tyr_88 4 Posted May 15, 2017 Share Posted May 15, 2017 (edited) it reads my IP totally different than what it is or emby reads it for login even that one I have to force through my (HTTP) IP as https:// for it to even work my WAN will not work DUC is as far I can get We are not allowed to modify or replace Routers this is strict I have never needed modification anyways we have the fastest up to date net in State on 100mb now it is the lowest package I made firewall rules TCP UDP no go The noip talks about port 80 it is open and fine Port attached to emby is dead link I will do video of it when I get time to install editing software I think they help much more than explaining in text Edited May 15, 2017 by tyr_88 Link to comment Share on other sites More sharing options...
hatharry 85 Posted May 16, 2017 Author Share Posted May 16, 2017 @@jordy, must be a *.ddns.net issue i will look it to it Link to comment Share on other sites More sharing options...
jordy 284 Posted May 16, 2017 Share Posted May 16, 2017 @@jordy, must be a *.ddns.net issue i will look it to it tks. If it makes any difference, it is a "Free" account, as in, it needs to be confirmed every 30 days to keep it valid & active. Link to comment Share on other sites More sharing options...
Luke 37065 Posted May 16, 2017 Share Posted May 16, 2017 @@ToddSexington you might be interested in this. Thanks. Link to comment Share on other sites More sharing options...
ToddSexington 1 Posted May 16, 2017 Share Posted May 16, 2017 Thanks for attempting to help Luke, I appreciate it. Hopefully I can get this up and running so that I can make a meaningful comparison to Plex. I can't even get the ports forwarded yet. When trying to forward to ending port 8096 on the LAN from starting port 80, I get the error message Remote port range [80-8920] is in used. Please select other ports When trying to forward starting port 80 to ending port 8920 with the WAN URL, I get the error: Remote port range [80-8920] is in used. Please select other ports. Should I be setting the public ports to 80 in the Advanced settings area instead of 8096 and 8920? Link to comment Share on other sites More sharing options...
Luke 37065 Posted May 16, 2017 Share Posted May 16, 2017 Why not just leave the ports at default? If you want to use port 80 externally when away from home, then you need to configure that as public port number, but you can't use the same values for both http and https. But in addition to that, you may also need to configure port forwarding in your router. Emby Server will try to do this automatically, but port 80 always brings additional complication so you may need to review it manually in your router setup. Link to comment Share on other sites More sharing options...
Tur0k 143 Posted May 16, 2017 Share Posted May 16, 2017 (edited) Yea, I would not do port translations if at all possible. I would recommend leaving the port configuration in your Emby server alone. To start I would recommend either setting up a static IP address on your Emby server or, if your router supports it DHCP reserve an IP address on your Emby server. This will ensure that your Emby server always gets the same IP address. If you are running on Windows, ensure that you are unblocking access on port 8096 and 8920 in your inbound rules of the advanced firewall rules menu. Let us know if you need help with this. At this point you should be able to access your Emby install within your home network. To allow access from the public Internet to your Emby server you would need to decide whether you want to allow unencrypted traffic through your firewall or only secured traffic. If you want to allow unencrypted traffic through your firewall you will need to create a port forwarding rule to forward traffic from port 8096 coming into your router to port 8096 of the IP address assigned to your Emby server. For secured traffic forwarding create a port forwarding rule for incoming port 8920 into your router to port 8920 of the IP address assigned to your Emby server. Let us know which router you own and someone on these forums likely has a similar unit and can help. This should be the basic steps to get you up and running. Sent from my iPhone using Tapatalk Edited May 16, 2017 by Tur0k Link to comment Share on other sites More sharing options...
ToddSexington 1 Posted May 16, 2017 Share Posted May 16, 2017 Thanks guys, I set up port forwarding on the router using the default ports, 8096 for http and 8920 for https. Settings in Emby are unchanged, 8096 to 8096 and 8920 to 8920. I manually connected with an Android client over cell data, so that's a success. As part of connecting by Android, it accepted an Emby certificate. Everything looks golden there. Now back to the iOS problem. I was trying to follow the script procedure at the top of this thread, but the port 80 part wasn't working. I'll switch to trying the method posted in the link. https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windows Link to comment Share on other sites More sharing options...
