Jump to content


Photo

Accessing Emby Remotely (and adding new videos on server)

Synology Emby Abroad International smartphone

  • Please log in to reply
65 replies to this topic

#21 hollerme OFFLINE  

hollerme

    Advanced Member

  • Members
  • 64 posts
  • Local time: 10:31 AM

Posted 30 May 2019 - 04:11 PM

Hi,

 

I don't see http or https - this is what is on my screen when creating the port forwarding rule:

 

5cf038b292d78_SynologyPortForwarding.jpg

So that I don't make a mistake can you advise which figure I should input into each of these 3 fields?

 

 

1.)  What ports do I just fill it with?   You are going to setup 2 port forwards.  One for http and one for https  If you are using the standard Emby installation you will use port 8096 for http and 8920 for https.

       1a.)  When setting these ports you should have an option for source port number and destination port number.  They should be the same.

 

Example:      Source Port number:    8096           Destination:  Your Synology device         Destination port number:    8096           Protocol:     TCP

         

2.)  What protocol should I select?    TCP

 

When you setup your app on your mobile device after you have this setup you will enter the DDNS name given to you by synology as the server name/destination and the port number that your emby server uses.  I would first try the 8096 port first so we don't have to worry about any SSL certifications getting in the way.



#22 pmurphy0881 OFFLINE  

pmurphy0881

    Member

  • Members
  • 17 posts
  • Local time: 05:31 AM

Posted 30 May 2019 - 04:46 PM

Since you are only using 1 port you would have the start and end port be the same.

 

 

   External                  Internal

    Ports                       Ports      

Start     End            Start        End          

8096     8096          8096        8096

 

 

What I meant by http was that you will access your Emby server using an standard http web connection... You just won't be using the standard port assigned to that.... And that's good, you shouldn't for something like this.


  • hollerme likes this

#23 hollerme OFFLINE  

hollerme

    Advanced Member

  • Members
  • 64 posts
  • Local time: 10:31 AM

Posted 02 June 2019 - 02:53 AM

Thank you, I turned my phone's wi-fi off and it worked so looks like good news and thank you so much for this!

 

Would you happen to know what I need to do to achieve the same when my laptop is abroad (and also to copy files onto my Emby server/Synology again when away)? Or is that just  a case of going to username.synology.me and dragging the files on to it?

 

I'm really delighted about this!

Since you are only using 1 port you would have the start and end port be the same.

 

 

   External                  Internal

    Ports                       Ports      

Start     End            Start        End          

8096     8096          8096        8096

 

 

What I meant by http was that you will access your Emby server using an standard http web connection... You just won't be using the standard port assigned to that.... And that's good, you shouldn't for something like this.


Edited by hollerme, 02 June 2019 - 02:58 AM.


#24 pmurphy0881 OFFLINE  

pmurphy0881

    Member

  • Members
  • 17 posts
  • Local time: 05:31 AM

Posted 02 June 2019 - 08:55 PM

Thank you, I turned my phone's wi-fi off and it worked so looks like good news and thank you so much for this!

 

Would you happen to know what I need to do to achieve the same when my laptop is abroad (and also to copy files onto my Emby server/Synology again when away)? Or is that just  a case of going to username.synology.me and dragging the files on to it?

 

I'm really delighted about this!

 

 

You would just go to your synology domain through the web along with the proper port number.

 

 

http://username.synology.me:8096

 

then log in.  cant help much with the synology part for file transfers, but that video or the synology webite may have more on that.  you just want to make sure that if more ports need to be forwarded that you do it before you leave and no longer have access to your router.


Edited by pmurphy0881, 02 June 2019 - 08:56 PM.


#25 yarez0 OFFLINE  

yarez0

    Advanced Member

  • Members
  • 52 posts
  • Local time: 11:31 AM

Posted 04 June 2019 - 06:33 AM

You can add more security globally to your synology with https connection and embeded reverse proxy, it's a little bit tricky but you can redirect all traffic to https/443 with a certificate and HSTS. with that you only have to open 80 and 443 ports to the internet.

 

Here is my setup, do all the steps locally to avoid network discruption.

