appboxemby 0 Posted June 1, 2022 Share Posted June 1, 2022 so i built a pretty basic setup to get to my emby server in my house. i bought a domain on cloudflare, which comes with the free ssl cert. i then pointed the domain to my server at home. that server is a truenas scale host with a traefik reverse proxy and emby in a docker container. everything works fine on my android phone and other computers and such. however, my samsung TV does not want to allow the SSL connection on port 443. i know that the certs on the samsung tv expired forever ago and samsung has not pushed an app update, but i didnt think i needed samsungs cert. that was the whole point of paying for a domain with a cert attached - i wanted to use that one, which i confirmed works on just about every other platform. do u guys know what is wrong? (fyi, i have the network settings in emby [secure connection mode] set to be handled by rev proxy. i left the cert fields blank bc the certs are hosted on cloudflare and not the local server) Link to comment Share on other sites More sharing options...
Luke 37060 Posted June 1, 2022 Share Posted June 1, 2022 Hi, @SamES can elaborate more but I think the limited SSL support on these Samsung TV's is still going to be a problem. Link to comment Share on other sites More sharing options...
appboxemby 0 Posted June 1, 2022 Author Share Posted June 1, 2022 i have the feeling you are right, i was really just hoping a legit cert on cloudflare + the rev proxy would be able to fix this. i am not having any success. Link to comment Share on other sites More sharing options...
SamES 890 Posted June 2, 2022 Share Posted June 2, 2022 10 hours ago, appboxemby said: so i built a pretty basic setup to get to my emby server in my house. i bought a domain on cloudflare, which comes with the free ssl cert. i then pointed the domain to my server at home. that server is a truenas scale host with a traefik reverse proxy and emby in a docker container. everything works fine on my android phone and other computers and such. however, my samsung TV does not want to allow the SSL connection on port 443. i know that the certs on the samsung tv expired forever ago and samsung has not pushed an app update, but i didnt think i needed samsungs cert. that was the whole point of paying for a domain with a cert attached - i wanted to use that one, which i confirmed works on just about every other platform. do u guys know what is wrong? (fyi, i have the network settings in emby [secure connection mode] set to be handled by rev proxy. i left the cert fields blank bc the certs are hosted on cloudflare and not the local server) What model is your TV, how old is it? Luke is right regarding limited ssl cert support on Samsung TV's although I would have thought Cloudflare would be supported depending on the age of the TV Link to comment Share on other sites More sharing options...
appboxemby 0 Posted June 2, 2022 Author Share Posted June 2, 2022 the tv is a 2016. model # UN55KU6300F. im also having this issue on a newer LG. Link to comment Share on other sites More sharing options...
SamES 890 Posted June 2, 2022 Share Posted June 2, 2022 (edited) 1 hour ago, appboxemby said: the tv is a 2016. model # UN55KU6300F. im also having this issue on a newer LG. Based on it's age, it's quite possible that its Cloudflare certificates have either expired, or didn't ever exist. We have no way of knowing. I know you have already gone down this path, but ZeroSSL is a provider that most people have had recent success with on TV's. It could be worth trying. Edited June 2, 2022 by SamES Link to comment Share on other sites More sharing options...
appboxemby 0 Posted June 2, 2022 Author Share Posted June 2, 2022 im noticing that zerossl only gives me three 90-day certs for free, then they make me pay. is that what everyone else is doing to make this work? Link to comment Share on other sites More sharing options...
SamES 890 Posted June 2, 2022 Share Posted June 2, 2022 14 minutes ago, appboxemby said: im noticing that zerossl only gives me three 90-day certs for free, then they make me pay. is that what everyone else is doing to make this work? I'm not sure, but search zerossl on the forums and you'll find the active threads. Link to comment Share on other sites More sharing options...
keithsrobertson 4 Posted June 3, 2022 Share Posted June 3, 2022 Could try generating a 10 year self signed ssl cert. I posted up about doing so with my Qnap, so maybe some of those steps might help you: Link to comment Share on other sites More sharing options...
appboxemby 0 Posted June 3, 2022 Author Share Posted June 3, 2022 holy crap i think that actually worked! i have 2 questions just to make sure: 1. if i am only forwarding port 8920 on my router, that is forcing all remote connections over https, correct? 2. what did u set your Secure Connection Mode to? it wasnt screenshotted in your guide (which was AMAZING btw). as a followup to #1, since i am only allowing incoming connecitons on 8920, does this setting even matter? thanks so much for the help!! 1st one to solve this problem!! Link to comment Share on other sites More sharing options...
keithsrobertson 4 Posted June 3, 2022 Share Posted June 3, 2022 yes 8920 is for using secure port SSL https:// I left the default ports in the network section as 8096 for http and 8920 for https, i set secure as preferred but not required as I have local lan users who use http, but the external users are all given the ddns address and use https and port 8920 for ssl Link to comment Share on other sites More sharing options...
appboxemby 0 Posted June 3, 2022 Author Share Posted June 3, 2022 reason i ask is i am trying to connect with the TVs (obviously), and in the server address bar im just typing subdomain.ddns.net and using 8920 for the port. i am NOT including the https:// in the address. just double checking to make sure im not messing this up as emby does not give me any indication in the dashboard who is connected securely and who is not. Link to comment Share on other sites More sharing options...
keithsrobertson 4 Posted June 3, 2022 Share Posted June 3, 2022 Yes I noticed that as well that there isnt any visible indicator to say if a user is connected securely or not. Perhaps a little padlock icon can be shown over the users device or something in future. For my local tv downstairs, on the same lan i just use the http://, the local ip address and port 8096. For users outside the lan, they specify the https:// and the ddns domain and 8920 port in the emby app Link to comment Share on other sites More sharing options...
appboxemby 0 Posted June 3, 2022 Author Share Posted June 3, 2022 i am actually going to update my previous post by saying it isnt working. reason i say that is, when i change the "Secure connection mode" to "required" i lose my connection, even on port 8920. but when i say "preferred" its totally fine, making me think emby is downgrading it. also, when i try to connect through my browser so i can examine the cert, firefox gives me this error when trying the ssl connection: "SSL_ERROR_RX_RECORD_TOO_LONG". when i connect through firefox with just subdomain.ddns.net:8920 i get an unencrypted connection. so im thinking even though i have that 10 yr old cert on the server, im not getting a secure connection. Link to comment Share on other sites More sharing options...
Luke 37060 Posted June 3, 2022 Share Posted June 3, 2022 Quote but when i say "preferred" its totally fine, making me think emby is downgrading it. That just means it will allow connections over plain http, which is what might be happening. Link to comment Share on other sites More sharing options...
appboxemby 0 Posted June 3, 2022 Author Share Posted June 3, 2022 thats whats worrying me, bc right now i am only forwarding port 8920 but i am still getting http connections. Link to comment Share on other sites More sharing options...
Luke 37060 Posted June 3, 2022 Share Posted June 3, 2022 2 hours ago, appboxemby said: thats whats worrying me, bc right now i am only forwarding port 8920 but i am still getting http connections. If you look at your server dashboard it will show the remote address. That is the address that Emby apps will be trying to use. Link to comment Share on other sites More sharing options...
SamES 890 Posted June 3, 2022 Share Posted June 3, 2022 And try adding https:// to the server url on the client Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now