Tur0k 143 Posted May 16, 2017 Share Posted May 16, 2017 Thanks guys, I set up port forwarding on the router using the default ports, 8096 for http and 8920 for https. Settings in Emby are unchanged, 8096 to 8096 and 8920 to 8920. I manually connected with an Android client over cell data, so that's a success. As part of connecting by Android, it accepted an Emby certificate. Everything looks golden there. Now back to the iOS problem. I was trying to follow the script procedure at the top of this thread, but the port 80 part wasn't working. I'll switch to trying the method posted in the link. https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windows Ok, a few questions: 1. which OS version of IOS are you running? 2. Are you attempting to connect from inside your network or outside of it? 3. Are you using a FQDN (ex: mydomain.net)/DDNS (ex: mysubdomain.dyndns.org) or a physical IP address when attempting to connect? If so which type? Have you used Mxtoolbox to confirm the right ports are open? Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
ToddSexington 1 Posted May 16, 2017 Share Posted May 16, 2017 Ok, a few questions: 1. which OS version of IOS are you running? 10.3.1 (14E304) 2. Are you attempting to connect from inside your network or outside of it? Both. It's fine from inside via wifi, but can't do it from outside on cell data. 3. Are you using a FQDN (ex: mydomain.net)/DDNS (ex: mysubdomain.dyndns.org) or a physical IP address when attempting to connect? If so which type? I'm trying to use the external IP of the Emby server. It worked fine on Android. Not surprising that it's more difficult for Apple. Have you used Mxtoolbox to confirm the right ports are open? I think the ports are fine, it's the ssl certificate that seems to be the hangup. Sent from my iPhone using Tapatalk I am trying to follow the link, but it's way deeper than I thought. If I hit any more roadblocks, I might just abandon ship. Link to comment Share on other sites More sharing options...
Tur0k 143 Posted May 16, 2017 Share Posted May 16, 2017 (edited) That looks like a lot of work. I think this is doable if we go slow. Sent from my iPhone using Tapatalk Edited May 16, 2017 by Tur0k Link to comment Share on other sites More sharing options...
Tur0k 143 Posted May 16, 2017 Share Posted May 16, 2017 What step have you reached this far? Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Jdiesel 1114 Posted May 16, 2017 Share Posted May 16, 2017 Question, does the pfx need to be re-generated each time the LetsEncrypt certs are renewed? Link to comment Share on other sites More sharing options...
ToddSexington 1 Posted May 16, 2017 Share Posted May 16, 2017 (edited) What step have you reached this far? Sent from my iPhone using Tapatalk I've created a domain name. I've bound it to a directory on my C:. I've forwarded port 80 starting to port 80 ending. Canyouseeme can't seem to see this port. I've basically finished step 2. I would literally give you 20 bucks to remote in and help me in this monstrosity haha I think I may have missed something in the IIS part, I'm getting an error Automated configuration checks failed when trying step 3. Edited May 16, 2017 by ToddSexington Link to comment Share on other sites More sharing options...
Tur0k 143 Posted May 16, 2017 Share Posted May 16, 2017 I've created a domain name. I've bound it to a directory on my C:. I've forwarded port 80 starting to port 80 ending. Canyouseeme can't seem to see this port. I've basically finished step 2. I would literally give you 20 bucks to remote in and help me in this monstrosity haha Ok, that IIS site will sit logically between your router and the EMBY server application. If it is hosted on the same server you will need to do some port translations to get your configuration working. Send me a PM, I am about to leave work on vacation. I have a kindergarten informational meeting tonight for my kid but after that I am free. I am pretty sure we can knock this out pretty quickly. Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
tyr_88 4 Posted May 17, 2017 Share Posted May 17, 2017 (edited) Why not just leave the ports at default? If you want to use port 80 externally when away from home, then you need to configure that as public port number, but you can't use the same values for both http and https. But in addition to that, you may also need to configure port forwarding in your router. Emby Server will try to do this automatically, but port 80 always brings additional complication so you may need to review it manually in your router setup. MY default port will only work if I use my HTTP true IP and force HTTPS using its port 8920 No other IP including emby stock for my WAN IP nor the IP created from noip will work This is using 8920 & 80 I have the emby cert it makes when forced I don't see a need to open anything else ports are good Cannot make to the powershell step because of this as mentioned above or did I skip something I removed DUC already though man that thing buries some files and REG keys all in REG If I can figure out more advanced things which I have been studying since I am out of date but it's more new to media serve I would be happy to take on extensive explanations or video tutorials to help the community and bring new people in I find lots of post searching Luke seems to be a mid toss up between here and other Media sources. For now I am piddling with K just for the heck of it I am on standstill I may go talk to Brink on tenF he is a code Windows master Edited May 17, 2017 by tyr_88 Link to comment Share on other sites More sharing options...
