msturtz 0 Posted September 22, 2022 Share Posted September 22, 2022 Hi -- since i'm running in a Jail (on TrueNAS Core 12, but not the plugin, just a new jail then "pkg install emby-server") with its own IP address, I'd like to put Emby on standard port numbers (80,443). I changed those settings. Of course then it wouldn't start. I can't find server.xml to change those port numbers back. But I did edit the RC script to run emby as root within the Jail. This might have some advantage... For example Emby should now be able to write to the media volume -- though I guess I'm not sure that's a good thing or not... But I don't love the idea... Feature request: Ability to start Emby as root so it can bind the port number(s), and then su() to a configured user... Link to comment Share on other sites More sharing options...
Luke 37064 Posted September 23, 2022 Share Posted September 23, 2022 Quote Feature request: Ability to start Emby as root so it can bind the port number(s), and then su() to a configured user... Hi, isn't this something you configure on the platform in terms of the way you start emby server? Link to comment Share on other sites More sharing options...
msturtz 0 Posted September 23, 2022 Author Share Posted September 23, 2022 UPDATE: I found /var/db/emby-server/config/system.xml (which didn't take long) and restored the default port numbers. As mentioned, I'm running Emby in a Jail on TrueNAS Core 12.0u8. I'm not using the plugin -- I built a Jail with VNET and its own IP, mounted my media volume, and did "pkg install emby-server". The rest is history. I found this forum post: https://www.truenas.com/community/threads/some-ports-are-blocked.91330/ -- basically, under the Jail Properties, set Securelevel to -1, and that allows me to set sysctl.conf net.inet.ip.portrange.reservedhigh=0 (I added net.inet.ip.portrange.reservedhigh=0 to /etc/sysctl.conf). Then start or restart the Jail. Once that's done, Emby can use port 80 and 443. Because I'm not exactly a BSD guy (far more comfortable on Linux), I don't know the practical consequences of setting Securelevel to -1. Emby runs on my home network, so from that perspective I'm not that worried -- however, I do plan to port-forward from the internet for external viewing. Link to comment Share on other sites More sharing options...
msturtz 0 Posted September 23, 2022 Author Share Posted September 23, 2022 3 minutes ago, Luke said: Hi, isn't this something you configure on the platform in terms of the way you start emby server? Hi Luke-- I'm just using the repository FreeBSD package, which defaults to starting emby as user 'emby' -- this is done in the RC startup script, not by Emby itself. On normal Unix platforms, only root can bind to ports below 1023, for somewhat historical security reasons that don't really mean anything anymore IMO. But applications like Apache HTTPD still manage to run on port 80, as a user other than Root... The way those apps do it is the application is initially started as root, it binds the port (and does whatever else required as superuser), and then it switches to the configured user, usually 'nobody' or 'apache'. See my additional reply below, I did find a workaround, though I'm not sure what the ramifications actually are. Link to comment Share on other sites More sharing options...
bolok 16 Posted September 25, 2022 Share Posted September 25, 2022 Generally speaking, what the emby process is listening on itself is kinda moot. You really wouldn't want to expose the jail itself to the internet. Ideally you'd can either handle it with a reverse proxy in front of the jail or portforward a random port on your router to your jail. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now