HTTPS

[Spaceboy 2504]

hello, is it possible for someone to give a high level guide to getting https working? i use dyndns. cheers

[jabbera 23]

I don't think any clients support it yet. The browser does. Is this what you are looking for?

[pir8radio 1293]

Uh, it works just like non https.   Lets start with what port numbers do you use on your emby server?   

 

If you access your server now http://YourServer.dyn.com:8080    https shoudl be   https://YourServer.dyn.com:8920

[Spaceboy 2504]

@@jabbera A lot of clients do support it, I think only android doesn't now.

 

Sorry, I should have been more specific. No, I am fine with port forwarding been doing this for years, it's where the wiki says "In addition you can also supply your own custom SSL certificate. This is highly recommended for https usage. ". I don't know where I would get one of these (looking for recommendations) and then I'd need to know where to put it, what needs doing on the client etc. Using the server supplied one seems to generate an error in the client browser

[jabbera 23]

If you don't want an error in the browser you will need a certificate from a third part cert provider. I use namecheap.com

 

I don't think they will work with dynamic DNS on a domain you don't own. (Technically it would work but I don't know how they would issue you one since you don't own the domain.)

Buying a domain is pretty cheap, also from namecheap. I think .ninja is on sale for three bucks a year. (Spaceboy.ninja anyone?)

 

I don't know if namecheap offers dyndnsbut afraid.org does. (It's who I use) if you don't mind people creating their own su domains off yours it's free, otherwise 30 bucks a year. There may be better options then this. It's just who I use.

 

Once you get the cert from namecheap it's just a matter of setting the path in emby to use your cert. (note! If you are a Linux Emby hoster you may need to be more selective about your ssl cert provider)

[Cerothen 90]

If you don't want an error in the browser you will need a certificate from a third part cert provider. I use namecheap.com

 

I don't think they will work with dynamic DNS on a domain you don't own. (Technically it would work but I don't know how they would issue you one since you don't own the domain.)

Buying a domain is pretty cheap, also from namecheap. I think .ninja is on sale for three bucks a year. (Spaceboy.ninja anyone?)

 

I don't know if namecheap offers dyndnsbut afraid.org does. (It's who I use) if you don't mind people creating their own su domains off yours it's free, otherwise 30 bucks a year. There may be better options then this. It's just who I use.

 

Once you get the cert from namecheap it's just a matter of setting the path in emby to use your cert. (note! If you are a Linux Emby hoster you may need to be more selective about your ssl cert provider)

 

Namecheap does offer DynDNS (both as a dedicated client and with support for a number of routers). https://www.namecheap.com/support/knowledgebase/category.aspx/11/dynamic-dns

 

Additionally if your router doesn't explicitly support dyndns then it might support https://dnsomatic.com/ which can be used to update namecheap (and additional dyndns providers) I use DNSomatic to update OpenDNS and namecheap simultaneously.

[jabbera 23]

You misunderstood what I was saying. I wasn't saying SSL doesn't work with dynamic dns. I believe it won't work with dynamic dns with a domain you do not own. (AKA: you can't get a cert issued to: myhost.dyndns.org).

[Spaceboy 2504]

Cool, will take a look, cheers

[Spaceboy 2504]

Ok one more question actually

 

I think from what you have said that using the server generated cert the error I see in the browser doesn't mean it's not using ssl it just means the browser can't confirm the cert? It is still using ssl

 

And getting a 3rd p cert will complete that last step

[pir8radio 1293]

Yes..  The traffic is still encrypted..   But in order to get rid of the warning it has to be verified by a third party..     Its kind of like you making your own drivers license vs getting one from the government...   When the cops "look up" your real license all is good.    Your guests browsers "look up" the cert if the browser cant find it in a third party system, it warns them something could be shady.

Edited April 15, 2015 by pir8radio

[Spaceboy 2504]

cool, cheers!