oRBIT 0 Posted May 14, 2018 Share Posted May 14, 2018 I just tried out Emby and it looks nice, my problem is that is seems to be wide open. I don't even need to login anywhere, if I know the URL, it just gives me my moviecollection.. I can't disable external access, when i try and disable it it just says "to enable https for external connections, you'll need to supply a trusted certificate...." and the setting is never saved. Neither is the uPnP-setting, it gives the same error-message. Is there a guide how to secure Emby properly? Thanks Link to comment Share on other sites More sharing options...
Luke 38093 Posted May 14, 2018 Share Posted May 14, 2018 I just tried out Emby and it looks nice, my problem is that is seems to be wide open. I don't even need to login anywhere, if I know the URL, it just gives me my moviecollection.. I can't disable external access, when i try and disable it it just says "to enable https for external connections, you'll need to supply a trusted certificate...." and the setting is never saved. Neither is the uPnP-setting, it gives the same error-message. Is there a guide how to secure Emby properly? Thanks It looks like you set the option to require secure connections, but you can't do that without an SSL cert. So first, change that setting back to default and then you'll be able to save the options on that page. Thanks. Link to comment Share on other sites More sharing options...
oRBIT 0 Posted May 14, 2018 Author Share Posted May 14, 2018 it's set to "prefered but not required"? Link to comment Share on other sites More sharing options...
Luke 38093 Posted May 14, 2018 Share Posted May 14, 2018 That also requires an SSL cert, so you will need to set it to disabled. Link to comment Share on other sites More sharing options...
oRBIT 0 Posted May 14, 2018 Author Share Posted May 14, 2018 Ok, thanks, that did the trick. One down, one to go.. How do I secure the accounts so I need to login when accessing my collection? Link to comment Share on other sites More sharing options...
Luke 38093 Posted May 14, 2018 Share Posted May 14, 2018 Just give them passwords. You can learn more by checking out our user wiki: https://github.com/MediaBrowser/Wiki/wiki/Passwords Thanks. Link to comment Share on other sites More sharing options...
ebr 15233 Posted May 14, 2018 Share Posted May 14, 2018 ...and don't check the "Remember Me" checkbox when you do log in. Link to comment Share on other sites More sharing options...
majorsl 20 Posted May 18, 2018 Share Posted May 18, 2018 Since you're in the Synology forum, I assume you're using one. If you have a cert for your Synology, or even using the self-signed one, and want https for Emby, you can use the reverse proxy under Application Portal in DSM. Once setup, the Synology handles the https and cert so you don't have to muck around with certs in Emby. Mine looks like this (screenshot): 1 Link to comment Share on other sites More sharing options...
demotic 0 Posted May 19, 2018 Share Posted May 19, 2018 majorsl thanks for the post. I'm trying to set this up on my synology (very new to this), can you show us what settings you've changed on the emby side to get this working please? Regards Link to comment Share on other sites More sharing options...
majorsl 20 Posted May 19, 2018 Share Posted May 19, 2018 No settings on the Emby side, actually - which is the nice part. Only the Synology. The source is what you're going to actually connect via https to whatever IP or dns name your synology is. I pickup port 8921 because it was available and it was "one up" from Emby's preferred https port. I'm not using Emby's secure port, but if I wanted to play with that in the future, I didn't want to use the same one and have a conflict. Destination 8096 is Emby's default http unsecured port. Lets say my Synology's IP is 10.0.1.100 When you connect, you'll use https://10.0.1.100:8921 - the Synology will automatically reverse proxy that to Emby. Hopefully your Synology is behind a firewall, so you'll need to allow port 8921 connections from the outside world if you're using Emby from outside. Don't open port 8096 as that would defeat the purpose of this. I've tested this using the androidtv & roku clients in house (not really needed), and externally on my phone with the android app as well as various browsers. I don't have an Emby Connect account, so don't know if it works that way. 1 Link to comment Share on other sites More sharing options...
demotic 0 Posted May 19, 2018 Share Posted May 19, 2018 Thanks for that majorsI Got it all set up that way but not connecting so far, but i've got a feeling it that could be my virgin modem/router (seems to have a mind of it's own) Thanks very much for the pointers, i'll keep giving it a try. Link to comment Share on other sites More sharing options...
DSBenny 0 Posted June 12, 2018 Share Posted June 12, 2018 Thanks a lot - that's a very useful "How-to" Link to comment Share on other sites More sharing options...
Ninko 69 Posted March 2, 2019 Share Posted March 2, 2019 @@majorsl thanks for the info... Couple of things though, why ain't you passing the proxy onto Embys SECURE port? Also, in Emby, does remote connections need to be checked and if so do you need to select, handled by reverse proxy? Thanks Link to comment Share on other sites More sharing options...
majorsl 20 Posted March 3, 2019 Share Posted March 3, 2019 Hi! Well, there is no need to pass it onto the secure port and you'd probably have to get a cert working with Emby, and if you're going to do that why bother with this? With that said, my main goal was to have secure access from outside my home LAN. When we travel, our iPads, phones, computers, etc can have that secure connection. Inside the LAN, at home, you can use either connection, although I just setup everything for https. Yes, leave remote connections checked. But, just open what you chose for the secure connection in your firewall/router 8921 in the example above. Do NOT open the non-secure port 8096, you won't need it open externally. Hope that helps. Link to comment Share on other sites More sharing options...
