Jump to content
Sign in to follow this  
Guest petwri

secure public connection to emby server

Recommended Posts

Guest petwri

Hi there,

 

I am trying to access my Emby server from the "outside" world. To do so, I have configured the public port on my emby server instance as 8920 and left the field for the server-cert blank, hoping emby would provide its own. I did forward the port in my router. But sadly, nothing works. My browser keeps loading forever. Doing the same for the standard http-port, 8096, works like charm, however, unencrypted.

 

I am completely new to the whole SSL thing via http, is there anything else to do, or is there a tutorial on how to get my emby server public? Thanks!

  • Like 1

Share this post


Link to post
Share on other sites
ubelong2matt

SSL doesn't go over HTTP, it goes over HTTPS.  The "S" is for secure.  Try https://yourserveraddress:8920 and see if it works.  If you were using HTTPS before the address but didn't mention it then I apologize.

Share this post


Link to post
Share on other sites
Guest petwri

I did use the https of course. But then Chrome gives me a privacy error.

Share this post


Link to post
Share on other sites
thefirstofthe300

I did use the https of course. But then Chrome gives me a privacy error.

 

That privacy error is the expected Chrome behavior.  Emby provides a self-signed certificate.  I am a bit fuzzy on details but it goes something like this: Chrome only ships with keys for the major CA authorities (Comodo SSL, Let's Encrypt's CA, and a bunch of others) by default.  Since your cert is not signed using one of those keys, Chrome can't say for sure that the cert being used is secure; hence the privacy error.  If you don't want a privacy error to show up in Chrome, you can either import you cert into Chrome's cert store (will only work on that Chrome instance) or get a cert signed by a CA that Chrome ships by default.  I personally suggest the latter.  You can get a cert for free from Let's Encrypt or StartSSL or you can buy a cert.

Share this post


Link to post
Share on other sites
Guest petwri

That privacy error is the expected Chrome behavior.  Emby provides a self-signed certificate.  I am a bit fuzzy on details but it goes something like this: Chrome only ships with keys for the major CA authorities (Comodo SSL, Let's Encrypt's CA, and a bunch of others) by default.  Since your cert is not signed using one of those keys, Chrome can't say for sure that the cert being used is secure; hence the privacy error.  If you don't want a privacy error to show up in Chrome, you can either import you cert into Chrome's cert store (will only work on that Chrome instance) or get a cert signed by a CA that Chrome ships by default.  I personally suggest the latter.  You can get a cert for free from Let's Encrypt or StartSSL or you can buy a cert.

Thanks for the info, that's what I thought. Is there any tutorial on how to use let's encrypt with emby? Only found some for running an apache server.

Share this post


Link to post
Share on other sites
Night

You are correct thefirstofthe300 , that's the simple terms of SSL without goving in to revocation, CA; and so on.

 

weather or not your certificate is singed or not has no true security aspects of it. all that matter is how the selfsinged you made is created, TLS,SSL,2048 or 4096bit +++ . 

For my server i use a class 2 from startssl for my entire domain (I have a wildcard certificate).  

But i also filter everything in my firewall with special way of opening ports from a new location. (port knocking or a thirdparty server) 

Share this post


Link to post
Share on other sites
Banjo

weather or not your certificate is singed or not has no true security aspects of it. all that matter is how the selfsinged you made is created, TLS,SSL,2048 or 4096bit +++ . 

 

That is really not the case.  Signing has no effect on the cryptographic strength of the connection but it does impact security.  Let's say that you're using wifi in a cafe and someone has hijacked the access point.  With self-signed certs, they can man-in-the-middle your connection and neither your server nor client would be any the wiser.

 

Using a signed cert, you can know whether the connection is direct to the server or broken in the middle and the browser will warn you in this case.  

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...