Tutorial on Sharing my Emby Library?

[Blam84 13]

I'd like to share my Emby library and need a tutorial. I have already setup external access and just need to create a new user and share. Any help would be really appreciate. Thanks!

[pwhodges 1540]

What do you need help for - what are you failing to do?

Paul

[Blam84 13]

3 hours ago, pwhodges said:

What do you need help for - what are you failing to do?

Paul

No problems, just want to make sure I follow best practices.

[Luke 37262]

What have you done so far?

[pwhodges 1540]

I'm not sure how "best practice" applies, really.  You want to create a user - do it.  You want to give the user access to specific libraries - do it.  And so on.

No one's going to judge how you do it.  Emby is a personal (and family) server, and: "Your media, your way" is an Emby slogan.

Paul

[Q-Droid 670]

Best practices?
1. Enable TLS/HTTPS
2. Use a reverse proxy if you can and know how to do it. If you don't know how look into Caddy and use a reverse proxy.
3. Force all users to have passwords.
4. Don't allow remote access for Admin accounts. If you do then make sure the passwords are strong.
5. Don't show users on the remote login page.
6. Don't show admin users on any login page.
7. Don't use the name Admin for your main admin user.

 

[Blam84 13]

39 minutes ago, Q-Droid said:

Best practices?
1. Enable TLS/HTTPS
2. Use a reverse proxy if you can and know how to do it. If you don't know how look into Caddy and use a reverse proxy.
3. Force all users to have passwords.
4. Don't allow remote access for Admin accounts. If you do then make sure the passwords are strong.
5. Don't show users on the remote login page.
6. Don't show admin users on any login page.
7. Don't use the name Admin for your main admin user.

 

Thanks for these thoughts. The one thing you didn't mention is whether users should have email addresses so they access using Emby connect? Or whether I should share the external IP address?

[pwhodges 1540]

If you're going to add a certificate for https, you'll need a domain name anyway (https pretty much requires it).  There's very little security in not giving out an IP address; they get scanned all the time in any case.

To my mind Connect is just an added complication - but for some people it seems to work.  You could, I suppose, ask your family/friends if they want to make a login at Emby just to access your server (there's no technical advantage - unlike Plex, the data never goes through Emby's servers).

Paul

[rbjtech 4337]

4 hours ago, Q-Droid said:

Best practices?
1. Enable TLS/HTTPS
2. Use a reverse proxy if you can and know how to do it. If you don't know how look into Caddy and use a reverse proxy.
3. Force all users to have passwords.
4. Don't allow remote access for Admin accounts. If you do then make sure the passwords are strong.
5. Don't show users on the remote login page.
6. Don't show admin users on any login page.
7. Don't use the name Admin for your main admin user.

 

@Abobader

Did you ever manage to talk to @Lukeabout having a 'security' section in the forum ?

Info such as the above would be perfect as a sticky to give people up to date guidance on what is the recommended minimum acceptable level of 'security best practice' in 2024.

We could have sub-sections for Reverse Proxy questions - nginx, caddy, IIS etc etc

For general security questions - we can then just redirect users to that forum section if they have not found it themselves ...

[Q-Droid 670]

8 hours ago, Blam84 said:

Thanks for these thoughts. The one thing you didn't mention is whether users should have email addresses so they access using Emby connect? Or whether I should share the external IP address?

With a free domain and DDNS you can also get TLS certificates and share only the one domain name with your users. Emby Connect would then have no advantage and neither you or your users would have to register with a 3rd party service.

 

[Abobader 2959]

19 hours ago, rbjtech said:

Did you ever manage to talk to @Lukeabout having a 'security' section in the forum ?

Info such as the above would be perfect as a sticky to give people up to date guidance on what is the recommended minimum acceptable level of 'security best practice' in 2024.

We could have sub-sections for Reverse Proxy questions - nginx, caddy, IIS etc etc

For general security questions - we can then just redirect users to that forum section if they have not found it themselves ...

Not within private talk, but I mention them on the other thread, but seem they are not interesting, as for me I am with this idea and indeed a good one.

[DouglyBoss 0]

Reading this topic and being a complete newb at this… I’m assuming I’ve done something wrong or ill advised by simply using the remote setup already in Emby when I created my new server?

1. I just enabled remote usage and tested it via my phone by going to my ip and port while not on WiFi. Got access to the login page so I know it worked.

2. Disabled remote access for my admin account. 

3. Removed user names from remote login pages and apps they’ve never signed in with.

Is this bad, and if so, maybe a warning of some time should be included under the enable remote access option in Emby to let a new user like myself know that these are not recommend but will work? Again, I’m honestly curious because I’m so new at this. I’m currently testing Plex and Emby on a laptop as I buy the pieces for an unRAID build where I”m leaning toward using Emby.

Thank you 

[Q-Droid 670]

It's not bad, just far from ideal. You're using the product as was intended. For the cyber security minded your server doesn't have the basic safeguards for allowing external access to an application on your network. The good thing is you're pretty close and the next steps would be to get a domain name whether paid or free DDNS and TLS certificates configured to check a couple more boxes. You can keep going until your media server is Ft. Knox or stop once you have the basics in place.

 

[DouglyBoss 0]

Thanks, I’m just using it to test for now. I did find a guide for doing reverse proxy once I get setup on unRaid that I’m going to attempt to follow and do but in the meantime I was getting concerned about just using the app as it was presented to me during setup. Thanks for the response.