Jump to content

Questions about SSL Setup

mattykellyuk

By mattykellyuk
in General/Windows

 Share

Recommended Posts

Spaceboy

Spaceboy   2494

Posted
Posted

Thanks for this was going well until I had to convert the SSL which failed

can you give more detail, what do you mean by failed? Exactly which step?
Link to comment
Share on other sites
mattykellyuk

mattykellyuk   17

Posted
  • Author
Posted

can you give more detail, what do you mean by failed? Exactly which step?

 

 

Got to step 14. Made two notepads and named them as asked but when I go to convert them I get the attached error

post-758-0-04106500-1536747434_thumb.jpg

Link to comment
Share on other sites
Spaceboy

Spaceboy   2494

Posted
Posted

Got to step 14. Made two notepads and named them as asked but when I go to convert them I get the attached error

@@Swynol pete, is step 14 required now we don't need a cert to trick emby? this time around i didn't do anything wrt putting a cert inside emby

Link to comment
Share on other sites
Swynol

Swynol   375

Posted
Posted

Ok i think we need to start from the beginning almost. 

 

@@Spaceboy - if using NGINX then no i dont think step 14 is needed. but there is another setting that needs to be enabled - "secure connection mode = handled by reverse proxy". However if not using nginx then yes i step 14 is still needed.

 

@@mattykellyuk

 

if you can answer the below, give me an idea where we are.

 

Do you have any other services that you want to access remotely? i.e. plex, sonarr, nzb stuff?

 

Do you want to use Cloudflare? so remote user --> cloudfalre ---> your emby server?

 

What ports are you using for emby? list public http/https and private http/https - 

 

Someone mentioned wildcard cert - you can use one. however if your getting a cert from lets encrypt, then this isnt a wildcard cert. However you can list your sub domain names in the certificate. so when you apply for the cert list your domain name, ddns subdomain and emby subdomain.  "mydomain.com ddns.mydomain.com emby.mydomain.com"  this will mean the cert will cover all the listed sub domains.

 

if your following the guide and getting your cert from cloudflare then this is a wildcard cert, you just need to add *.mydomain.com and mydomain.com   like in step 13.

 

 

it looks like your having issues getting the 2 parts of the certificate merged into 1. 

 

copy everything in the origin certificate including the ---BEGIN CERTIFATE--- into a notepad and save it as cert.pem (not cert.pem.txt)

 

then do the same with private key, copy all of it including the --BEGIN.....---- save it into notepad and call it private.key (not private.key.txt)

 

head to ssl converter

 

change the "type to convert" to PFX/PKCS#12.

 

certificate file to convert - choose file - cert.pem

 

private key file - choose file - private.key

 

ignore the next 2 boxes

 

then enter a password into PFX passowrd

 

convert

 

you should end up with a file called certificate.pfx

 

In emby load this certificate.pfx and enter the password for the pfx in the box.

 

apply, save, restart.

 

If the end goal is to use cloudflare then you 

Link to comment
Share on other sites
Swynol

Swynol   375

Posted
Posted

disable upnp in emby. 

 

disconnect emby connect from your emby username

 

close 8096 and 8920 on your router.

 

on your router forward external port 443 to internal port 8920 to your emby server

 

now in emby advanced. public https port - 443    private https port - 8920   private http port - 8096

 

enter your domain name into the box

 

save, restart.

 

on emby dashboard you should now have

 

LAN - http://xxx.xxx.xxx.xxx:8096

WAN - https://emby.mydomain.com:443

 

you should now be able to access emby with

 

https://emby.mydomain.com

 

the certificate should be issued by cloudflare. and its trusted by all devices. i've used it on all web browsers, IOS app, android app, android tv app, amazon devices, xbox etc. 

 

you can now re-connect your emby user to emby connect.

 

save -restart

Link to comment
Share on other sites
mattykellyuk

mattykellyuk   17

Posted
  • Author
Posted

Ok i think we need to start from the beginning almost. 

 

@@Spaceboy - if using NGINX then no i dont think step 14 is needed. but there is another setting that needs to be enabled - "secure connection mode = handled by reverse proxy". However if not using nginx then yes i step 14 is still needed.

 

@@mattykellyuk

 

if you can answer the below, give me an idea where we are.