 

  • STEP 1 : open ports 8 and 443 to internet

log to your router, in my case in France it is a Freebox, redirect 80 and 443 to internal IP of your synology. 1 port = 1 rule

 

5cf638112966f_80.png 5cf6381cb7213_443.png

 

  • STEP 2 : create a ddns name

in my case its a noip account, you can have 3 dynamic dns for free. create your account and your domain name. if you are creating it at your home the setup will put your public IP directly. create a DNS HOST (A) and fill the right public IP

 

5cf639c3a6615_DDNS.png

 

  • STEP 3 : configure DDNS update in the synology

in my case the DDNS is configured into my router but you can configure it in the synology. CONTROL PANNEL - EXTERNAL ACCESS - DDNS - CREATE

 

5cf63a9deab55_EXTERNAL_1.png

 

fill you DDNS service provider, domain name and account, by default the synology knows the external IP. test the connection, the status has to be normal

 

5cf63bc3e1154_EXTERNAL_2.png 5cf63bec85932_EXTERNAL_3.png

 

  • STEP 4 : adding security
    • STEP 4a : redirect all traffic to https/443 port

go to CONTROL PANNEL - NETWORK - DSM PARAMETERS and activate redirections http to https, HTTP/2 and ngynx, then activate personnal domain name with your DOMAIN NAME and HSTS

 

5cf63d334801c_HSTS.png

 

 

now your web server will restart, if you try to connect to your synology with http://<name>.ddns.net (in my case) it will redirect to https://<name>.ddns.net. with that you don't have to connect externaly to your synology with the 5000 or 5001 port (and blocked by firewalls generally). all the traffic pass through 443/https port

 

 

  • STEP 4b : create a let's encrypt certificate

443 is good, certificate is better, go to CONTROL PANNEL - SECURITY - CERTIFICATE. choose LET'S ENCRYPT and fill your domain name and your mail address. The OTHER NAME is if you want multiple name with the same certificate. 

 

in my case I have :

  1. XXXX.ddns.net is my primary domain name
  2. XXXXvideos.ddns.net is a second name for emby (you have to create it in your DDNS service provider)
  3. XXXXplex.ddns.net is my third name for plex (you have to create it in your DDNS service provider)
  4. and multiple other names

 

5cf63f8e080aa_certificat_1.png

 

once create, you can show all the services mapped to your certificate

 

5cf6413387642_certificat_2.png

 

after reload of the syno web server, you have a valid certificate and crypted connections

 

5cf641bf118be_certificat_3.png

 

  • STEP 5 : reverse proxy emby

now we have to redirect 8096 emby port to 443 to enjoy https, HSTS and your certificate, but if XXXX.ddns.net is your synology, how connect to emby ? by creating redirecting host name in your DDNS service provider and reverse proxying

 

  • STEP 5a : new DDNS host name

go back to your DDNS service provider and create a new host name : 

 

  1. create a hostname
  2. record type : DNS ALIAS (CNAME)
  3. target : your domain name

so XXXXvideos.ddns.net will redirect to XXXX.ddns.net

 

5cf6436c22c3f_CNAME.png

 

  • STEP 5b : reverse proxying

go to CONTROL PANNEL - APPLICATIONS PORTAL - REVERSE PROXY

 

5cf644b494ca0_REVERSE_1.png

 

create a redirection like this :

 

  1. you said : https connections to XXXXvideos.ddns.net (in my case) on the 443 port
  2. with HSTS and HTTP/2
  3. redirect to HTTPS, localhost, on port 8920 (8920 is the https port)

you can redirect to HTTP, localhost, on port 8096, I put 8920 for testing an other thing and I let it

 

5cf645b5119bd_REVERSE_2.png

 

and your done !

 

I don't configure anything else in emby, no external connection, the only security is for Ombi, all the configuration is made by the syno

 

5cf646b40e8dd_REVERSE_3.png

 

  • STEP 6 : add your second name to your certificate

you created a certificate with your domain name on STEP 4b but you did not create your second name, so if you connect to XXXXvideos.ddns.net you will have a certificate name problem. go back to CONTROL PANNEL - SECURITY - CERTIFICATE and renew your certificate, recreate it and add your second name

 

and voilà !

 

5cf64772ad379_REVERSE_4.png

 

 

with that, I have multiple services on my synology (video station, file station, audio station, plex, emby, ombi, unifi controller, photos web server...), I reverse proxy everything so the only port accessible externaly are 80 (for let's encrypt renew) and 443.

