Spaceboy 2494 Posted September 12, 2018 Share Posted September 12, 2018 Thanks for this was going well until I had to convert the SSL which failedcan you give more detail, what do you mean by failed? Exactly which step? Link to comment Share on other sites More sharing options...
mattykellyuk 17 Posted September 12, 2018 Author Share Posted September 12, 2018 can you give more detail, what do you mean by failed? Exactly which step? Got to step 14. Made two notepads and named them as asked but when I go to convert them I get the attached error Link to comment Share on other sites More sharing options...
Spaceboy 2494 Posted September 12, 2018 Share Posted September 12, 2018 Got to step 14. Made two notepads and named them as asked but when I go to convert them I get the attached error @@Swynol pete, is step 14 required now we don't need a cert to trick emby? this time around i didn't do anything wrt putting a cert inside emby Link to comment Share on other sites More sharing options...
Swynol 375 Posted September 12, 2018 Share Posted September 12, 2018 Ok i think we need to start from the beginning almost. @@Spaceboy - if using NGINX then no i dont think step 14 is needed. but there is another setting that needs to be enabled - "secure connection mode = handled by reverse proxy". However if not using nginx then yes i step 14 is still needed. @@mattykellyuk if you can answer the below, give me an idea where we are. Do you have any other services that you want to access remotely? i.e. plex, sonarr, nzb stuff? Do you want to use Cloudflare? so remote user --> cloudfalre ---> your emby server? What ports are you using for emby? list public http/https and private http/https - Someone mentioned wildcard cert - you can use one. however if your getting a cert from lets encrypt, then this isnt a wildcard cert. However you can list your sub domain names in the certificate. so when you apply for the cert list your domain name, ddns subdomain and emby subdomain. "mydomain.com ddns.mydomain.com emby.mydomain.com" this will mean the cert will cover all the listed sub domains. if your following the guide and getting your cert from cloudflare then this is a wildcard cert, you just need to add *.mydomain.com and mydomain.com like in step 13. it looks like your having issues getting the 2 parts of the certificate merged into 1. copy everything in the origin certificate including the ---BEGIN CERTIFATE--- into a notepad and save it as cert.pem (not cert.pem.txt) then do the same with private key, copy all of it including the --BEGIN.....---- save it into notepad and call it private.key (not private.key.txt) head to ssl converter change the "type to convert" to PFX/PKCS#12. certificate file to convert - choose file - cert.pem private key file - choose file - private.key ignore the next 2 boxes then enter a password into PFX passowrd convert you should end up with a file called certificate.pfx In emby load this certificate.pfx and enter the password for the pfx in the box. apply, save, restart. If the end goal is to use cloudflare then you Link to comment Share on other sites More sharing options...
Swynol 375 Posted September 12, 2018 Share Posted September 12, 2018 disable upnp in emby. disconnect emby connect from your emby username close 8096 and 8920 on your router. on your router forward external port 443 to internal port 8920 to your emby server now in emby advanced. public https port - 443 private https port - 8920 private http port - 8096 enter your domain name into the box save, restart. on emby dashboard you should now have LAN - http://xxx.xxx.xxx.xxx:8096 WAN - https://emby.mydomain.com:443 you should now be able to access emby with https://emby.mydomain.com the certificate should be issued by cloudflare. and its trusted by all devices. i've used it on all web browsers, IOS app, android app, android tv app, amazon devices, xbox etc. you can now re-connect your emby user to emby connect. save -restart Link to comment Share on other sites More sharing options...
Swynol 375 Posted September 12, 2018 Share Posted September 12, 2018 if you have discord PM your name and we can chat there as its sometimes easier Link to comment Share on other sites More sharing options...