Ninko 69 Posted March 3, 2019 Share Posted March 3, 2019 Thanks, I'm slowly learning. What about the Handled by reverse proxy option? Thanks Link to comment Share on other sites More sharing options...
Luke 38093 Posted March 3, 2019 Share Posted March 3, 2019 Thanks, I'm slowly learning. What about the Handled by reverse proxy option? Thanks Do you have a reverse proxy? Link to comment Share on other sites More sharing options...
Ninko 69 Posted March 3, 2019 Share Posted March 3, 2019 Isn't that what this topic has been about? Link to comment Share on other sites More sharing options...
CChris 58 Posted March 3, 2019 Share Posted March 3, 2019 Hi, I just want to show you how I did my setup.Port forwarding for 443 and 80 on my router to the synology disk stationOn Synology, I have setup a reverse Proxy and a virtual host:Reverse Proxy setting: Then, the Virtual Host settings:And the .htaccess file for the virtual host:This setup will allow me, that the connection will always use the secured https connection, even if I just try to connect on http.I have several other urls in my reverse Proxy - for different applications.This setup allows me to use differend subdomains and only need to forward port 80 and 443 on my router.I don't need to care about different ports and things like this.I only have my Subdomain, my let's encrypt certificates and the reverse proxy will do everything.My Setup in Emby for this is just as simple:No settings for certificates, or other things needed in emby.I don't even need the settings for "allow remote connection". 1 Link to comment Share on other sites More sharing options...
Ninko 69 Posted March 3, 2019 Share Posted March 3, 2019 Thanks for that detailed info @@CChris I will bare all that in mind! It's amazing even after having my Synology NAS for many years how much it can do that I still don't know. Link to comment Share on other sites More sharing options...
Luke 38093 Posted March 3, 2019 Share Posted March 3, 2019 Thanks @@CChris ! Link to comment Share on other sites More sharing options...
d21mike 2 Posted March 13, 2019 Share Posted March 13, 2019 (edited) Since you're in the Synology forum, I assume you're using one. If you have a cert for your Synology, or even using the self-signed one, and want https for Emby, you can use the reverse proxy under Application Portal in DSM. Once setup, the Synology handles the https and cert so you don't have to muck around with certs in Emby. Mine looks like this (screenshot): This seems very simple but I can not connect. I checked and 8921 is open. I checked security and the Synology Cert is showing *:8921 on the end of the list. Any idea what could be wrong? I also tested with 8096 just to see if I could connect with that and it works. I am testing on cellular with my iPhone using Emby App. Edited March 13, 2019 by d21mike Link to comment Share on other sites More sharing options...
d21mike 2 Posted March 13, 2019 Share Posted March 13, 2019 This seems very simple but I can not connect. I checked and 8921 is open. I checked security and the Synology Cert is showing *:8921 on the end of the list. Any idea what could be wrong? I also tested with 8096 just to see if I could connect with that and it works. I am testing on cellular with my iPhone using Emby App. In addition to the Synology Setup I change this in Emby: Public https port number = 8921 External domain = my domain name used for outside connections Secure connection mode = Handled by reverse proxy Now under Dashboard it shows the correct Remote access url. Maybe this is cosmetic. 1. My iPhone iOS Emby App still will not connect. 2. My Safari Browser (from remote) gets s security error but I allow it to continue which appears to make a SSL Connection. If anybody can make a suggestion on what I am doing wrong I would appreciate it. My goal is remote APP access and not the WEB BROWSER. Link to comment Share on other sites More sharing options...
Luke 38093 Posted March 13, 2019 Share Posted March 13, 2019 You'll need to use a trusted certificate that apple devices will accept. If you see the security prompt in the browser, then you know it's not a trusted certificate. There is no such override in the app to force it to accept it. Link to comment Share on other sites More sharing options...
CChris 58 Posted March 13, 2019 Share Posted March 13, 2019 If you have done your Port Forwarding in the Router and everything setup correctly, you don't need to set emby to "allow remote access".Can you show us some more information about your configuration and the certificates?I use Certificates from Let's Encrypt... Link to comment Share on other sites More sharing options...
d21mike 2 Posted March 13, 2019 Share Posted March 13, 2019 If you have done your Port Forwarding in the Router and everything setup correctly, you don't need to set emby to "allow remote access". Can you show us some more information about your configuration and the certificates? I use Certificates from Let's Encrypt... On Synology there is a default certificate from Synology for the applications. I assume I could use that because the instruction earlier in this thread did not mention I need to install another certificate. Maybe that person is not using Apple Applications and I will need another certificate because of it. I plan to use Let's Encrypt as well. I believe it is built into Synology. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now