Disable public http access

[iissmart 0]

I would like to disable public http access, and only allow public https access. I tried setting the "Secure Connection Mode" to "Required for all remote connections", but http://app.emby.media still connects to my server unencrypted.

 

Basically, I don't want a public http port. Can I set it to 0 to disable it and prevent it from setting up a upnp rule for public http access?

Edited May 19, 2019 by iissmart

[Luke 37329]

Hi there, did you setup an SSL cert?

[iissmart 0]

Yep, I already use Let's Encrypt for my website on the same server so I just needed to convert it to a pfx file for Emby to use.

 

Outside my network I can access my emby server with https://example.com:8920, https://app.emby.media, and http://app.emby.media. I'm looking to disable the last one.

 

Inside my network I can access my emby server with https://<local ip>:8920 with a certificate warning (because it's not using the domain name), http://<local ip>:8096 and http://app.emby.media. I can't access it with https://example.com:8920 or https://app.emby.media inside my network, so I'd like to keep local http access available, unless you can help me get local https access with the domain name working as well!

Edited May 19, 2019 by iissmart

[Luke 37329]

Does your server dashboard display the https url as your remote address?

[iissmart 0]

Yes. LAN address shows http://<local ip address>:8096 and WAN address shows https://example.com:8920.

[Hetimop 0]

Hi, I want it too. Did you found a way to disable http public access ?

[Luke 37329]

Hi there, have you explored the server's network settings?

[Happy2Play 8392]

There currently is no way to disable or auto redirect physical connections to online app.

http:\\app.emby.media

Users have to physically go to

https:\\app.emby.media

[Hetimop 0]

Thanks for fast answers

 

For auto redirect, it's works fine :   http://mysubdomainename.com ==> autoredirect to https://mysubdomainename.com

But users can force http by this way http://mysubdomainename.com:8096 then they can log without ssl

 

(Openmediavault + duckdns + letsencrypt)

[Happy2Play 8392]

Thanks for fast answers

 

For auto redirect, it's works fine :   http://mysubdomainename.com ==> autoredirect to https://mysubdomainename.com

But users can force http by this way http://mysubdomainename.com:8096 then they can log without ssl

 

(Openmediavault + duckdns + letsencrypt)

Well all you have to do is not forward port 8096.

[Hetimop 0]

If I disable forwarding 8096 from my rooter, I got 502 Bad gateway (nginx/1.16.1)

 

 

Maybe should I edit emby.subdomain.conf

Edited December 31, 2019 by Hetimop

[Luke 37329]

I would compare your nginx configuration to that of @@pir8radio.

[Hetimop 0]

Everything works perfectly ==> I've restart everything and followed this videos 

 

+

So it's solved for me thanks.

Edited December 31, 2019 by Hetimop

[Luke 37329]

Thanks for the feedback !