Question about connecting

[notla49285 46]

As per the title, I have logged into https://app.emby.media, clicked my server and got "We're unable to connect to the selected server right now. Please ensure it is running and try again."

 

However, when I browse http://[My server IP]:8096, I get the local server users displayed as normal (haven't gone any further than this as I don't want to send my password over an unsecure connection).

 

I'm currently trying to get TorGuard up and running on my server, which has so far been unsuccessful, so in my testing I've switched it off completely and used my real IP (Emby server has updated to recognise my real IP), and found this issue.

 

Can anyone help?

[ebr 14959]

Hi.  Have you configured your server to advertise only https?  If so, what happens if you try to connect manually that way?

 

Is the WAN address shown on the dashboard the same address you are using to connect manually?

[notla49285 46]

How do I advertise only https? That's another issue I have at the moment, I don't want unsecured connections allowed through.

 

Yes the WAN address matches the one I'm using to connect manually, and this method works fine (haven't actually logged in due to http concerns, but I'm guessing it wouldn't even be able to give the user list if it wasn't connected?)

[notla49285 46]

I went ahead and guessed what you meant, and selected "Required for all remote connections" under "Secure connection mode" within Advanced Settings. This required a certificate.pfx, I have one that I used to use when I was accessing Emby via a domain, which I'm no longer doing.

 

Once I'd set this and restarted Emby server, the WAN address changed to https://[My IP]:[secure port], I can now access Emby via https://app.emby.media, though it is complaining about the certificate (I'm guessing because it's for my old domain), so is this still a secure connection?

 

I know software developers get sick of hearing things like this, but I don't understand almost everything involved with setting up a secure connection. I'm not saying there should be an "out of the box" solution, but a central set of clear instructions would be nice. Every guide I've been through to get an easy and secure remote connection has either contained outdated information, confusing (for me) information or depends on running on an actual server, I have Windows 7 Pro and a hard drive, not some Linux-driven, 50TB array which also hosts home automation, CCTV and the launch procedures for SpaceX.

[Luke 37252]

The connection should still be secure but it's probably complaining due to the browser not trusting the cert by default.

 

SSL can be a bit complex because you need a certificate, but before you can have that, you first need a domain name to attach that certificate to.

[notla49285 46]

@@Luke, is there no way to have a secure connection to my Emby server without hosting a domain? I've had to go back to my previous settings where I access Emby via a secure domain that I own and bypass my VPN at home. What I'd really like is to connect via domain using an SSL connection and run Emby behind my VPN, I've wanted this for months but never got further than having one or the other (I'm just down to the one option now as it seems I can't run Emby behind a VPN any more).

[ebr 14959]

Hi.  An SSL certificate is tied to a domain.  That is supposed to be what they are verifying (that you are actually talking to who you think you are). 

[notla49285 46]

Thanks @@ebr, I'll keep the domain for the time being, what does Plex do regarding this? I never got anywhere near setting up domains when I was using Plex but I'm sure it was a secure connection?

 

Anyway, do you (or anyone reading this) know if it's possible to run a VPN *and* a secure domain connection? In theory, I'd need a forwarded port from the VPN provider (which apparently I have but not managed to get it working yet), then give the VPN IP and port to the DNS/domain provider, then allow traffic through my router on the port that I told the VPN to forward to? I've been trying to do this for a very long time and always fallen down somewhere, at the moment it's because there's a problem with port forwarding and also can't see a way to get my DNS provider to forward to an IP address with a port.

[Luke 37252]

They have their own auto-generated domain that resolves to your personal ip address, and then they're able to attach a certificate to this domain.