Jump to content

How to secure Emby


oRBIT

Recommended Posts

cochize1

I understand.  But it takes like 30 seconds to create a certificate.  After my Emby setup I have been doing this for my office for multiple host at multiple locations so very nice.  But based on your error you may need a unique fully qualified name with a "host" as part of your fully qualified name.

Just don't know what what to do at this point. As you mentioned above I've been trying to use 'www' and also I have option to set a sub-domain in my domain provider. Also I have read somewhere on Let's Encrypt forum that the domain has to point to your Synology device which would be correct in my case after disabling port forwarding the address directs me to port 5000, but still all to no avail. 

 

EDIT: Haha, I just wanted to make you a printscreen to prove it is not working... and it worked:) So, what now?

 

5cae26353fca1_cert.jpg

 

 

 

Edited by cochize1
Link to comment
Share on other sites

d21mike

Just don't know what what to do at this point. As you mentioned above I've been trying to use 'www' and also I have option to set a sub-domain in my domain provider. Also I have read somewhere on Let's Encrypt forum that the domain has to point to your Synology device which would be correct in my case after disabling port forwarding the address directs me to port 5000, but still all to no avail. 

 

EDIT: Haha, I just wanted to make you a printscreen to prove it is not working... and it worked:) So, what now?

 

5cae26353fca1_cert.jpg

 

You now have to configure your domain.  You should make sure you have properly setup Reverse Proxy per the instructions here.  Very important to follow the instructions.  Your most resent was setup wrong.  Once setup correctly you want to set *:8921 for your www.heisenberg.pl.  Then you want make sure you port forward 8921 to your NAS.  Then from outside use https://www.heisenberg.pl:8921 to reach Emby.

Link to comment
Share on other sites

cochize1

I thought it was set up exactly as described here, in attached pic it is wrong?

I thought the outcome will be that I won't need to write a port number in the browser, just the domane name and be connected through https? Basically that was the whole point...5cae30d7a9fee_nas.jpg

Link to comment
Share on other sites

d21mike

I thought it was set up exactly as described here, in attached pic it is wrong?

I thought the outcome will be that I won't need to write a port number in the browser, just the domane name and be connected through https? Basically that was the whole point...5cae30d7a9fee_nas.jpg

 

yes.  this is wrong.  Look up stream and you will see the correct setup.

Link to comment
Share on other sites

d21mike

5afeb5755e6eb_ScreenShot20180518at70744A

After this you will need to config your certificate for the *:8921 above to use your new certificate.  I believe you will see *:8921 as a option to then select the proper certificate if you do this step properly first.

Link to comment
Share on other sites

d21mike

After this you will need to config your certificate for the *:8921 above to use your new certificate.  I believe you will see *:8921 as a option to then select the proper certificate if you do this step properly first.

If later you want a web site for you www.hei..pl then you can also associate the www certificate for that as well.  But wait until you get ember working first.

 

You already have 80, 443 and 8192 port forwarded to Synology NAS.  So you url's are http://www.h..pl (default port 80) and https://www.h...pl (default port 443) and https://www.h...pl:8921 for Emby.  You have to add the :8192 for Emby since it is a non-standard port.

Link to comment
Share on other sites

d21mike

If later you want a web site for you www.hei..pl then you can also associate the www certificate for that as well.  But wait until you get ember working first.

 

You already have 80, 443 and 8192 port forwarded to Synology NAS.  So you url's are http://www.h..pl (default port 80) and https://www.h...pl (default port 443) and https://www.h...pl:8921 for Emby.  You have to add the :8192 for Emby since it is a non-standard port.

 

BTW... You may have been wondering why you could not have used the Synology Default Certificate.  I think I read that Apple product (iOS and tvOS) needed the fully qualified certificate but not sure.  Anyway, cool to have your own domain certificate :)

Link to comment
Share on other sites

craigieboy2

Hello I'm a new user installed Emby on a firestick.

But it keeps saying no servers are available.

Tried Emby connect but still nothing can anyone help?

Link to comment
Share on other sites

Hello I'm a new user installed Emby on a firestick.

But it keeps saying no servers are available.

Tried Emby connect but still nothing can anyone help?

Hi there, have you setup your own emby server?

Link to comment
Share on other sites

  • 3 weeks later...
Gert-Jan Albers

No settings on the Emby side, actually - which is the nice part. Only the Synology.

 

The source is what you're going to actually connect via https to whatever IP or dns name your synology is.  I pickup port 8921 because it was available and it was "one up" from Emby's preferred https port.  I'm not using Emby's secure port, but if I wanted to play with that in the future, I didn't want to use the same one and have a conflict.

 

Destination 8096 is Emby's default http unsecured port.

 

Lets say my Synology's IP is 10.0.1.100

 

When you connect, you'll use https://10.0.1.100:8921 - the Synology will automatically reverse proxy that to Emby.  Hopefully your Synology is behind a firewall, so you'll need to allow port 8921 connections from the outside world if you're using Emby from outside.  Don't open port 8096 as that would defeat the purpose of this.

 

I've tested this using the androidtv & roku clients in house (not really needed), and externally on my phone with the android app as well as various browsers.  I don't have an Emby Connect account, so don't know if it works that way.

 

Ok, I got your point and it indeed works but am I correct saying that the DSM Emby App link and both links available in the Emby dashboard became invalid?

Link to comment
Share on other sites

majorsl

Ok, I got your point and it indeed works but am I correct saying that the DSM Emby App link and both links available in the Emby dashboard became invalid?

No, not really. You should be able to still use those links within your LAN, at least I can.

 

The main purpose for me was to only open up just 8921 on my router/firewall, so when I'm away from home, the apps on my phone, or when using the web with my web browser are using the https connection.  For consistency, even though I could use the insecure ones within my LAN, I still setup my Rokus with the same.

Link to comment
Share on other sites

d21mike

Ok, I got your point and it indeed works but am I correct saying that the DSM Emby App link and both links available in the Emby dashboard became invalid?

 

I set the ... Settings ... Advanced ... Hosting ... External domain to my remote access url domain so my Links are valid.

 

Example:

 

In-Home (LAN) access:  http://internal ipaddress:8096

Remote  (WAN) access: https://external domain:8921

 

I port forward 8921 to my Synology NAS

My ssl certificate is based on the external domain name.

 

I did this because I wanted my Dashboard to remind me of the correct links.

Edited by d21mike
Link to comment
Share on other sites

Dennis Dallau

Just to double check:

 

What about if you guys are on the road and open DSM within a browser via your secure external domain and then click the EMBY ICON in the menu?

 

Mine still points to the http://mydomain.com:8096 and surely does not work. It only works when I manually enter the HTTPS url with the new port number.

 

Is that correct or does it work for you?

 

tnx :)

Link to comment
Share on other sites

d21mike

Just to double check:

 

What about if you guys are on the road and open DSM within a browser via your secure external domain and then click the EMBY ICON in the menu?

 

Mine still points to the http://mydomain.com:8096 and surely does not work. It only works when I manually enter the HTTPS url with the new port number.

 

Is that correct or does it work for you?

 

tnx :)

 

Did you read my post?  Notice my 8096 link is for the local connection and does not use HTTPS.  There are multiple ways to make this happen so your setup may be a bit different than what I doing.  But my method works for me.

Link to comment
Share on other sites

  • 8 months later...
  • 1 year later...
rabbifede
On 3/3/2019 at 11:38 AM, CChris said:

Thanks a lot, that walkthrough helped me having secure connection to Emby server after switching to a pfSense firewall 🙂

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...