Jump to content


Photo

Accessing Emby Remotely (and adding new videos on server)

Synology Emby Abroad International smartphone

  • Please log in to reply
27 replies to this topic

#21 hollerme OFFLINE  

hollerme

    Advanced Member

  • Members
  • 47 posts
  • Local time: 02:25 AM

Posted 30 May 2019 - 04:11 PM

Hi,

 

I don't see http or https - this is what is on my screen when creating the port forwarding rule:

 

5cf038b292d78_SynologyPortForwarding.jpg

So that I don't make a mistake can you advise which figure I should input into each of these 3 fields?

 

 

1.)  What ports do I just fill it with?   You are going to setup 2 port forwards.  One for http and one for https  If you are using the standard Emby installation you will use port 8096 for http and 8920 for https.

       1a.)  When setting these ports you should have an option for source port number and destination port number.  They should be the same.

 

Example:      Source Port number:    8096           Destination:  Your Synology device         Destination port number:    8096           Protocol:     TCP

         

2.)  What protocol should I select?    TCP

 

When you setup your app on your mobile device after you have this setup you will enter the DDNS name given to you by synology as the server name/destination and the port number that your emby server uses.  I would first try the 8096 port first so we don't have to worry about any SSL certifications getting in the way.



#22 pmurphy0881 OFFLINE  

pmurphy0881

    Member

  • Members
  • 17 posts
  • Local time: 09:25 PM

Posted 30 May 2019 - 04:46 PM

Since you are only using 1 port you would have the start and end port be the same.

 

 

   External                  Internal

    Ports                       Ports      

Start     End            Start        End          

8096     8096          8096        8096

 

 

What I meant by http was that you will access your Emby server using an standard http web connection... You just won't be using the standard port assigned to that.... And that's good, you shouldn't for something like this.


  • hollerme likes this

#23 hollerme OFFLINE  

hollerme

    Advanced Member

  • Members
  • 47 posts
  • Local time: 02:25 AM

Posted 02 June 2019 - 02:53 AM

Thank you, I turned my phone's wi-fi off and it worked so looks like good news and thank you so much for this!

 

Would you happen to know what I need to do to achieve the same when my laptop is abroad (and also to copy files onto my Emby server/Synology again when away)? Or is that just  a case of going to username.synology.me and dragging the files on to it?

 

I'm really delighted about this!

Since you are only using 1 port you would have the start and end port be the same.

 

 

   External                  Internal

    Ports                       Ports      

Start     End            Start        End          

8096     8096          8096        8096

 

 

What I meant by http was that you will access your Emby server using an standard http web connection... You just won't be using the standard port assigned to that.... And that's good, you shouldn't for something like this.


Edited by hollerme, 02 June 2019 - 02:58 AM.


#24 pmurphy0881 OFFLINE  

pmurphy0881

    Member

  • Members
  • 17 posts
  • Local time: 09:25 PM

Posted 02 June 2019 - 08:55 PM

Thank you, I turned my phone's wi-fi off and it worked so looks like good news and thank you so much for this!

 

Would you happen to know what I need to do to achieve the same when my laptop is abroad (and also to copy files onto my Emby server/Synology again when away)? Or is that just  a case of going to username.synology.me and dragging the files on to it?

 

I'm really delighted about this!

 

 

You would just go to your synology domain through the web along with the proper port number.

 

 

http://username.synology.me:8096

 

then log in.  cant help much with the synology part for file transfers, but that video or the synology webite may have more on that.  you just want to make sure that if more ports need to be forwarded that you do it before you leave and no longer have access to your router.


Edited by pmurphy0881, 02 June 2019 - 08:56 PM.


#25 yarez0 OFFLINE  

yarez0

    Member

  • Members
  • 28 posts
  • Local time: 03:25 AM

Posted 04 June 2019 - 06:33 AM

You can add more security globally to your synology with https connection and embeded reverse proxy, it's a little bit tricky but you can redirect all traffic to https/443 with a certificate and HSTS. with that you only have to open 80 and 443 ports to the internet.

 

Here is my setup, do all the steps locally to avoid network discruption.

 

  • STEP 1 : open ports 8 and 443 to internet

log to your router, in my case in France it is a Freebox, redirect 80 and 443 to internal IP of your synology. 1 port = 1 rule

 

5cf638112966f_80.png 5cf6381cb7213_443.png

 

  • STEP 2 : create a ddns name

in my case its a noip account, you can have 3 dynamic dns for free. create your account and your domain name. if you are creating it at your home the setup will put your public IP directly. create a DNS HOST (A) and fill the right public IP

 

5cf639c3a6615_DDNS.png

 

  • STEP 3 : configure DDNS update in the synology

in my case the DDNS is configured into my router but you can configure it in the synology. CONTROL PANNEL - EXTERNAL ACCESS - DDNS - CREATE

 

5cf63a9deab55_EXTERNAL_1.png

 

fill you DDNS service provider, domain name and account, by default the synology knows the external IP. test the connection, the status has to be normal

 

5cf63bc3e1154_EXTERNAL_2.png 5cf63bec85932_EXTERNAL_3.png

 

