Jump to content

Emby Server over IPv6


Guest hirny199
Go to solution Solved by Guest hirny199,

Recommended Posts

Guest hirny199

hello,

i checked my DNS config with the Domain Support.

The Support sayd that the DNS Record is fine, also the AAAA Check with MXToolbox is now green.

But i cant connect via the Domainname, the Support means that my Server Refuses the Connection.

@cayars

Daniel

Link to comment
Share on other sites

OK if you can connect remotely on port 8096 by domain name on IPv6 that would seem to indicate it's cert related.

Oh wait, when you say you could connect via http://[ipv6]:8096 was that using the domain or you typing out the actual IP address?

We need to make sure you can connect via http://domain.ext:8096 where domain.ext or your subdomain sub-name.domain.ext is used.  This will let us know if it's a DNS issue or past that leaving pretty much a cert related issue.

Carlo

Link to comment
Share on other sites

Guest hirny199

with http://[ipv6]:8096 i mean the IP not the Domainname. @cayars

The Support of my Domain says the DNS Record is correct but my Server dont Accept the Connection.

The AAAA Lookup over MXToolbox gives me the right IP, also the nslookup does

Link to comment
Share on other sites

If the domain is pointing correct you should be able to use http://domain.ext:8096

If that's not working I would recheck your network menu items in Emby.

If you like take a screen shot or two of the settings and PM them to me and I'll take a look for you.
I could also TeamView in for a quick look and test or two to help you get this setup.

Either way send me a PM.

Carlo

Link to comment
Share on other sites

Got your PM today.  Try setting the local port for secured connections back to the default of 8920 leaving 443 for public port.  Then setup port forwarding so it's like this:
WAN:443 to Server_IP:8920.

I try to always have Emby listening internally for 8096 & 8920 (local ports) while setting up the public ports to whatever I need then on the router map those public ports from the WAN side to the Emby Server back to it's default ports.

You will need to add your domain back again as well as your cert info.  To avoid issue of the root domain without host/subdomain I would make sure you have an A or C record "media" so you can use media.domain.ext and then generate a cert for media.domain.ext as well.  Alternately you can generate a wild card cert that will work for everything using your domain.

It should work after configuring things this way.

Carlo

Link to comment
Share on other sites

Guest hirny199

Hello,

I changed the port 443 back to 8920 and created a cert via certbot with this commands:

 sudo certbot certonly --standalone -d sub.mydomain.de

sudo openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx
 

I set a Password for the cert and filled the PW and cert Path in the Emby Network Settings.

Emby accepts the cert without Error Messages.

With IPv6 i cant forward Ports to internal Ports or im wrong ? 

When i ping the Domain, the IPv6 i receive is right but i already cant access via sub.mydomain.de or sub.mydomain.de:8920

I still receive "the Website is not available"

 

Is it possible that the Emby User dont have enougt Permissions to Access the cert File ?

 

Daniel

Link to comment
Share on other sites

You can test https internally using the IPv6 address. 

You still have to allow the inbound connection for the Emby port on the router firewall. It's not port forwarding but very similar. 

 

Link to comment
Share on other sites

Guest hirny199

hello,

when i try to connect in my home Network over https://[ipv6] or https://[ipv6]:8920 the Browser says "Connection Refused"

In my FritzBox i have opened the Ports 80,443,8096 and 8920.

I opened Port 80 to generate the cert.

Daniel

Link to comment
Share on other sites

Emby server can't load the cert. Make sure the password is correct and the file can be accessed by the emby user (runtime process owner).

2022-09-22 17:23:02.640 Error App: Error loading cert from 

If you think those are correct then test the cert store from the command line:

openssl pkcs12 -in <path to pfx file> -nodes

Do not post any output.

Link to comment
Share on other sites

Guest hirny199

I changed the Direction and Owner of my cert File, now Emby shows the WAN Address as https://... 

If i Click on the Link or typing the Address manualy the following Message appears:

image.png.6858de355dbc270b22d0fc1cf6c51322.png

Link to comment
Share on other sites

Test again using the IPv6 which should work this time. Then verify the DNS name is resolving to the correct IP, which should be your server (real IP) and not your router WAN. 

 

Link to comment
Share on other sites

Guest hirny199

with https://[ipv6]:8920 i can now access Emby, the Browser says the cert is not valid but i think this is find because i try to connect over IPv6 not the Domainname.

The DNS Record should be correctly set because the nslookup to the Domainname over a Google DNS shows the right IPv6.

Link to comment
Share on other sites

Guest hirny199

The DNS Server in my LAN is my FritzBox so if i make a nslookup to my IPv6 without specify a DNS Resolver the FritzBox returns the fe80:.... (local IPv6) Address.

The Translation of the Errormessage Screenshot:

The Website is not available

Check if "emby.huber-server.de" contains Typing Errors

Try the following:

Run Windows-Network Diagnostics 

 

Or do you mean an other Error Message ? 

Link to comment
Share on other sites

Guest hirny199

At the moment i have a Friend here so i sayed him to open the Domainname in his Browser over his iPhone over Mobile Network.

With the iPhone my Friend can connect to the Server but when i test it with my Smartphone over Mobile Network i cant connect.

My Smartphone and the iPhone have IPv4 and v6 Addresses.

Link to comment
Share on other sites

Guest hirny199

I cleared my Browser Data and tryed it with a new Installed Browser, now it works, also over the Emby App it works.

 

Thank you so much Guys 😘 

If there are Questions open they can help others who see this Post say it if not the Post can be finaly closed.

Thanks to all they helped me 

Link to comment
Share on other sites

The lookup for your public domain should return the public address UNLESS you have local entries resolving to link local addrs on your LAN, possibly created for testing and with long TTL. The router should not associate the domain with your link local addr. 

You can test this with wget on your server. 

wget -dv https://<domain>:8920

 

Link to comment
Share on other sites

So you might still have some internal dns settings to fix. 

Won't necessarily affect remote access but could keep other things from working. 

 

Edited by Q-Droid
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...