Jump to content

HTTPS 8920 internal not running


Funkie
 Share

Recommended Posts

Hi @Luke

I am running emby server 4.7.5.0 on Ubuntu 20.04.4 LTS.

Not sure when this stopped working as I mainly access my server locally via http but setup HTTPS on port 8920 behind HAProxy and was working fine.

I saw an error no backend to emby in HAProxy so investigated and indeed I cannot access the server at all on https. 

If I curl from the emby server I get this error curl: (7) Failed to connect to localhost port 8920: Connection refused

Link to comment
Share on other sites

Hi there, let's look at an example: 

Thanks.

 

Link to comment
Share on other sites

Ok so this is all handled by your reverse proxy, so that's where you'll need to look into the issue. there's no evidence that the ssl attempt over localhost ever reached your emby server. Maybe don't use localhost for testing this and use an actual remote connection.

Link to comment
Share on other sites

@Luke the reverse proxy is only handling external traffic everything internally is going direct to the emby server port 8096 works but 8920 does not

a curl from the emby server rules out all other network traffic issues because its requesting itself curl: (7) Failed to connect to 192.168.3.36 port 8920: Connection refused

 

curl http://192.168.3.36:8096/web/index.html

<!DOCTYPE html>

<html data-appversion="4.7.5.0" data-culture="en-GB" lang="en" class="preload">

<head> etc

Link to comment
Share on other sites

Then you can't do that. You've configured ssl in emby to be handled by the reverse proxy so that's the only way you can use ssl.

Link to comment
Share on other sites

yes ssl is configured at the proxy and like I said it was working but the emby server is not responding on port 8920 so the proxy cannot reach it, I would expect the service to respond to a curl with an ssl error not connection refused

Link to comment
Share on other sites

Then I would look at your reverse proxy configuration, but you can't communicate directly with emby server on port 8920, not with the way you've configured it.

Link to comment
Share on other sites

Posted (edited)

@Luke

Hmm seems to be my understanding of what handled by reverse proxy does, the only way I can get this to work again is to add the cert domain and password details back into the network config of emby, I wasn't expecting to have to maintain certs at proxy and server levels but will investigate and test this further. Its working for now with certs in 2 places at least.

 

Can you delete this thread so my ip details, screenys and logs etc are not acceptable to every user.

Edited by Funkie
Link to comment
Share on other sites

I think you probably want to keep it handled by reverse proxy, but then figure out what's going on with your configuration.

Link to comment
Share on other sites

Q-Droid

Are you pointing haproxy to 8096? That's how it should work with your current settings. 

 

Edited for clarity. 

 

Edited by Q-Droid
Link to comment
Share on other sites

Just now, Q-Droid said:

Are you pointing haproxy to 8096? That's how it should work. 

 

@Q-Droid no, I have the HA backend pointing to the https port 8920, if I change this to 8096 I get the ssl handshake error

Link to comment
Share on other sites

Q-Droid

Haproxy is handling SSL and where the error is coming from, not Emby. The haproxy backend connection to Emby should be http, not https.

Link to comment
Share on other sites

@Q-Droid I guess that depends on if you are configured to pass though, terminate or end to end. My current config being end to end but downside is ssl in two places, will investigate if I can automate copying the ssl across during renewal. 

Link to comment
Share on other sites

Q-Droid

Exactly. If you want full end to end encryption then you have to install and enable SSL in both places. Passthru with haproxy for Emby is sort of a waste because it has no HA. 

Link to comment
Share on other sites

Q-Droid

Or, you could create a long life self signed cert to be used only between haproxy and Emby. Then only the front end would have to be renewed. 

Link to comment
Share on other sites

Posted (edited)
18 minutes ago, Q-Droid said:

Or, you could create a long life self signed cert to be used only between haproxy and Emby. Then only the front end would have to be renewed. 

@Q-Droid nice suggestion, will look into that, thanks mate.

Edited by Funkie
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...