osuhickeys 0 Posted June 28, 2017 Share Posted June 28, 2017 I am having issues getting Emby to work on iOS with a reverse proxy. Remote (WAN) access shows the right URL https://mediabrowser.mydomain.net:443 in the dashboard. I can access the link by clicking on it there. I can access it just fine from iOS using Safari. I have "Report https as external address" checked. I cannot connect manually adding the server and port or by using "Emby Connect" from the iOS app. I am running on Windows. I have the Windows firewall disabled to rule it out for troubleshooting. I am using nginx as the reverse proxy. I have 6 other apps behind it all with no issue. Probably a newbie mistake. I did not see any other posts in the forum that seemed to address this. Running out of ideas at this point. Link to comment Share on other sites More sharing options...
Luke 37095 Posted June 28, 2017 Share Posted June 28, 2017 Hi, what SSL cert are you using? You need an SSL cert that the device will accept, and it won't accept the self signed cert included with Emby Server. I would suggest something like lets encrypt. @@pir8radio has a setup similar to yours. Link to comment Share on other sites More sharing options...
osuhickeys 0 Posted June 28, 2017 Author Share Posted June 28, 2017 Yes, I am using a self signed cert with nginx created with openSSL. So I need to create one with lets encrypt. Do I setup the cert in the server dashboard advanced settings and remove my current ones from the nginx config for this location I am guessing? Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted June 29, 2017 Share Posted June 29, 2017 (edited) Yes, I am using a self signed cert with nginx created with openSSL. So I need to create one with lets encrypt. Do I setup the cert in the server dashboard advanced settings and remove my current ones from the nginx config for this location I am guessing? You want to do the SSL through nginx, not emby... If you want to continue using nginx. The nginx server should connect to your emby with plain HTTP. Your issue is that you are using a Self Signed cert. Which is why Luke suggested lets encrypt.. But it can be any provider. Post your nginx config so we can make sure it's good too. Edited June 29, 2017 by pir8radio Link to comment Share on other sites More sharing options...
osuhickeys 0 Posted June 29, 2017 Author Share Posted June 29, 2017 Ok. Thanks for the info. I see others posting the same issue now. I was not connecting the dots since it worked from Safari on the iOS device, albeit with no artwork. I thought the app would be an easy install and config and would overcome the browser issue. I took a look at this. https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windows Seems like a lot of work to install IIS temporarily to generate a cert to use an iOS app. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted June 29, 2017 Share Posted June 29, 2017 (edited) You shouldnt have to do that, I used this to generate my CSR https://sslhelpdesk.com/ssltools/csr_generation.php This one is pretty cheap too, not sure the cost of lets encrypt.. But take a look here: https://www.ssls.com/lp/4.99-ssl-offer.html?gclid=CP37vrOA4tQCFQK1wAodx1kAUw Edited June 29, 2017 by pir8radio Link to comment Share on other sites More sharing options...
Swynol 375 Posted June 29, 2017 Share Posted June 29, 2017 @@osuhickeys you can use zeroSSL to create a free Lets Encrypt Cert - https://zerossl.com/ as pir8radio has said you need to configure NGINX your reverse proxy with the certificate and to listen on port 443. NGINX then forwards to emby over HTTP port 8096. In Emby Server dont set anything for HTTPS access. You need to port forward port 443 in your router to your NGINX server. i started a write up here - https://emby.media/community/index.php?/topic/44757-setting-up-ssl-for-emby-wip/ Link to comment Share on other sites More sharing options...
Swynol 375 Posted June 29, 2017 Share Posted June 29, 2017 the guide you linked to is good however its now slightly out of date. plus it describes a setup not using a reverse proxy. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted June 29, 2017 Share Posted June 29, 2017 (edited) Yea sorry I was short, I was posting from my phone. Did that answer your question @@osuhickeys ? If you are still stuck, or need help testing let us know! I just re-read your first post, if using nginx, your dashboard should NOT show :443 nginx should communicate with emby using HTTP so your dashboard should say something like Remote (WAN) access http://mediabrowser.mydomain.net:8096 and your nginx server should point to 127.0.0.1 (NOT localhost) if nginx is installed on the same PC as emby. Un-check "Report external address as https" let us know how it goes. Edited June 29, 2017 by pir8radio Link to comment Share on other sites More sharing options...
osuhickeys 0 Posted June 29, 2017 Author Share Posted June 29, 2017 My domain registrar only supports 600 second for TTL so sslforfree will not work. I was able to get zerossl to work; however, nginx does not appear to support pfx certs. I get untrusted cert errors trying to load the config. In addition I cannot seem to get DNS forward and masking to work from my domain registrar and emby with a browser. The forwarding and masking works as I can ping by name and get the right response, but I cannot seem to get nginx to reply. If I use the crt file from zerossl without masking it still shows unsecure as it is registered to one url from my domain registrar and the app is running on another from my dynamic DNS provider. So I was trying to use forwarding and masking from the domain registrar to resolve that., I stopped once I realized nginx does not support pfx certs as far as I can tell. I am sure there is a way to get this to work, but I have hit my limit on how much I am willing to do to get there. Really appreciate everyone's help. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted June 30, 2017 Share Posted June 30, 2017 (edited) My domain registrar only supports 600 second for TTL so sslforfree will not work. I was able to get zerossl to work; however, nginx does not appear to support pfx certs. I get untrusted cert errors trying to load the config. In addition I cannot seem to get DNS forward and masking to work from my domain registrar and emby with a browser. The forwarding and masking works as I can ping by name and get the right response, but I cannot seem to get nginx to reply. If I use the crt file from zerossl without masking it still shows unsecure as it is registered to one url from my domain registrar and the app is running on another from my dynamic DNS provider. So I was trying to use forwarding and masking from the domain registrar to resolve that., I stopped once I realized nginx does not support pfx certs as far as I can tell. I am sure there is a way to get this to work, but I have hit my limit on how much I am willing to do to get there. Really appreciate everyone's help. https://www.sslshopper.com/ssl-converter.html Or loose the reverse proxy (if you don't need it) and install your new cert directly on emby. Edited June 30, 2017 by pir8radio Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now