 

enjoy


  • chacawaca, jbsdma, hollerme and 1 other like this

#26 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 138075 posts
  • Local time: 05:31 AM

Posted 13 June 2019 - 01:24 PM

@yarez0 that's great, thanks for the info ! @hollerme has this information helped?



#27 hollerme OFFLINE  

hollerme

    Advanced Member

  • Members
  • 64 posts
  • Local time: 10:31 AM

Posted 20 June 2019 - 01:38 AM

Yes, this is amazingly helpful!

 

I haven't successfully done it yet but hope to this week as the screenshots have really aided me, and want to thank everyone again for all your support throughout.

 

@yarez0 that's great, thanks for the info ! @hollerme has this information helped?


  • yarez0 likes this

#28 yarez0 OFFLINE  

yarez0

    Advanced Member

  • Members
  • 52 posts
  • Local time: 11:31 AM

Posted 20 June 2019 - 02:03 AM

Yes, this is amazingly helpful!
 
I haven't successfully done it yet but hope to this week as the screenshots have really aided me, and want to thank everyone again for all your support throughout.


You have to know that most ISP routers does not have loopback address so internally if you use dns name traffic will go outside to go back inside. In other words you pass through internet to go to your internal syno.

Try to ping your ddns name and look what ip is returned. If you want to use dns name inside you have to configure syno dns service to resolve external address as internal

I can show you later


With ddns you have specify 443 port on all apps (emby, ds vidéo, ds file etc) for syno app to specify port add :443 at the end of your ddns address. For example ds video app adress will ne XXX.ddns.net:443
  • hollerme likes this

#29 hollerme OFFLINE  

hollerme

    Advanced Member

  • Members
  • 64 posts
  • Local time: 10:31 AM

Posted 27 June 2019 - 04:51 AM

Thanks for this,

 

I've decided to wait for this weekend to try because I am switching ISP tomorrow so have to set everything up again before I am set to travel.

 

You have to know that most ISP routers does not have loopback address so internally if you use dns name traffic will go outside to go back inside. In other words you pass through internet to go to your internal syno.

Try to ping your ddns name and look what ip is returned. If you want to use dns name inside you have to configure syno dns service to resolve external address as internal

I can show you later


With ddns you have specify 443 port on all apps (emby, ds vidéo, ds file etc) for syno app to specify port add :443 at the end of your ddns address. For example ds video app adress will ne XXX.ddns.net:443



#30 hollerme OFFLINE  

hollerme

    Advanced Member

  • Members
  • 64 posts
  • Local time: 10:31 AM

Posted 28 June 2019 - 11:22 AM

So it turns out switching broadband providers has caused significant issues and I can't even connect to Synology (can't find it). If anyone has any tips it would mean the world as the day has been very boring without Emby.



#31 yarez0 OFFLINE  

yarez0

    Advanced Member

  • Members
  • 52 posts
  • Local time: 11:31 AM

Posted 08 July 2019 - 10:18 AM

So it turns out switching broadband providers has caused significant issues and I can't even connect to Synology (can't find it). If anyone has any tips it would mean the world as the day has been very boring without Emby.

 

look at the DDNS setting in your synology to find if your IP is up to date (STEP 3)



#32 hollerme OFFLINE  

hollerme

    Advanced Member

  • Members
  • 64 posts
  • Local time: 10:31 AM

Posted 17 August 2019 - 08:41 AM

Hi all,

 

I have just returned from abroad and am due to fly out next week again.

 

Unfortunately since going abroad I have been unable to access my Emby. My family are still able to use Emby at home so it works fine but unfortunately it looks like being able to access it remotely has failed making this past month extremely bland (although Netflix has helped). Can anyone provide advice as to what may have gone wrong to see if I can fix this before I fly out again?



#33 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 138075 posts
  • Local time: 05:31 AM

Posted 17 August 2019 - 12:00 PM

Hi all,

 

I have just returned from abroad and am due to fly out next week again.

 

Unfortunately since going abroad I have been unable to access my Emby. My family are still able to use Emby at home so it works fine but unfortunately it looks like being able to access it remotely has failed making this past month extremely bland (although Netflix has helped). Can anyone provide advice as to what may have gone wrong to see if I can fix this before I fly out again?

 

What happens when you try?



