Jump to content


secure public connection to emby server

ssl https secure access remote public

  • Please log in to reply
7 replies to this topic

#1 Guest_petwri_* OFFLINE  

Guest_petwri_*
  • Guests

Posted 03 May 2016 - 03:20 AM

Hi there,

 

I am trying to access my Emby server from the "outside" world. To do so, I have configured the public port on my emby server instance as 8920 and left the field for the server-cert blank, hoping emby would provide its own. I did forward the port in my router. But sadly, nothing works. My browser keeps loading forever. Doing the same for the standard http-port, 8096, works like charm, however, unencrypted.

 

I am completely new to the whole SSL thing via http, is there anything else to do, or is there a tutorial on how to get my emby server public? Thanks!


  • Maximus Naxsus likes this

#2 ubelong2matt OFFLINE  

ubelong2matt

    Member

  • Members
  • 21 posts
  • Local time: 06:38 AM

Posted 05 May 2016 - 10:15 PM

SSL doesn't go over HTTP, it goes over HTTPS.  The "S" is for secure.  Try https://yourserveraddress:8920 and see if it works.  If you were using HTTPS before the address but didn't mention it then I apologize.



#3 Guest_petwri_* OFFLINE  

Guest_petwri_*
  • Guests

Posted 17 May 2016 - 04:51 PM

I did use the https of course. But then Chrome gives me a privacy error.



#4 thefirstofthe300 OFFLINE  

thefirstofthe300

    Linux Geek

  • Members
  • 1323 posts
  • Local time: 04:38 AM
  • LocationEastern Oregon

Posted 18 May 2016 - 02:34 AM

I did use the https of course. But then Chrome gives me a privacy error.

 

That privacy error is the expected Chrome behavior.  Emby provides a self-signed certificate.  I am a bit fuzzy on details but it goes something like this: Chrome only ships with keys for the major CA authorities (Comodo SSL, Let's Encrypt's CA, and a bunch of others) by default.  Since your cert is not signed using one of those keys, Chrome can't say for sure that the cert being used is secure; hence the privacy error.  If you don't want a privacy error to show up in Chrome, you can either import you cert into Chrome's cert store (will only work on that Chrome instance) or get a cert signed by a CA that Chrome ships by default.  I personally suggest the latter.  You can get a cert for free from Let's Encrypt or StartSSL or you can buy a cert.



#5 Guest_petwri_* OFFLINE  

Guest_petwri_*
  • Guests

Posted 22 May 2016 - 07:03 AM

That privacy error is the expected Chrome behavior.  Emby provides a self-signed certificate.  I am a bit fuzzy on details but it goes something like this: Chrome only ships with keys for the major CA authorities (Comodo SSL, Let's Encrypt's CA, and a bunch of others) by default.  Since your cert is not signed using one of those keys, Chrome can't say for sure that the cert being used is secure; hence the privacy error.  If you don't want a privacy error to show up in Chrome, you can either import you cert into Chrome's cert store (will only work on that Chrome instance) or get a cert signed by a CA that Chrome ships by default.  I personally suggest the latter.  You can get a cert for free from Let's Encrypt or StartSSL or you can buy a cert.

Thanks for the info, that's what I thought. Is there any tutorial on how to use let's encrypt with emby? Only found some for running an apache server.



#6 Shrom OFFLINE  

Shrom

    Advanced Member

  • Members
  • 56 posts
  • Local time: 01:38 PM

Posted 22 May 2016 - 10:24 AM

@petwri you should see this : http://emby.media/co...newal-for-emby/.

 

You just have to create it with --certonly --standalone and use my script then;)

 

MY config : put a custom port on emby then specified a pfx who has generated with my script ;)

 

mp me is necessary ;)



#7 Night OFFLINE  

Night

    Advanced Member

  • Alpha Testers
  • 128 posts
  • Local time: 01:38 PM

Posted 24 May 2016 - 09:10 AM

You are correct thefirstofthe300 , that's the simple terms of SSL without goving in to revocation, CA; and so on.

 

weather or not your certificate is singed or not has no true security aspects of it. all that matter is how the selfsinged you made is created, TLS,SSL,2048 or 4096bit +++ . 

For my server i use a class 2 from startssl for my entire domain (I have a wildcard certificate).  

But i also filter everything in my firewall with special way of opening ports from a new location. (port knocking or a thirdparty server) 



#8 Banjo OFFLINE  

Banjo

    Advanced Member

  • Members
  • 45 posts
  • Local time: 11:38 AM

Posted 03 June 2016 - 12:51 PM

weather or not your certificate is singed or not has no true security aspects of it. all that matter is how the selfsinged you made is created, TLS,SSL,2048 or 4096bit +++ . 

 

That is really not the case.  Signing has no effect on the cryptographic strength of the connection but it does impact security.  Let's say that you're using wifi in a cafe and someone has hijacked the access point.  With self-signed certs, they can man-in-the-middle your connection and neither your server nor client would be any the wiser.

 

Using a signed cert, you can know whether the connection is direct to the server or broken in the middle and the browser will warn you in this case.  







Also tagged with one or more of these keywords: ssl, https, secure, access, remote, public

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users