 

Do you have any other services that you want to access remotely? i.e. plex, sonarr, nzb stuff?

 

Do you want to use Cloudflare? so remote user --> cloudfalre ---> your emby server?

 

What ports are you using for emby? list public http/https and private http/https - 

 

Someone mentioned wildcard cert - you can use one. however if your getting a cert from lets encrypt, then this isnt a wildcard cert. However you can list your sub domain names in the certificate. so when you apply for the cert list your domain name, ddns subdomain and emby subdomain.  "mydomain.com ddns.mydomain.com emby.mydomain.com"  this will mean the cert will cover all the listed sub domains.

 

if your following the guide and getting your cert from cloudflare then this is a wildcard cert, you just need to add *.mydomain.com and mydomain.com   like in step 13.

 

 

it looks like your having issues getting the 2 parts of the certificate merged into 1. 

 

copy everything in the origin certificate including the ---BEGIN CERTIFATE--- into a notepad and save it as cert.pem (not cert.pem.txt)

 

then do the same with private key, copy all of it including the --BEGIN.....---- save it into notepad and call it private.key (not private.key.txt)

 

head to ssl converter

 

change the "type to convert" to PFX/PKCS#12.

 

certificate file to convert - choose file - cert.pem

 

private key file - choose file - private.key

 

ignore the next 2 boxes

 

then enter a password into PFX passowrd

 

convert

 

you should end up with a file called certificate.pfx

 

In emby load this certificate.pfx and enter the password for the pfx in the box.

 

apply, save, restart.

 

If the end goal is to use cloudflare then you 

OK so

 

Yes cloudflare if it a method to secure my server.

No other services like plex etc

my ports are 80 and 443 for both local and public (they are currently both open, have checked on canyouseeme.org)

 

I am still stuck at step 14, I do as advised, coping and pasting into the cert.pem and private.key but it won't convert

Link to comment
Share on other sites
vaise

vaise   307

Posted
Posted

I had this all working with emby and direct ssl a while back, then an emby app update caused the iphones IOS to stop working with the ssl cert for some reason. 

Played around with it a while, posted on here, but gave up and rolled in nginx reverse proxy instead, had it doing all the cert stuff on behalf of all apps and just told emby that its handled by the reverse proxy. 

nginx for me is using subdomains off a domain that I own - the base domain still redirects to my website, but all the subdomains I created redirect to my home WAN port

I have now added loads more services behind nginx, and also added a redirect in nginx so port 80 is forced to SSL - 443. 

It means the remote web users can just key in emby.mydomain.com and it changes to https automatically.

Remote IOS and other remote emby app users (android/roku) still choose the https://emby.mydomain.com and port 443 when selecting the server.  All other web users - just key in emby.mydomain.com

 

This has all been explained in other posts on these forums so I am offering nothing new - just amazed at how much easier it was.

As I am using unraid, they have a letsencrypt docker with nginx built in and examples for emby so it was only a few clicks to get this all working.

Link to comment
Share on other sites
Swynol

Swynol   375

Posted
Posted

I had this all working with emby and direct ssl a while back, then an emby app update caused the iphones IOS to stop working with the ssl cert for some reason. 

Played around with it a while, posted on here, but gave up and rolled in nginx reverse proxy instead, had it doing all the cert stuff on behalf of all apps and just told emby that its handled by the reverse proxy. 

nginx for me is using subdomains off a domain that I own - the base domain still redirects to my website, but all the subdomains I created redirect to my home WAN port

I have now added loads more services behind nginx, and also added a redirect in nginx so port 80 is forced to SSL - 443. 

It means the remote web users can just key in emby.mydomain.com and it changes to https automatically.

Remote IOS and other remote emby app users (android/roku) still choose the https://emby.mydomain.com and port 443 when selecting the server.  All other web users - just key in emby.mydomain.com

 

This has all been explained in other posts on these forums so I am offering nothing new - just amazed at how much easier it was.

As I am using unraid, they have a letsencrypt docker with nginx built in and examples for emby so it was only a few clicks to get this all working.

 

ye i use NGINX. I think for most people adding a cert to emby is easier and is all they need. For me i couldnt do without NGINX now

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...