sftech13 20 Posted May 16, 2024 Posted May 16, 2024 (edited) I appreciate everyone’s input on this topic. I encountered some issues a few days ago and couldn’t find an answer until I posted in another thread. I thought I’d share my setup configuration and the script I use to make SSL work. My Setup: Ubuntu 22.04 (no container) No-IP for domain Let's Encrypt for SSL Here’s a script that will take the Let’s Encrypt files and merge them into one PKS file for Emby. It combines the files and assigns the correct permissions for Emby. You can also use it as a cron job if you like. Steps: 1. Combine Files: The script merges the Let’s Encrypt files. 2. Assign Permissions: It sets the correct permissions for Emby. 3. Configure Emby: Add the location of the output file and password in Emby, and you're good to go. I hope this helps some of you. If you have any questions or additional suggestions, please feel free to share. #!/bin/bash # Define variables output_file="/home/location/combined.pfx" private_key_file="/etc/nginx/ssl/domain/key.pem" certificate_file="/etc/nginx/ssl/domain/fullchain.pem" chain_file="/etc/nginx/ssl/domain/chain.pem" password_file="/home/location/key_password.txt" # Run openssl command with variables openssl pkcs12 -export -out "$output_file" \ -inkey "$private_key_file" \ -in "$certificate_file" \ -certfile "$chain_file" \ -passin file:"$password_file" # Set ownership and permissions chown emby:emby "$output_file" chmod 644 "$output_file" Edited May 16, 2024 by sftech13 1
Cphusion 3 Posted May 21, 2024 Posted May 21, 2024 (edited) On 5/16/2024 at 6:42 PM, sftech13 said: I hope this helps some of you. If you have any questions or additional suggestions, please feel free to share. What I did is just reverse proxy Emby through a virtualhost already using ssl and I use certbot to automatically renew that certificate, also one less port that needs to be opened since 80/443 are already open. Edited May 21, 2024 by Cphusion
sftech13 20 Posted May 21, 2024 Posted May 21, 2024 (edited) 1 hour ago, Cphusion said: What I did is just reverse proxy Emby through a virtualhost already using ssl and I use certbot to automatically renew that certificate, also one less port that needs to be opened since 80/443 are already open. I'm using Swizzin and haven't been able to figure out that part. I would like too. Here is my default config. domains are changed to domain. If you can help me I would appreciate it. server { listen 80; listen [::]:80; server_name domain; location /.well-known { alias /srv/.well-known; allow all; default_type "text/plain"; autoindex on; } location / { return 301 https://$host$request_uri; } } # SSL configuration server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name domain; ssl_certificate /etc/nginx/ssl/domain/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/domain/key.pem; include snippets/ssl-params.conf; client_max_body_size 40M; server_tokens off; root /srv/; include /etc/nginx/apps/*.conf; location ~ /\.ht { deny all; } } Edited May 21, 2024 by sftech13
Cphusion 3 Posted May 21, 2024 Posted May 21, 2024 39 minutes ago, sftech13 said: I'm using Swizzin and haven't been able to figure out that part. I would like too. Here is my default config. domains are changed to domain. If you can help me I would appreciate it. I'm not using Nginx to reverse proxy but Apache, however I've seen some topics where others Emby working proxying it through Nginx. That's where I would compare your Nginx configuration to. After you have that part figured out it's a matter of requesting a LetsEncrypt cert with certbot with the Nginx plugin. https://eff-certbot.readthedocs.io/en/stable/using.html#nginx
Cphusion 3 Posted May 21, 2024 Posted May 21, 2024 27 minutes ago, Cphusion said: That's where I would compare your Nginx configuration to. Or try one of these. https://github.com/linuxserver/reverse-proxy-confs/blob/master/emby.subdomain.conf.sample https://github.com/linuxserver/reverse-proxy-confs/blob/master/emby.subfolder.conf.sample 1
Trevor68 51 Posted May 21, 2024 Posted May 21, 2024 I just reverse proxy using Caddy, dead easy. Using Caddy for automatic SSL certificates with Cloudflare - Roelof Jan Elsinga 1
Guest Posted May 22, 2024 Posted May 22, 2024 Ayudame no puedo abrir mi cuenta ayudame pide numeros en servidores
podonnell 36 Posted August 7, 2024 Posted August 7, 2024 (edited) On 4/26/2022 at 2:04 PM, pwhodges said: Mistake: Do not set Emby to listen on 443 - that's Caddy's job, and if they're on the same machine you have a conflict. Mistake: Do not set the router to forward port 443 to 8096 - it goes to port 443 in Caddy; it is Caddy that then contacts 8096 in Emby, which the router doesn't know about in any way. Your clients all talk to Caddy, not Emby. It's right to set Emby to accept remote connections, because Caddy passes the remote client's address through for it to assess. You haven't shown the setting in Emby for "Secure connection mode", which should be set to "Handled by reverse proxy". Paul Did a search and found this post very helpful. I had Caddy set for Jellyfin and just want to make sure that in my transition over to Emby I did not assume anything incorrectly. Caddy is listening on 443, and then RPing emby traffic to 8096. The thing that struck me is that 8096 is my "Local http port number" in Emby. However, I think this is correct because everything coming in to Caddy on 443 is automatically encrypted anyway, so the forwarding on the local http port really doesn't matter. Oh, and, Secure connection mode has to be set to 'handled by reverse proxy'. Sound right? Edited August 7, 2024 by podonnell
HairyBizRat 12 Posted August 8, 2024 Posted August 8, 2024 Great info but this is a deal breaker for replacing Plex with Emby. It’s added cost and just to much messing around.
