Outline to get a public domain and a publicly trusted SSL certificate is:
1. Open and forward port 8920 on your router to your Emby server.
A. Ensure that your Emby server always gets the same IP address on your internal network. This is done by either:
I. Statically IP addressing the server or
II. Set up a DHCP reserved IP address in the router's DHCP configuration.
B. I would also recommend not listing users on the login screen.
C. I would also recommend not using the name "Admin" or "administrator as the username of the administrative user account.
D. I would not recommend linking the administrative user account to your Emby connect account.
E. I would also recommend limiting the ability to delete media to non-administrative accounts.
2. Purchase a public domain. I pay google 12 dollars annually for mine.
NOTE: There are probably cheaper solutions, just make sure that they will allow you to have a public DNS that you can manage, and allow you to have SSL certificates issued for them.
3. Configure a public DNS on the above host with a DNS record that points to your house's DHCP assigned public IP address (this is sometimes called a DDNS, A+, or synthetic record).
A. Setup a DDNS client on a device in your network that will update the record if your public IP address changes. NOTE: most domain hosts will offer a software application. That can do this. Also, most home routers have DDNS client capabilities built in.
4. Purchase an SSL certificate from a trusted public CA. I hear RapidSSL is really cheap. I have seen comodo work. Here, I use Let's Encrypt. For let's encrypt you would need to setup an Acme client to keep your cert issued every 90 days.
A. Create a CSR on the Emby server.
B. Upload the CSR to the CA
C. Download the certificate once it is issued.
D. Possibly convert it to a PFX file.
E. Link the SSL certificate's location and password in your Emby Server.
1. You will likely need to pay annually for steps 2 and 4.
2. You will likely need to perform step 4D- 4E annually.
3. If you change operating systems or upgrade the OS you would need to create a new CSR and re-issue the SSL certificate.
I will add in the references that I have on how to do this once I get back home.
Sent from my iPhone using Tapatalk
Edited by Tur0k, 06 January 2018 - 11:02 PM.