Jump to content
afullmark

For SSL certificate setup to be an official Emby Wiki

Recommended Posts

afullmark

I first suggested this here: https://emby.media/community/index.php?/topic/54586-security-101-secure-connections/page-9&do=findComment&comment=572225

 

Could a complete guide to how to setup SSL with the emby server (Window, Mac...) be in the official wiki; it's all a bit fragmented currently and, I'm sure, quite off putting for non-technical folk moving from, say, plex – where SSL is all taken care of. There are probably a hundred and one methods, but if the wiki could focus on the recommended or preferred version that emby thinks best. 

 

Plus, it would make any solution slightly more official and give peace of mind, as opposed to finding a solution via the forums. 

 

This would need to be step-by-step with visual aids also. And address points (how-tos) for renewing SSL certificates etc. 

 

Yep, I still do believe that emby should fold all this SSL business into Emby Connect, and including the fee into the premium membership or as an add-on. I love the flexibility of emby but have never really moved over from plex because of the ease-of-use factor.  

Edited by afullmark
  • Like 7

Share this post


Link to post
Share on other sites
larsonDigital

Thanks for posting this.  I don't suppose by chance you know of a how-to (step-by-step) for using the Certify The Web app to install a Let's Encrypt SSL Certificate for Emby, do you?

  • Like 1

Share this post


Link to post
Share on other sites
Luke

Yes I agree we should offer something like this.

Share this post


Link to post
Share on other sites
larsonDigital

Thanks Luke!

 

Only problem for me is I don't know scripting or Linux, so it's pretty difficult for me to follow that procedure.  :( My situation is: I'm using Windows Server 2016 Standard (with Essentials Dashboard).  I used the Essentials Dashboard and the CertifyTheWeb app to easily setup Anywhere Access (RDP & VPN) using my own domain (https://remote.mydomain.com/remote).  So I guess I have a prerequisite question: Can I use the same Let's Encrypt SSL Certificate via CertifyTheWeb that I created for my remote access, or would I have to setup a separate one for Emby Media Server?

 

Thanks again for your help!

James

Share this post


Link to post
Share on other sites
larsonDigital

Another question: Since I already have a domain, a DDNS for my computer/server where Emby is installed, and a Let's Encrypt SSL Certificate, is it as easy as filling in the External domainCustom ssl certificate pathCertificate password, and Secure connection mode under Settings > Expert > Advanced section (see below)?

 

Thanks,

James

 

5b5e4e9c2b82a_Expert.jpg

Share this post


Link to post
Share on other sites
Luke

Yes.

Share this post


Link to post
Share on other sites
larsonDigital

Thanks for the quick reply Luke!  You rock!!   :o

 

Wow, that would be great if it is that easy!  So just to clarify, I'm already using my Let's Encrypt SSL Certificate for my Anywhere Access (VPN & RDP) to my Windows Server 2016.  I just don't know exactly how the Certificates work.  So I can use the same one I already have for my Emby Media Server connection?  I just want to clarify because I don't want to mess up what i already have set up.   :)

 

Thanks again Luke!

James

Share this post


Link to post
Share on other sites
Luke

If the domain attached to the cert is the same, yes.

Share this post


Link to post
Share on other sites
larsonDigital

I've been following this tutorial "Let's Encrypt, Emby Server, and Windows", except I skipped Step 4.8-4.13 because I think Emby Server can handle PFX files with passwords now (please correct me if I'm wrong).  I used a subdomain of my main domain, created a new "website" for it in IIS Manager called "Emby," created another Let's Encrypt SSL Certificate via CertifyTheWeb app, and plugged the resulting file/info into Emby Server.

 

External Domain: media.<mydomain>.com
SSL Certificate Path: <...>\SSLcertEmby.pfx
Password: <PFX file password>
Secure Connection: Required for all remote connections
 

I restarted the Emby Server and the Dashboard reports Remote (WAN) access: https://media.<mydomain>.com:8920/. Everything seemed to go well, but I can't access the site.  Can you think of anything I might have missed?

  • Like 1

Share this post


Link to post
Share on other sites
larsonDigital

Also, does Emby use Mono's web server or Microsoft's web server, Internet Information Services (IIS)?  Maybe that would make a difference here?

 

Thanks again,

James

Share this post


Link to post
Share on other sites
Luke

Can you attach the emby server log? Thanks.

Share this post


Link to post
Share on other sites
larsonDigital

Are you talking about this file: C:\Users\Administrator\AppData\Roaming\Emby-Server\programdata\logs\embyserver.txt?  or do you need all the others too?  There are six other files with numbers, like embyserver-63668246400.txt.

Share this post


Link to post
Share on other sites
Luke

Yes. The one from the time frame in which you tried to connect

Thanks.

Share this post


Link to post
Share on other sites
larsonDigital

Luke, can you tell me does Emby use Mono's web server or Microsoft's web server, Internet Information Services (IIS)? 

Share this post


Link to post
Share on other sites
Luke

Microsoft.

Share this post


Link to post
Share on other sites
Luke

The most recent log had no incoming https requests so it sounds like it's just not getting through to emby server.

Share this post


Link to post
Share on other sites
larsonDigital

The most recent log file was from this morning; I threw it in just in case, but the other two were from when I was trying to set it up and connect last night.  I think I may have tried to connect one time this morning, but I can't remember for sure now.

Share this post


Link to post
Share on other sites
Luke

Same with the other two.

Share this post


Link to post
Share on other sites
larsonDigital

Okay, so maybe things are getting through the router's firewall?  It seemed when I was doing the initial configuration of the server that I saw of list of ports that needed to be opened, or maybe I saw it in a tutorial.  Can you tell me what ports need to be forwarded/opened in the router's firewall?

Share this post


Link to post
Share on other sites
Luke

8920 for https, 8096 for http.

Share this post


Link to post
Share on other sites
larsonDigital

Is that for the Windows firewall, because I know those ports are open?  Are there any ports that need to be forwarded in my router?

 

Thanks,

James

Share this post


Link to post
Share on other sites
larsonDigital

Hey Luke, that was it!  I just needed to forward the 8920 port for https connection.  Thanks for your help!!

 

I can change that port, correct?  It doesn't have to be 8920 and 8096, right?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...