#34 jbsdma OFFLINE  

jbsdma

    Member

  • Members
  • 19 posts
  • Local time: 04:31 AM

Posted 17 August 2019 - 05:16 PM

@yarez0 this has been very helpful, much appreciated! Unfortunately I still have not been able to connect remotely using this. My DDNS works, cert is working and I CAN connect remotely using my XXXX.ddns.net with the iOS app if I port forward 8096 in my router and set a firewall rule for 8096 in the synology. I have my reverse proxy to redirect to http 8096 (since I assume you have a cert profile setup in your Emby settings to make the https 8920 work?!) Any ideas/help would be greatly appreciated. Also, I can't "activate a personal domain" in the DSM setting for some reason (pic attached) and I assume this doesn't make a difference as I was still able to connect without that (as I mentioned above)


Edited by jbsdma, 17 August 2019 - 05:33 PM.


#35 jbsdma OFFLINE  

jbsdma

    Member

  • Members
  • 19 posts
  • Local time: 04:31 AM

Posted 17 August 2019 - 05:34 PM

Pic:5d5872d68db3b_DSMError.jpg



#36 yarez0 OFFLINE  

yarez0

    Advanced Member

  • Members
  • 52 posts
  • Local time: 11:31 AM

Posted 17 August 2019 - 06:59 PM

Let the mouse on the red to see the message

Show me your reverse proxy on dsm

No need to configure ssl in emby

#37 yarez0 OFFLINE  

yarez0

    Advanced Member

  • Members
  • 52 posts
  • Local time: 11:31 AM

Posted 17 August 2019 - 07:02 PM

Do you redirect port 443 in your router to your synology ? (STEP 1)

#38 yarez0 OFFLINE  

yarez0

    Advanced Member

  • Members
  • 52 posts
  • Local time: 11:31 AM

Posted 17 August 2019 - 07:05 PM

Your family can connect using 8096 because you are in your local network

If you can use remotely by redirect 8096 your reverse proxy does not work

#39 jbsdma OFFLINE  

jbsdma

    Member

  • Members
  • 19 posts
  • Local time: 04:31 AM

Posted 18 August 2019 - 08:50 PM

Here is the error dialog from DSM settings when trying to add the customized domain:5d59efd797ffc_DSMError.jpg

 

I DO have port 443 on the router pointing to the synology - it is only the TCP protocol (which I assume is ok, should it be TCP+UDP??)

 

I wasn't connecting locally on 8096, I was connecting remotely though the iOS App. When the secure way you posted above didn't work I tried forwarding 8096 on my router and creating the firewall rule for 8096 also on the Synology .... this worked! (see below):

5d59f0bc267aa_IMG_0120.png

 

I assume when I try to connect securely I would use port 443 correct?

 

Here is my reverse proxy settings:

5d59f129a1fbf_ReverseProxy.jpg

 

I set the destination to http and local 8096 because I assume I would need to set up a certificate in Emby (I didn't do this because the Synology is providing this through my DDNS + Let's Encrypt cert.

 

Another thing, I cannot connect securely through LAN (I assume this is also because of needing the cert setup in Emby?!):

5d59f1f0020ab_LocalhttpsError.jpg

 

5d59f203a0c1f_EmbyDashboardStatus.jpg

 

Again, thanks so much for the help!!!!!!!!!!!!



#40 yarez0 OFFLINE  

yarez0

    Advanced Member

  • Members
  • 52 posts
  • Local time: 11:31 AM

Posted 18 August 2019 - 09:47 PM

Localy you have to use 8096. This is normal. If you want secure connection you have to use secure port (don’t remember the port) and if you want secure + certificate you have to configure local dns server (like the synology dns server) to localy resolve your external dns name has your local dns name (to resume localy xxx.ddns.net will resolve internal ip 192.168.x.y)

Let the mouse on the dns name in dsm config. A message will pop up with the error

Your reverse proxy config is ok. Tcp only. As you see my router has only 443 open (80 for let’s encrypt)

Try, if you can, a telnet session on your ddns name port 443 (with putty)

Host : your domain
Protocol : telnet
Port : 443

If port 443 is open you will have a black screen. Maybee with a message

If not, the connection will close

Maybee you have a synology app which already using hte 443 port. We have to check which one. Maybee that is the reason why the local domain config with hsts can’t be done in dsm





Also tagged with one or more of these keywords: Synology, Emby, Abroad, International, smartphone

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users