, often out of sync.  Not easily selectable.

Hi, what do you mean by this?

[dhenzler 9]

11 hours ago, Luke said:

Hi, what do you mean by this?

Found that I could select other subtitles if the video wasn't running.  However sync is an issue on some.

Sorry I came on like Gunga Din  on the issue

[dhenzler 9]

13 hours ago, dhenzler said:

I've tested mostly internally, then switched to external using a cell phone to be sure it's not getting whacked by any leftover bs.

NO Dice on the Network configurations.  All have been tried now and a year ago... screwed up mess that someone should fix or remove.

Rev Proxy with Nginx may be my last possibility.  I have a working Plex system.  Just thought it would be nice to tweak an emby system into working and see how it ran.  I think emby's video may be a bit better than Plex.  Sound is about the same in my old ears.  Subtitles are sub-standard, often out of sync.  Not easily selectable.

Other than that... it's all my experience to date...

Continued testing resulted in no SSL.  Port 8920 fails to do anything.  I have both ports open.  Created the .p12 file using the "emby recommended" method described earlier.  Checked the .p12 file and it indeed contains the requisite data.  Are other ports used by the Windoz server ?

Presently working on a rev-proxy solution so that I can get some results.  However I'm not checked out on Nginx and struggling with some configuration issues.

[Luke 37064]

Did you convert to a pfx? That is what the server expects for a certificate, not p12.

[dhenzler 9]

Why doesn't the Network settings configure emby properly to support a SSL enabled system?  When the .p12 file and other settings are configured as required... nothing on port 8920

After a year of being away from this... the problem still exists.  Does anyone at "emby" read the complaints ?

Duh!

The data below came from running ps aux on my bsd 12.2 jail   I'm assuming this is how emby is accessed

/usr/local/bin/mono-sgen /usr/local/lib/emby-server/system/EmbyServer.exe -os freebsd -ffdetect /usr/local/lib/emby-server/bin/ffdetect -ffmpeg /usr/local/lib/emby-server/bin

I'm struggling to get a Nginx rev-proxy working so I may have a secure emby server where prying eyes aren't able to see what's inside the encapsulated data stream/

Help would be great !

Please !

[dhenzler 9]

Testing is done on the LAN, but I've also tested with Public domain name:8096 as well as 8920.

Emby works... Rev-Proxy is giving me fits.

It's really too bad that Emby choose Windoz for an OS...  Really complicates my life.

A blizzard of dll's and no meaningful config files

 

 

[dhenzler 9]

4 hours ago, Luke said:

Did you convert to a pfx? That is what the server expects for a certificate, not p12.

funny! that's not what the info said =>

[dhenzler 9]

11 minutes ago, dhenzler said:

funny! that's not what the info said =>

Did you convert to a pfx? That is what the server expects for a certificate, not p12 <=-  constantly changing game.

Luke... I sent you info confirming what I did and where I got my information.... Obviously you didn't bother to read it.

I can't find a BSD compatible conversion... !  Fix the documents that lead us in the wrong direction...

Guess if you're not a paying member you don't get correct info...  Must be related to Oracle!

;o)

Dave

 

[dhenzler 9]

19 minutes ago, dhenzler said:

Did you convert to a pfx? That is what the server expects for a certificate, not p12 <=-  constantly changing game.

Luke... I sent you info confirming what I did and where I got my information.... Obviously you didn't bother to read it.

I can't find a BSD compatible conversion... !  Fix the documents that lead us in the wrong direction...

Guess if you're not a paying member you don't get correct info...  Must be related to Oracle!

;o)

Dave

 

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt

That didn't work either Luke

[dhenzler 9]

8 minutes ago, dhenzler said:

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt

That didn't work either Luke

Verified contents using openssl pkcs12 -info -in filename.pfx

[dhenzler 9]

5 hours ago, Luke said:

Did you convert to a pfx? That is what the server expects for a certificate, not p12.

How was I to know this ?

[Luke 37064]

3 hours ago, dhenzler said:

Verified contents using openssl pkcs12 -info -in filename.pfx

Please attach the emby server log from when you tried to do this. Thanks.

[Luke 37064]

3 hours ago, dhenzler said:

How was I to know this ?

We'll look at improving the help text. Thanks.

[Baenwort 97]

I'm using Letsencrypt to generate the SSL for my domain and using that in Emby.