ToddSexington 1 Posted May 17, 2017 Share Posted May 17, 2017 If Plex can run natively no sweat on iphone, there must be a way for Emby to do it seamlessly. An explanation or tutorial would be amazing, but someone at my user level might need a tutorial for the tutorial! I haven't done much deep config and setup stuff, and I'm feeling the pinch on that for sure. Link to comment Share on other sites More sharing options...
Luke 37065 Posted May 17, 2017 Share Posted May 17, 2017 If Plex can run natively no sweat on iphone, there must be a way for Emby to do it seamlessly. An explanation or tutorial would be amazing, but someone at my user level might need a tutorial for the tutorial! I haven't done much deep config and setup stuff, and I'm feeling the pinch on that for sure. Because they provide you with a domain name which they own that points to your ip address and they use that domain name to obtain a trusted cert. Emby works with SSL just fine, but you need a domain name and an SSL cert that your devices will accept, like LetsEncrypt for example. 1 Link to comment Share on other sites More sharing options...
Tur0k 143 Posted May 18, 2017 Share Posted May 18, 2017 (edited) MY default port will only work if I use my HTTP true IP and force HTTPS using its port 8920Are you attempting to access your Emby server via your local LAN or from the public Internet? Did you assign your Emby server a static IP address or DHCP Reserve an IP address for in your DHCP server on your firewall/router. Is your Emby server hosted on windows? If so you may be blocking inbound requests on 8096 if you didn't setup/enable an inbound advanced firewall rule. Sent from my iPhone using Tapatalk Edited May 18, 2017 by Tur0k Link to comment Share on other sites More sharing options...
Gronnie 8 Posted May 31, 2017 Share Posted May 31, 2017 (edited) Thanks for the script, got it working great with my existing free DDNS service (duckdns.org). I do have a couple questions though: 1. I couldn't get it working until I forwarded Port 80 to my server. Do I have to leave this port open now that the certificate is installed? I am using a different port than 80 for Emby SSL connection. 2. Do I need to periodically rerun the script to get a new certificate? How long is it good for and how do I know prior to it expiring to get a new one? Thanks again, this is awesome!!! Edited May 31, 2017 by Gronnie Link to comment Share on other sites More sharing options...
hatharry 85 Posted May 31, 2017 Author Share Posted May 31, 2017 @@Gronnie, port 80 is safe to close while the script is not running. Certs are valid for 90 days. Let's encrypt should hopefully send you an email or you can set a task. Rerun the script after the cert has expired. Link to comment Share on other sites More sharing options...
Gronnie 8 Posted May 31, 2017 Share Posted May 31, 2017 @@Gronnie, port 80 is safe to close while the script is not running. Certs are valid for 90 days. Let's encrypt should hopefully send you an email or you can set a task. Rerun the script after the cert has expired. Great, thanks for the reply. Will setting the script to run automatically every 89 days work, or does the cert have to be expired? If there is any downtime I will lose some WAF (wife approval factor) but I really want to only use SSL externally. Link to comment Share on other sites More sharing options...
jordy 284 Posted May 31, 2017 Share Posted May 31, 2017 @@hatharry, is there any difference between the Emby certificate and one issued by LetsEncrypt? Sent from my HUAWEI MT7-L09 using Tapatalk Link to comment Share on other sites More sharing options...
Swynol 375 Posted June 8, 2017 Share Posted June 8, 2017 @@hatharry, is there any difference between the Emby certificate and one issued by LetsEncrypt? Sent from my HUAWEI MT7-L09 using Tapatalk if you mean the cert that emby creates for you then yes there's a difference. emby uses a self signed cert. They both encrypt the traffic however a trusted cert from lets encrypt is verified using a CA (certificate authority) which means its trusted and all browsers trust it. If you use a self signed cert without importing it into your browser then you will get an error when HTTPS connecting to Emby, the error just says its a self signed cert and might not be trusted, you can click to continue to your emby site. Link to comment Share on other sites More sharing options...
Gronnie 8 Posted June 25, 2017 Share Posted June 25, 2017 if you mean the cert that emby creates for you then yes there's a difference. emby uses a self signed cert. They both encrypt the traffic however a trusted cert from lets encrypt is verified using a CA (certificate authority) which means its trusted and all browsers trust it. If you use a self signed cert without importing it into your browser then you will get an error when HTTPS connecting to Emby, the error just says its a self signed cert and might not be trusted, you can click to continue to your emby site. Except some of the apps (iOS being one of them) offer you no way of accepting the "untrusted" certificate, meaning you either get a certificate it will use or can't use SSL. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now