  • STEP 4 : adding security
    • STEP 4a : redirect all traffic to https/443 port

go to CONTROL PANNEL - NETWORK - DSM PARAMETERS and activate redirections http to https, HTTP/2 and ngynx, then activate personnal domain name with your DOMAIN NAME and HSTS

 

5cf63d334801c_HSTS.png

 

 

now your web server will restart, if you try to connect to your synology with http://<name>.ddns.net (in my case) it will redirect to https://<name>.ddns.net. with that you don't have to connect externaly to your synology with the 5000 or 5001 port (and blocked by firewalls generally). all the traffic pass through 443/https port

 

 

  • STEP 4b : create a let's encrypt certificate

443 is good, certificate is better, go to CONTROL PANNEL - SECURITY - CERTIFICATE. choose LET'S ENCRYPT and fill your domain name and your mail address. The OTHER NAME is if you want multiple name with the same certificate. 

 

in my case I have :

  1. XXXX.ddns.net is my primary domain name
  2. XXXXvideos.ddns.net is a second name for emby (you have to create it in your DDNS service provider)
  3. XXXXplex.ddns.net is my third name for plex (you have to create it in your DDNS service provider)
  4. and multiple other names

 

5cf63f8e080aa_certificat_1.png

 

once create, you can show all the services mapped to your certificate

 

5cf6413387642_certificat_2.png

 

after reload of the syno web server, you have a valid certificate and crypted connections

 

5cf641bf118be_certificat_3.png

 

  • STEP 5 : reverse proxy emby

now we have to redirect 8096 emby port to 443 to enjoy https, HSTS and your certificate, but if XXXX.ddns.net is your synology, how connect to emby ? by creating redirecting host name in your DDNS service provider and reverse proxying

 

  • STEP 5a : new DDNS host name

go back to your DDNS service provider and create a new host name : 

 

  1. create a hostname
  2. record type : DNS ALIAS (CNAME)
  3. target : your domain name

so XXXXvideos.ddns.net will redirect to XXXX.ddns.net

 

5cf6436c22c3f_CNAME.png

 

  • STEP 5b : reverse proxying

go to CONTROL PANNEL - APPLICATIONS PORTAL - REVERSE PROXY

 

5cf644b494ca0_REVERSE_1.png

 

create a redirection like this :

 

  1. you said : https connections to XXXXvideos.ddns.net (in my case) on the 443 port
  2. with HSTS and HTTP/2
  3. redirect to HTTPS, localhost, on port 8920 (8920 is the https port)

you can redirect to HTTP, localhost, on port 8096, I put 8920 for testing an other thing and I let it

 

5cf645b5119bd_REVERSE_2.png

 

and your done !

 

I don't configure anything else in emby, no external connection, the only security is for Ombi, all the configuration is made by the syno

 

5cf646b40e8dd_REVERSE_3.png

 

  • STEP 6 : add your second name to your certificate

you created a certificate with your domain name on STEP 4b but you did not create your second name, so if you connect to XXXXvideos.ddns.net you will have a certificate name problem. go back to CONTROL PANNEL - SECURITY - CERTIFICATE and renew your certificate, recreate it and add your second name

 

and voilà !

 

5cf64772ad379_REVERSE_4.png

 

 

with that, I have multiple services on my synology (video station, file station, audio station, plex, emby, ombi, unifi controller, photos web server...), I reverse proxy everything so the only port accessible externaly are 80 (for let's encrypt renew) and 443.

 

enjoy


  • chacawaca and hollerme like this

#26 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 129302 posts
  • Local time: 09:25 PM

Posted 13 June 2019 - 01:24 PM

@yarez0 that's great, thanks for the info ! @hollerme has this information helped?



#27 hollerme OFFLINE  

hollerme

    Advanced Member

  • Members
  • 47 posts
  • Local time: 02:25 AM

Posted 20 June 2019 - 01:38 AM

Yes, this is amazingly helpful!

 

I haven't successfully done it yet but hope to this week as the screenshots have really aided me, and want to thank everyone again for all your support throughout.

 

@yarez0 that's great, thanks for the info ! @hollerme has this information helped?


  • yarez0 likes this

#28 yarez0 OFFLINE  

yarez0

    Member

  • Members
  • 28 posts
  • Local time: 03:25 AM

Posted 20 June 2019 - 02:03 AM

Yes, this is amazingly helpful!
 
I haven't successfully done it yet but hope to this week as the screenshots have really aided me, and want to thank everyone again for all your support throughout.


You have to know that most ISP routers does not have loopback address so internally if you use dns name traffic will go outside to go back inside. In other words you pass through internet to go to your internal syno.

Try to ping your ddns name and look what ip is returned. If you want to use dns name inside you have to configure syno dns service to resolve external address as internal

I can show you later


With ddns you have specify 443 port on all apps (emby, ds vidéo, ds file etc) for syno app to specify port add :443 at the end of your ddns address. For example ds video app adress will ne XXX.ddns.net:443





Also tagged with one or more of these keywords: Synology, Emby, Abroad, International, smartphone

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users