Jump to content

macOS Server Setup

acnp77

By acnp77
in MacOS

 Share
Go to solution Solved by acnp77,

Recommended Posts

acnp77

acnp77 65

Posted
Posted

@Luke

Hi,

I am running emby-server on a Mac mini, which is great for several reasons, but the default installation does not run emby as a service nor does it create a separate user.

I am looking to install the server via launchd or similar with separate user/privileges. Is there any best-practice/official guidelines for this? This seems to be a bit awkward due to MacOS restrictions.

Or should I simply create an additional user account in MacOS with less privileges, login the user and run emby-server?

Thanks a lot,

 

Emby-Server Version: 4.8.11 on MacOS 15.4.1

Server-HW: Mac mini M2 Pro

sfatula

sfatula 205

Posted
Posted

You could certainly create a different user and install it under that. user. You could also use docker or orbstack, or colima but you will lose the GPU, assuming you are using it now. 

You can use launchd, here's a post where a user did so. There might be changes needed but shouldn't be very hard. I have not created a new one yet, but will ion the next few weeks. 

 

 

  • Thanks 2
sfatula

sfatula 205

Posted
Posted

Ok, @Luke

For Emby server, does it fork and perhaps daemonize itself? It appears Emby and Launchd are not fully communicating about a restart triggered from within Emby.  But using launchd to start it is ideal as if Emby aborted for some reason, it can autorestart it. Maybe you are not daemonizing, so I am guessing your restart in the client or web interface from the dashboard actually does a sort of shutdown which means a 0 exit status (so launchd says all is well) and then starts it again via some method unknown to me, which then launchd loses track of it as it "stopped" with a normal exit status but it will never restart it on abort now as it thinks it exited ok. I presume whatever the method, it's a different process id?

Let me know. If you can tell me exactly how a restart from the dashboard works, might help.

I additionally find restart from the dashboard when using macos unreliable, another reason I'd like to know the technical details of HOW a client restarts emby.

In the meantime, I guess my rule is do not use the dashboard to restart Emby. Use MacOS to do so. 

  • Thanks 1
acnp77

acnp77 65

Posted
  • Author
Posted

@sfatulaThanks a lot for your reply.

As a simple first step I created an emby-user with restricted permissions on macOS, then login and start emby-server. This is already far better than just running it in the admin-user-context, I guess. I am now trying to start it via launchd, without login to the emby-user-account. I will post my results, as soon as done. Thanks for testing the server restart from emby-dasboard, I guess I will not be using this for now. To get it working via launched would be great, as I do not want to use any docker etc. because of GPU use and some other minor reasons.

Just a general thought: The Mac minis seem to be very efficient and capable emby-servers, so it would be great to be able to install the macOS Server versions a bit more "server-like" :)

sfatula

sfatula 205

Posted
Posted

Yes, I will be using one (mini) as an Emby server along with many docker containers and one homeassistant vm to replace an actual Xeon server. It will easily handle it and use like 1/10th the power. I do agree it would be nice to have a real installer for it as I was surprised it doesn't even start upon reboot. I'll be picking it up locally Monday evening. 

launchd can start jobs without logging in, those are launchdaemons not launchagents. Some sample commands on newer MACOS versions:

To "load" and run the launchdaemon so it starts now and whenever the system is booted:: launchctl bootstrap gui/`id -u` ~/Library/LaunchDaemons/com.fatula.emby.plist

To stop runing it at boot: launchctl bootout gui/`id -u` ~/Library/LaunchDaemons/com.fatula.emby.plist

To shutdown Emby but leave the launchdaemon for the next boot: launchctl kill SIGTERM gui/`id -u`/com.fatula.emby.plist

To Start emby if shutdown by the above or from the dashboard: launchctl kickstart gui/`id -u`/com.fatula.emby.plist

  • Thanks 1
acnp77

acnp77 65

Posted
  • Author
Posted

@Luke

I created a dedicated "emby" user with restricted permissions on MacOS 15.4. and created a plist-file to start emby-server via launchd at boot under the "emby" user. This seems to work fine.

Newer MacOS Versions have a few "annoying" features that need addressing for this to work properly and secure. (For example if the media is on external drives)

If anyone is interested, I am happy to post a guide, just let me know. (It might be necessary for someone to double-check, as I am not an expert in this area), but for me it works well.

It could be nice to integrate something like this into future macOS installers :)

  • Agree 1
  • Thanks 1
sfatula

sfatula 205

Posted
Posted

It's possible to script adding users via dscl so an installer could easily do that and use a LaunchDaemon. Just have to work a little on the restart process and it's golden.

BTW - you can stop opening the web browser on startup and the top bar by using -service and -noautorunwebapp but it probably doesn't matter for using emby as the user. 

Now if Luke can answer my question with logs I sent about M1 and GPU not working for anything at all I have tried...  

acnp77

acnp77 65

Posted
  • Author
Posted (edited)
8 hours ago, sfatula said:

BTW - you can stop opening the web browser on startup and the top bar by using -service and -noautorunwebapp but it probably doesn't matter for using emby as the user. 

