Blam84 13 Posted May 9 Share Posted May 9 I'd like to share my Emby library and need a tutorial. I have already setup external access and just need to create a new user and share. Any help would be really appreciate. Thanks! Link to comment Share on other sites More sharing options...
pwhodges 1540 Posted May 9 Share Posted May 9 What do you need help for - what are you failing to do? Paul Link to comment Share on other sites More sharing options...
Blam84 13 Posted May 10 Author Share Posted May 10 3 hours ago, pwhodges said: What do you need help for - what are you failing to do? Paul No problems, just want to make sure I follow best practices. Link to comment Share on other sites More sharing options...
Luke 37269 Posted May 10 Share Posted May 10 What have you done so far? Link to comment Share on other sites More sharing options...
pwhodges 1540 Posted May 10 Share Posted May 10 I'm not sure how "best practice" applies, really. You want to create a user - do it. You want to give the user access to specific libraries - do it. And so on. No one's going to judge how you do it. Emby is a personal (and family) server, and: "Your media, your way" is an Emby slogan. Paul Link to comment Share on other sites More sharing options...
Q-Droid 670 Posted May 10 Share Posted May 10 Best practices? 1. Enable TLS/HTTPS 2. Use a reverse proxy if you can and know how to do it. If you don't know how look into Caddy and use a reverse proxy. 3. Force all users to have passwords. 4. Don't allow remote access for Admin accounts. If you do then make sure the passwords are strong. 5. Don't show users on the remote login page. 6. Don't show admin users on any login page. 7. Don't use the name Admin for your main admin user. 2 3 Link to comment Share on other sites More sharing options...
Blam84 13 Posted May 10 Author Share Posted May 10 39 minutes ago, Q-Droid said: Best practices? 1. Enable TLS/HTTPS 2. Use a reverse proxy if you can and know how to do it. If you don't know how look into Caddy and use a reverse proxy. 3. Force all users to have passwords. 4. Don't allow remote access for Admin accounts. If you do then make sure the passwords are strong. 5. Don't show users on the remote login page. 6. Don't show admin users on any login page. 7. Don't use the name Admin for your main admin user. Thanks for these thoughts. The one thing you didn't mention is whether users should have email addresses so they access using Emby connect? Or whether I should share the external IP address? Link to comment Share on other sites More sharing options...
pwhodges 1540 Posted May 10 Share Posted May 10 If you're going to add a certificate for https, you'll need a domain name anyway (https pretty much requires it). There's very little security in not giving out an IP address; they get scanned all the time in any case. To my mind Connect is just an added complication - but for some people it seems to work. You could, I suppose, ask your family/friends if they want to make a login at Emby just to access your server (there's no technical advantage - unlike Plex, the data never goes through Emby's servers). Paul 1 1 Link to comment Share on other sites More sharing options...
rbjtech 4337 Posted May 10 Share Posted May 10 4 hours ago, Q-Droid said: Best practices? 1. Enable TLS/HTTPS 2. Use a reverse proxy if you can and know how to do it. If you don't know how look into Caddy and use a reverse proxy. 3. Force all users to have passwords. 4. Don't allow remote access for Admin accounts. If you do then make sure the passwords are strong. 5. Don't show users on the remote login page. 6. Don't show admin users on any login page. 7. Don't use the name Admin for your main admin user. @Abobader Did you ever manage to talk to @Lukeabout having a 'security' section in the forum ? Info such as the above would be perfect as a sticky to give people up to date guidance on what is the recommended minimum acceptable level of 'security best practice' in 2024. We could have sub-sections for Reverse Proxy questions - nginx, caddy, IIS etc etc For general security questions - we can then just redirect users to that forum section if they have not found it themselves ... 1 2 Link to comment Share on other sites More sharing options...
Q-Droid 670 Posted May 10 Share Posted May 10 8 hours ago, Blam84 said: Thanks for these thoughts. The one thing you didn't mention is whether users should have email addresses so they access using Emby connect? Or whether I should share the external IP address? With a free domain and DDNS you can also get TLS certificates and share only the one domain name with your users. Emby Connect would then have no advantage and neither you or your users would have to register with a 3rd party service. Link to comment Share on other sites More sharing options...
Abobader 2959 Posted May 11 Share Posted May 11 19 hours ago, rbjtech said: Did you ever manage to talk to @Lukeabout having a 'security' section in the forum ? Info such as the above would be perfect as a sticky to give people up to date guidance on what is the recommended minimum acceptable level of 'security best practice' in 2024. We could have sub-sections for Reverse Proxy questions - nginx, caddy, IIS etc etc For general security questions - we can then just redirect users to that forum section if they have not found it themselves ... Not within private talk, but I mention them on the other thread, but seem they are not interesting, as for me I am with this idea and indeed a good one. 1 1 Link to comment Share on other sites More sharing options...
DouglyBoss 0 Posted Saturday at 02:42 AM Share Posted Saturday at 02:42 AM Reading this topic and being a complete newb at this… I’m assuming I’ve done something wrong or ill advised by simply using the remote setup already in Emby when I created my new server? 1. I just enabled remote usage and tested it via my phone by going to my ip and port while not on WiFi. Got access to the login page so I know it worked. 2. Disabled remote access for my admin account. 3. Removed user names from remote login pages and apps they’ve never signed in with. Is this bad, and if so, maybe a warning of some time should be included under the enable remote access option in Emby to let a new user like myself know that these are not recommend but will work? Again, I’m honestly curious because I’m so new at this. I’m currently testing Plex and Emby on a laptop as I buy the pieces for an unRAID build where I”m leaning toward using Emby. Thank you Link to comment Share on other sites More sharing options...
Q-Droid 670 Posted Saturday at 12:13 PM Share Posted Saturday at 12:13 PM It's not bad, just far from ideal. You're using the product as was intended. For the cyber security minded your server doesn't have the basic safeguards for allowing external access to an application on your network. The good thing is you're pretty close and the next steps would be to get a domain name whether paid or free DDNS and TLS certificates configured to check a couple more boxes. You can keep going until your media server is Ft. Knox or stop once you have the basics in place. Link to comment Share on other sites More sharing options...
DouglyBoss 0 Posted Saturday at 12:29 PM Share Posted Saturday at 12:29 PM Thanks, I’m just using it to test for now. I did find a guide for doing reverse proxy once I get setup on unRaid that I’m going to attempt to follow and do but in the meantime I was getting concerned about just using the app as it was presented to me during setup. Thanks for the response. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now