bflagg 2 Posted July 16, 2019 Share Posted July 16, 2019 Do you have a step by step for SSL setup for EMBY? Link to comment Share on other sites More sharing options...
byusinger84 1 Posted July 16, 2019 Share Posted July 16, 2019 This is the one I use. Works well. https://mythofechelon.co.uk/blog/2017/01/01/lets-encrypt-emby-server-and-windows Link to comment Share on other sites More sharing options...
Senna 368 Posted July 16, 2019 Share Posted July 16, 2019 https://blog.awelswynol.co.uk/2018/01/setting-up-cloudflare-with-emby And some more: https://blog.awelswynol.co.uk/category/emby And if you want some reading, go here: https://emby.media/community/index.php?/topic/54586-security-101-secure-connections/ 3 Link to comment Share on other sites More sharing options...
Spaceboy 2493 Posted July 17, 2019 Share Posted July 17, 2019 https://blog.awelswynol.co.uk/2018/01/setting-up-cloudflare-with-emby And some more: https://blog.awelswynol.co.uk/category/emby And if you want some reading, go here: https://emby.media/community/index.php?/topic/54586-security-101-secure-connections/ ive been using the awel swynol method for a few years now. Works perfectly Link to comment Share on other sites More sharing options...
crusher11 851 Posted July 25, 2019 Share Posted July 25, 2019 In step 10, what's the IP address of my server? The WAN address or the LAN address? Link to comment Share on other sites More sharing options...
Senna 368 Posted July 25, 2019 Share Posted July 25, 2019 In step 10, what's the IP address of my server? The WAN address or the LAN address?Step 10 is about forwarding external traffic on your router, to your Emby Server on your LAN, so it needs the LAN address there. 1 Link to comment Share on other sites More sharing options...
crusher11 851 Posted July 30, 2019 Share Posted July 30, 2019 So I've set this up, but I get a 522 error when trying to connect remotely and the Security Headers website says it can't be checked because it failed validation. Link to comment Share on other sites More sharing options...
crusher11 851 Posted July 30, 2019 Share Posted July 30, 2019 Further info: CanYouSeeMe.org shows port 443 as open, but not port 80. Which makes sense given I forwarded 443 but not 80. So it seems the issue is somewhere in the SSL setup process rather than the remote connection process. Link to comment Share on other sites More sharing options...
Senna 368 Posted July 30, 2019 Share Posted July 30, 2019 Please compare the output of the following: https://WAN-IP:443/emby/system/info/public https://Domain-URL:443/emby/system/info/public Do you get a response in web browser on BOTH requests ? Link to comment Share on other sites More sharing options...
crusher11 851 Posted July 30, 2019 Share Posted July 30, 2019 (edited) The domain gives a Cloudflare 522 error, the WAN IP gives a browser "this page is not secure" error: [WAN IP] uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. The certificate is only valid for the following names: [domain] Error code: SEC_ERROR_UNKNOWN_ISSUER Skipping past that, I do indeed get some sort of info page with server name, version, etc. If I remove the info stuff and go to https://WANIP:443 I get an Emby login page. Edited July 30, 2019 by crusher11 Link to comment Share on other sites More sharing options...
Senna 368 Posted July 30, 2019 Share Posted July 30, 2019 the WAN IP gives a browser "this page is not secure" error:That's normal, because your Cloudflare SSL certificate is only used when your connection is done with domain name, through Cloudflare. Skipping past that, I do indeed get some sort of info page with server name, version, etc. If I remove the info stuff and go to https://WANIP:443 I get an Emby login page.Good, that tells us the port forward on router is working OK and your Emby server can be reached externally with WAN IP. Now you have to check your Cloudflare domain setup, including how you created your SSL certificate and your Emby Advanced Setup, regarding external access with domain and SSL certificate. 1 Link to comment Share on other sites More sharing options...
crusher11 851 Posted July 30, 2019 Share Posted July 30, 2019 (edited) What should I be checking? I have no idea where I could have gone wrong. Never mind, there was a typo in the WAN IP on the Cloudflare setup. But now that I've changed it I'm getting a message saying that no A, AAA or MX records were found on the various domains or something? Edited July 30, 2019 by crusher11 Link to comment Share on other sites More sharing options...
Senna 368 Posted July 30, 2019 Share Posted July 30, 2019 But now that I've changed it I'm getting a message saying that no A, AAA or MX records were found on the various domains or something?Ignore those, as long you have a type A record with proxy status with an orange cloud, you are good to go. Now you have fixed the typo with WAN IP in Cloudflare, what happens when you enter : https://Domain-URL:443/emby/system/info/public Do you get the same response compared to when you use the WAN IP ? 1 Link to comment Share on other sites More sharing options...
crusher11 851 Posted July 30, 2019 Share Posted July 30, 2019 Yep, it seems to be working now. 1 Link to comment Share on other sites More sharing options...
Senna 368 Posted July 30, 2019 Share Posted July 30, 2019 Yep, it seems to be working now. Enjoy Link to comment Share on other sites More sharing options...
BillOatman 500 Posted July 30, 2019 Share Posted July 30, 2019 https://blog.awelswynol.co.uk/2018/01/setting-up-cloudflare-with-emby And some more: https://blog.awelswynol.co.uk/category/emby And if you want some reading, go here: https://emby.media/community/index.php?/topic/54586-security-101-secure-connections/ Aren't the first two the same thing? Link to comment Share on other sites More sharing options...
Senna 368 Posted July 30, 2019 Share Posted July 30, 2019 Aren't the first two the same thing? If you don't scroll any further, than you could say those are the same But if you do... 2 Link to comment Share on other sites More sharing options...
richardvrusso 10 Posted May 1, 2020 Share Posted May 1, 2020 Hi everyone, I'm following post #4 though getting stuck at step 11. Does cloudflare not like .tk TLD's? It's been all night and cloudflare still says the dns check is not updated. Regards, Rich Link to comment Share on other sites More sharing options...
crusher11 851 Posted May 1, 2020 Share Posted May 1, 2020 I've been using a .tk with zero issues. Not sure how long it took to get started though. Link to comment Share on other sites More sharing options...
richardvrusso 10 Posted May 1, 2020 Share Posted May 1, 2020 Crusher11 good to know. I'll give it some more time. It was last night I started this. Thx. Link to comment Share on other sites More sharing options...
richardvrusso 10 Posted May 2, 2020 Share Posted May 2, 2020 I think I'm almost there! When I enable secure connections shouldn't it display that info on the dashboard? I'm only seeing http info. Link to comment Share on other sites More sharing options...
Luke 37065 Posted May 2, 2020 Share Posted May 2, 2020 I think I'm almost there! When I enable secure connections shouldn't it display that info on the dashboard? I'm only seeing http info. Hi, what do you mean by only seeing http info? Link to comment Share on other sites More sharing options...
richardvrusso 10 Posted May 2, 2020 Share Posted May 2, 2020 (edited) Hey Luke, Here is a pic of the dashboard. Should I see here https addresses? Edited May 2, 2020 by richardvrusso Link to comment Share on other sites More sharing options...
pwhodges 1530 Posted May 2, 2020 Share Posted May 2, 2020 I see this: I don't have local https set up (my Caddy proxy does that), and in practice I use the https remote access even at home, as the router happily loops it back; that way I can take my portable devices in and out of the house with no break of service as they switch between wifi and phone data. Paul Link to comment Share on other sites More sharing options...
richardvrusso 10 Posted May 2, 2020 Share Posted May 2, 2020 see mine doesn't look like that. Maybe it's the current version I'm on? Side note, I do want to try Caddy. I like the idea of a secure front to any servers/services on the network. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now