I do not think this is necessary when starting the server via launchd. 

This is my plist-file: 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>org.emby.server</string>

    <key>ProgramArguments</key>
    <array>
        <string>/Applications/EmbyServer.app/Contents/MacOS/EmbyServer</string>
    </array>

    <key>UserName</key>
    <string>emby</string>

    <key>RunAtLoad</key>
    <true/>

    <key>KeepAlive</key>
    <true/>
</dict>
</plist>


I could not find any Safari (resp. default browser) process for the emby-user.

Edited by acnp77
acnp77

acnp77 65

Posted
  • Author
Posted (edited)

There is also a setting in general server settings called "launch the emby web app in my web browser when emby server starts"

Even with this option activated, I can not see any browser process, when starting emby-server via launchd. But I do not know how this works exactly.

 

Edited by acnp77
sfatula

sfatula 205

Posted
Posted (edited)
4 hours ago, acnp77 said:

There is also a setting in general server settings called "launch the emby web app in my web browser when emby server starts"

Even with this option activated, I can not see any browser process, when starting emby-server via launchd. But I do not know how this works exactly.

 

Yeah, the user isn't logged in. You would notice it if you were using your normal logged in user, possibly on a Mac reboot but most likely if you ever did an Emby restart (via MacOS). I was pointing it out as I see it's been asked before in other threads, so, to document it for any others. 

Here's my current plist: 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.fatula.emby.plist</string>

    <key>UserName</key>
    <string>sfatula</string>

    <key>GroupName</key>
    <string>staff</string>

    <key>Program</key>
    <string>/Applications/EmbyServer.app/Contents/MacOS/EmbyServer</string>
    
    <key>ProgramArguments</key>
    <array>
        <string>/Applications/EmbyServer.app/Contents/MacOS/EmbyServer</string>
        <string>-noautorunwebapp</string>
    </array>

    <key>RunAtLoad</key>
    <true />
        
    <key>StandardOutPath</key>
    <string>/tmp/emby-stdout.log</string>
        
    <key>StandardErrorPath</key>
    <string>/tmp/emby-stderr.log</string>
        
    <key>KeepAlive</key>
    <dict>
        <key>SuccessfulExit</key>
        <false />
    </dict>

	<key>ThrottleInterval</key>
	<integer>10</integer>
	
	<key>ProcessType</key>
	<string>Background</string>
	
	<key>AbandonProcessGroup</key>
	<false />
</dict>
</plist>

 

Edited by sfatula
acnp77

acnp77 65

Posted
  • Author
Posted
On 11/2/2025 at 8:56 PM, sfatula said:

Yeah, the user isn't logged in. You would notice it if you were using your normal logged in user, possibly on a Mac reboot but most likely if you ever did an Emby restart (via MacOS). I was pointing it out as I see it's been asked before in other threads, so, to document it for any others. 

You can check for running safari or other default browser processes under the emby user. I did not find any. So I assume that the browser did not start.

You could also just uncheck the option to start the browser in emby dashboard, if needed.

acnp77

acnp77 65

Posted
  • Author
Posted (edited)

@LukeI am trying to install a "NO-IP Vital encrypt DV" certificate that I got from NO-IP.

I plan to use the "OpenSSL CSR Wizard" from the Digicert Website to create the OpenSSL command and then create the CSR on my MacOS emby server machine with OpenSSL.

I have emby-server running via launchd with a dedicated emby-user.

Question: Under which user, admin or the non-admin emby-user should I create the CSR and store the certs?

I was thinking to do everything in the admin-account, and then copy or link the .pfx file (pw protected) to a directory that emby can access (e.g. emby-user home directory) - Does this make sense?

THANKS :)

 

Edited by acnp77
Luke Emby Team

Luke 41280

Posted
Posted

HI, I would think the admin user but please let us know how things do. Thanks.

  • Solution
acnp77

acnp77 65

Posted
  • Author
  • Solution
Posted
On 11/4/2025 at 9:28 PM, Luke said:

please let us know how things do

Here are the general steps that I used in short for MacOS emby server setup. Feel free to point in my direction if more details are needed.

Emby server  installation:

- install MacOS emby server as admin user in  "/Applications"  (do not start the server yet)
- create dedicated "emby" user with restricted permissions
- create plist-file to start emby-server via launchd as the "emby" user.
- start emby service via "launchctl load" (all config, db, user data, etc. will be stored in the "emby" user's home directory.)

SSL setup:

- Obtain the certificate
- Create CSR with openSSL (this will give you the .key and .csr file).
- Submit content of .csr file  to cert provider
- Download the cert (if possible as "PEM-chain")
- Move the .pem file to emby server
- Create .pfx file from .key and .pem file with openSSL (the .pfx will contain the key and cert combined)
- Make sure the .pfx file is accessible by emby (set ownership and permissions)
- Remove all cert-files except for the .pfx from emby-server after backing up in a safe place. Make sure not to share your private key.
- Go though network settings in emby server dashboard (e.g. add path to .pfx and enter password for the .pfx file)
- Restart emby server via launchctl unload/load


Hope this helps :)

  • Thanks 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...