The command I use (FreeBSD 12.1 via TrueNAS12) is:

openssl pkcs12 -export -out emby.domain.name.pfx -inkey emby.domain.name.key -in emby.domain.name.crt

The key obv my private key. The .crt is just a rename of the fullchain.cer that acme.sh produces for Letsencrypt and my domain. 

Putting these into Emby as per the wiki results in a HTTPS connection for all my clients. I've blocked the http outbound from my server at the firewall just to make sure but Emby seems to respect the setting to ensure all remote clients are using HTTPS.

[dhenzler 9]

does it work?  I never got anything to work using Emby Network settings for SSL

On 12/2/2021 at 9:58 PM, dhenzler said:

 

 

[pir8radio 1292]

1 hour ago, dhenzler said:

does it work?  I never got anything to work using Emby Network settings for SSL

 

did you give up on nginx?  I also have a few of those DL380e G8's laying around if you need a backup lol.  used to my my old emby server too..     click my profile, then "ABOUT ME" there is a decent starter config for emby/nginx..    just ditch the majority of the current config file and forget about the other "folders" in that build you have..   use one config. the one in my profile. if you get errors about processes we can modify, urls will need to match your os..  or keep going with emby..   just offering a hand.   a lot of people use the built in ssl..   but i like nginx,  you can run multiple sites on the same 443 and 80 open ports, so you dont have to open a bunch of ports for different web services.   

Edited December 6, 2021 by pir8radio

[dhenzler 9]

40 minutes ago, pir8radio said:

did you give up on nginx?  I also have a few of those DL380e G8's laying around if you need a backup lol.  used to my my old emby server too..     click my profile, then "ABOUT ME" there is a decent starter config for emby/nginx..    just ditch the majority of the current config file and forget about the other "folders" in that build you have..   use one config. the one in my profile. if you get errors about processes we can modify, urls will need to match your os..  or keep going with emby..   just offering a hand.   a lot of people use the built in ssl..   but i like nginx,  you can run multiple sites on the same 443 and 80 open ports, so you dont have to open a bunch of ports for different web services.   

I've been trying to use HOW-TO: Set up NGINX to reverse proxy your jails w/ Certbot | TrueNAS Community but the  ./letsencrypt-auto --debug certonly --standalone -d example.com -d www.example.com fails to run, regardless of BSD version.  11.4 12.1, 12.2.  I'm operational with my Self Signed Cert, and that's good enough for me for now.

I've got 4 of the G8's two with 14LFF bays and two with 12LFF + 2SFF.  Got the last two for $75 shipped incl CPU's  Not the fastest, but I replaced them with the E5-2470's  The first two have E5-2450L's  all 16 core boxes 32 threads and at least 64G memory.  The G7's are Video Surveillance stuff I built...Blue Iris 5.

 

p8.conf

Edited December 6, 2021 by dhenzler

[Shawn 1]

On 12/5/2021 at 11:26 PM, pir8radio said:

did you give up on nginx?  I also have a few of those DL380e G8's laying around if you need a backup lol.  used to my my old emby server too..     click my profile, then "ABOUT ME" there is a decent starter config for emby/nginx..    just ditch the majority of the current config file and forget about the other "folders" in that build you have..   use one config. the one in my profile. if you get errors about processes we can modify, urls will need to match your os..  or keep going with emby..   just offering a hand.   a lot of people use the built in ssl..   but i like nginx,  you can run multiple sites on the same 443 and 80 open ports, so you dont have to open a bunch of ports for different web services.   

@pir8radioDo you have a step by step on how you get the SSL cert working with emby on a Windows Server? I tried it a few months ago and was not able to get it working

Or can you point me in the direction of some information I can read to try to learn more about it?

[Luke 37064]

14 hours ago, Shawn said:

@pir8radioDo you have a step by step on how you get the SSL cert working with emby on a Windows Server? I tried it a few months ago and was not able to get it working

Or can you point me in the direction of some information I can read to try to learn more about it?

There are many ways to create an SSL certificate, but here's one: 

 

[Shawn 1]

7 minutes ago, Luke said:

There are many ways to create an SSL certificate, but here's one: 

 

Ill give this a shot thank you

[Shawn 1]

@LukeOne more question I couldn't seem to find this in the article. Do i need to have an SSL Cert for my website and another one for Emby? Or do I use the same cert for both?

[Luke 37064]

27 minutes ago, Shawn said:

@LukeOne more question I couldn't seem to find this in the article. Do i need to have an SSL Cert for my website and another one for Emby? Or do I use the same cert for both?

Hi, if you have a pfx that you can import into Emby and the url will be the same, then it may work. I think you'll just have to try it.