Jump to content

GUI port numbers


msturtz

Recommended Posts

Hi -- since i'm running in a Jail (on TrueNAS Core 12, but not the plugin, just a new jail then "pkg install emby-server") with its own IP address, I'd like to put Emby on standard port numbers (80,443).  I changed those settings.  Of course then it wouldn't start.  I can't find server.xml to change those port numbers back.  But I did edit the RC script to run emby as root within the Jail.

This might have some advantage...  For example Emby should now be able to write to the media volume -- though I guess I'm not sure that's a good thing or not...  But I don't love the idea...

Feature request:  Ability to start Emby as root so it can bind the port number(s), and then su() to a configured user...

Link to comment
Share on other sites

Quote

Feature request:  Ability to start Emby as root so it can bind the port number(s), and then su() to a configured user...

Hi, isn't this something you configure on the platform in terms of the way you start emby server?

Link to comment
Share on other sites

UPDATE:  I found /var/db/emby-server/config/system.xml (which didn't take long) and restored the default port numbers.

As mentioned, I'm running Emby in a Jail on TrueNAS Core 12.0u8.  I'm not using the plugin -- I built a Jail with VNET and its own IP, mounted my media volume, and did "pkg install emby-server".  The rest is history.

I found this forum post:  https://www.truenas.com/community/threads/some-ports-are-blocked.91330/  -- basically, under the Jail Properties, set Securelevel to -1, and that allows me to set sysctl.conf net.inet.ip.portrange.reservedhigh=0 (I added net.inet.ip.portrange.reservedhigh=0 to /etc/sysctl.conf).  Then start or restart the Jail.  Once that's done, Emby can use port 80 and 443.

Because I'm not exactly a BSD guy (far more comfortable on Linux), I don't know the practical consequences of setting Securelevel to -1.  Emby runs on my home network, so from that perspective I'm not that worried -- however, I do plan to port-forward from the internet for external viewing.

 

Link to comment
Share on other sites

3 minutes ago, Luke said:

Hi, isn't this something you configure on the platform in terms of the way you start emby server?

Hi Luke--

I'm just using the repository FreeBSD package, which defaults to starting emby as user 'emby' -- this is done in the RC startup script, not by Emby itself.  On normal Unix platforms, only root can bind to ports below 1023, for somewhat historical security reasons that don't really mean anything anymore IMO.

But applications like Apache HTTPD still manage to run on port 80, as a user other than Root...  The way those apps do it is the application is initially started as root, it binds the port (and does whatever else required as superuser), and then it switches to the configured user, usually 'nobody' or 'apache'.

See my additional reply below, I did find a workaround, though I'm not sure what the ramifications actually are.

Link to comment
Share on other sites

Generally speaking, what the emby process is listening on itself is kinda moot.  You really wouldn't want to expose the jail itself to the internet.  Ideally you'd can either handle it with a reverse proxy in front of the jail or portforward a random port on your router to your jail.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...