mattykellyuk 17 Posted September 13, 2018 Author Share Posted September 13, 2018 Ok i think we need to start from the beginning almost. @@Spaceboy - if using NGINX then no i dont think step 14 is needed. but there is another setting that needs to be enabled - "secure connection mode = handled by reverse proxy". However if not using nginx then yes i step 14 is still needed. @@mattykellyuk if you can answer the below, give me an idea where we are. Do you have any other services that you want to access remotely? i.e. plex, sonarr, nzb stuff? Do you want to use Cloudflare? so remote user --> cloudfalre ---> your emby server? What ports are you using for emby? list public http/https and private http/https - Someone mentioned wildcard cert - you can use one. however if your getting a cert from lets encrypt, then this isnt a wildcard cert. However you can list your sub domain names in the certificate. so when you apply for the cert list your domain name, ddns subdomain and emby subdomain. "mydomain.com ddns.mydomain.com emby.mydomain.com" this will mean the cert will cover all the listed sub domains. if your following the guide and getting your cert from cloudflare then this is a wildcard cert, you just need to add *.mydomain.com and mydomain.com like in step 13. it looks like your having issues getting the 2 parts of the certificate merged into 1. copy everything in the origin certificate including the ---BEGIN CERTIFATE--- into a notepad and save it as cert.pem (not cert.pem.txt) then do the same with private key, copy all of it including the --BEGIN.....---- save it into notepad and call it private.key (not private.key.txt) head to ssl converter change the "type to convert" to PFX/PKCS#12. certificate file to convert - choose file - cert.pem private key file - choose file - private.key ignore the next 2 boxes then enter a password into PFX passowrd convert you should end up with a file called certificate.pfx In emby load this certificate.pfx and enter the password for the pfx in the box. apply, save, restart. If the end goal is to use cloudflare then you OK so Yes cloudflare if it a method to secure my server. No other services like plex etc my ports are 80 and 443 for both local and public (they are currently both open, have checked on canyouseeme.org) I am still stuck at step 14, I do as advised, coping and pasting into the cert.pem and private.key but it won't convert Link to comment Share on other sites More sharing options...
Swynol 375 Posted September 13, 2018 Share Posted September 13, 2018 ok if your happy to do so, PM me the pem and key file. i can test them and hopefully convert them. Link to comment Share on other sites More sharing options...
vaise 307 Posted September 14, 2018 Share Posted September 14, 2018 I had this all working with emby and direct ssl a while back, then an emby app update caused the iphones IOS to stop working with the ssl cert for some reason. Played around with it a while, posted on here, but gave up and rolled in nginx reverse proxy instead, had it doing all the cert stuff on behalf of all apps and just told emby that its handled by the reverse proxy. nginx for me is using subdomains off a domain that I own - the base domain still redirects to my website, but all the subdomains I created redirect to my home WAN port I have now added loads more services behind nginx, and also added a redirect in nginx so port 80 is forced to SSL - 443. It means the remote web users can just key in emby.mydomain.com and it changes to https automatically. Remote IOS and other remote emby app users (android/roku) still choose the https://emby.mydomain.com and port 443 when selecting the server. All other web users - just key in emby.mydomain.com This has all been explained in other posts on these forums so I am offering nothing new - just amazed at how much easier it was. As I am using unraid, they have a letsencrypt docker with nginx built in and examples for emby so it was only a few clicks to get this all working. Link to comment Share on other sites More sharing options...
Swynol 375 Posted September 15, 2018 Share Posted September 15, 2018 I had this all working with emby and direct ssl a while back, then an emby app update caused the iphones IOS to stop working with the ssl cert for some reason. Played around with it a while, posted on here, but gave up and rolled in nginx reverse proxy instead, had it doing all the cert stuff on behalf of all apps and just told emby that its handled by the reverse proxy. nginx for me is using subdomains off a domain that I own - the base domain still redirects to my website, but all the subdomains I created redirect to my home WAN port I have now added loads more services behind nginx, and also added a redirect in nginx so port 80 is forced to SSL - 443. It means the remote web users can just key in emby.mydomain.com and it changes to https automatically. Remote IOS and other remote emby app users (android/roku) still choose the https://emby.mydomain.com and port 443 when selecting the server. All other web users - just key in emby.mydomain.com This has all been explained in other posts on these forums so I am offering nothing new - just amazed at how much easier it was. As I am using unraid, they have a letsencrypt docker with nginx built in and examples for emby so it was only a few clicks to get this all working. ye i use NGINX. I think for most people adding a cert to emby is easier and is all they need. For me i couldnt do without NGINX now Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now