Trevor68 51 Posted August 8, 2024 Posted August 8, 2024 Wow, took me about 5 mins to setup for zero cost.
darkassassin07 603 Posted August 8, 2024 Posted August 8, 2024 (edited) Privacy isn't typically effortless. Instead of some upfront effort to learn new skills, privacy is often traded for ease of use/setup. I prefer to put the effort in. It leaves me with knowledge and skills I can put to use in other projects; while helping to minimize the number of companies harvesting my info and trying to sell me crap. P.S. The cost of a domain is so small, I forget it exists... Edited August 8, 2024 by darkassassin07 1
pwhodges 1814 Posted August 8, 2024 Posted August 8, 2024 3 hours ago, mjroberts said: Great info but this is a deal breaker for replacing Plex with Emby. It’s added cost and just to much messing around. What cost (Caddy is free, like other reverse proxies)? And how does using Plex avoid unrelated fees (like a custom domain for SSL)? Just curious why such small concerns are described as a "deal-breaker"... Paul
Q-Droid 854 Posted August 8, 2024 Posted August 8, 2024 5 hours ago, pwhodges said: What cost (Caddy is free, like other reverse proxies)? And how does using Plex avoid unrelated fees (like a custom domain for SSL)? Just curious why such small concerns are described as a "deal-breaker"... Paul Maybe the cost of making a second post in the forum? 1
GrimReaper 3971 Posted August 8, 2024 Posted August 8, 2024 5 hours ago, pwhodges said: unrelated fees (like a custom domain for SSL) Even that can be obtained from free with some DDNS providers 1
HairyBizRat 12 Posted August 9, 2024 Posted August 9, 2024 On 8/8/2024 at 2:10 AM, pwhodges said: What cost (Caddy is free, like other reverse proxies)? And how does using Plex avoid unrelated fees (like a custom domain for SSL)? Just curious why such small concerns are described as a "deal-breaker"... Paul I'm trying to get Emby working with a reverse proxies but having issues setting up Caddy Plex, works with SSL out of the box, no domain required so its free
pwhodges 1814 Posted August 9, 2024 Posted August 9, 2024 SSL effectively requires a domain name as certificates are linked to names, so what are you using? Are you actually connecting remotely straight into your Plex server, or is all your data going via Plex's servers (e.g. to get around cgNAT)? If you have cgNAT, you will need another solution to use Emby remotely (e.g. a CloudFlare tunnel, or Tailscale). Paul
HairyBizRat 12 Posted August 9, 2024 Posted August 9, 2024 43 minutes ago, pwhodges said: SSL effectively requires a domain name as certificates are linked to names, so what are you using? Are you actually connecting remotely straight into your Plex server, or is all your data going via Plex's servers (e.g. to get around cgNAT)? If you have cgNAT, you will need another solution to use Emby remotely (e.g. a CloudFlare tunnel, or Tailscale). Paul For Plex iits the default application so nothin on my end I'm not familaur with cgNAT What i have done is registered for a domain Then i was under the impression this Caddy took care of the rest, do i need another service in between caddy and my domain register?
Q-Droid 854 Posted August 9, 2024 Posted August 9, 2024 You might be missing a step. Your domain needs to resolve to your WAN IP. It's best to setup a DDNS client or see if your router can do it. Manual is fine if you're IP doesn't change but it can happen.
HairyBizRat 12 Posted August 9, 2024 Posted August 9, 2024 1 minute ago, Q-Droid said: You might be missing a step. Your domain needs to resolve to your WAN IP. It's best to setup a DDNS client or see if your router can do it. Manual is fine if you're IP doesn't change but it can happen. i have a static IP from my ISP so it doesn't change, I have my A record updated on my domain so its pointing to my IP correctly. I can access emby via my domain using http
HairyBizRat 12 Posted August 9, 2024 Posted August 9, 2024 Updating my posts as resolved I gave up on the reverse proxy and even the guide for SSL as all were confusing All i had to do was log into my Domain providers site, generate a SSL key (free with domain) download it to my Emby server and add it to emby. Ensure port forwarding is on and sure enough the server shows my domain name with https tested and working
guunter 38 Posted August 9, 2024 Posted August 9, 2024 13 minutes ago, mjroberts said: Updating my posts as resolved I gave up on the reverse proxy and even the guide for SSL as all were confusing All i had to do was log into my Domain providers site, generate a SSL key (free with domain) download it to my Emby server and add it to emby. Ensure port forwarding is on and sure enough the server shows my domain name with https tested and working Yeah I think you had the wrong idea about what reverse proxy is intended for but that's okay. You got it working. I was just about to recommend you in the other post to just upload the cert to emby since it was your only website. 1
bandit8623 116 Posted August 9, 2024 Posted August 9, 2024 15 minutes ago, mjroberts said: Updating my posts as resolved I gave up on the reverse proxy and even the guide for SSL as all were confusing All i had to do was log into my Domain providers site, generate a SSL key (free with domain) download it to my Emby server and add it to emby. Ensure port forwarding is on and sure enough the server shows my domain name with https tested and working test your server here https://www.immuniweb.com/ssl/ and fix any non secure items with https://www.nartac.com/Products/IISCrypto if not using proxy 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now