Sanctimonious 0 Posted May 7, 2023 Share Posted May 7, 2023 (edited) I know that there are a million threads on this, but I've been banging my head against this for a few months now so please don't flame me. I am about to give up. I followed the directions in this thread: I was able to get NGINX installed, but I think it is failing because I don't have the SSL files (ssl/pub.pem and ssl/pvt.pem). I have no idea how to get those or where to put them. The log only says: "A start job for unit nginx.service has finished with a failure. The job identifier is 69240 and the job result is failed." On the domain management page, there is a button that says "Get EAB key" which pops up a window with an "EAB Key ID" and a "EAB HMAC Key". Are these the values I put into pub.pem and pvt.pem? Do I just make a file with the value in this popup? Edited May 7, 2023 by Sanctimonious Link to comment Share on other sites More sharing options...
Luke 37067 Posted May 7, 2023 Share Posted May 7, 2023 Hi, what does your nginx config look like? @pir8radiohave you seen this message before? Link to comment Share on other sites More sharing options...
Sanctimonious 0 Posted May 7, 2023 Author Share Posted May 7, 2023 Thank you for the quick reply, Luke! It is identical to the one in that how-to thread. I just copied and pasted it in with no changes except my domain (line 70). Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted May 9, 2023 Share Posted May 9, 2023 (edited) On 5/7/2023 at 5:25 PM, Sanctimonious said: Thank you for the quick reply, Luke! It is identical to the one in that how-to thread. I just copied and pasted it in with no changes except my domain (line 70). yea you have to generate ssl certs and put their paths into that config.. there are tons of how to get a free ssl on the web i didnt add that to my how to.. here is one. https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/ Edited May 9, 2023 by pir8radio Link to comment Share on other sites More sharing options...
Sanctimonious 0 Posted May 13, 2023 Author Share Posted May 13, 2023 On 5/8/2023 at 7:20 PM, pir8radio said: yea you have to generate ssl certs and put their paths into that config.. there are tons of how to get a free ssl on the web i didnt add that to my how to.. here is one. https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/ Hello, I followed the instructions at that link, and got stuck at this step: sudo certbot --nginx -d example.com -d www.example.com I got this error: Error while running nginx -c /etc/nginx/nginx.conf -t. nginx: [emerg] cannot load certificate "/etc/nginx/ssl/pub.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/pub.pem, r) error:10000080:BIO routines::no such file) nginx: configuration file /etc/nginx/nginx.conf test failed The nginx plugin is not working; there may be problems with your existing configuration. The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] cannot load certificate "/etc/nginx/ssl/pub.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/pub.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n') I assume that's because the pub.pem file still doesn't exist...again, not sure how to get that or where to put it. Link to comment Share on other sites More sharing options...
Sanctimonious 0 Posted May 13, 2023 Author Share Posted May 13, 2023 Also, I tried to use Google, but they require ACME. Is your nginx example compatible with ACME? If so, how? @pir8radio Link to comment Share on other sites More sharing options...
rbjtech 4265 Posted May 13, 2023 Share Posted May 13, 2023 Is there any reason you are trying to use a reverse proxy over the standard emby web server ? (ie just port forwarding required) With respect, reverse proxies are moving into the move advanced side of https and web services and you should really know the networks and security concepts behind them. Following a 'guide' is potentially dangerous (leaving your system vulnerable) as that guide will have made a level of assumptions. Maybe try Caddy, I hear it is a lot easier to setup than NGINX. 1 Link to comment Share on other sites More sharing options...
kikinjo 162 Posted May 13, 2023 Share Posted May 13, 2023 Like rbjtech said, use Caddy, much simpler. Link to comment Share on other sites More sharing options...
Sanctimonious 0 Posted May 13, 2023 Author Share Posted May 13, 2023 (edited) Well I currently access it remotely by typing my IP in, and it's all unsecured. I don't know much about running a web server, but I thought this may be a good way to learn. Apparently not. Everything is just so opaque. If I could get an SSL certificate, it would work, but Google will issue them through ACME. I wouldn't know how to get pir8radio's config file to work with acme (right now, I can't get it to work at all). Is there any way to make a version of the config file that just...doesn't use SSL? I know that the problem with certbot is something extremely simple, but I just have no way to troubleshoot it. I spent hours last night googling it, uninstalling and reinstalling, etc. I bought a domain, but there's no way for an A entry to point to port 8096. I was hoping to get my domain name working, and add HTTPS. It can't be any less secure than it already is. As you suggested though, I'm right on the verge of giving up and just running it all unsecured. I will look into Caddy. Thank you. Edited May 13, 2023 by Sanctimonious Link to comment Share on other sites More sharing options...
justinrh 174 Posted May 14, 2023 Share Posted May 14, 2023 Domain names don't point to ports, they point to IP addresses. You supply the port in the URL. If you can get a cert, you can plug it into Emby and have an HTTPS connection w/o another layer of applications. Caddy is indeed easier (and it maintains the certs for you). Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now