Luke 38161 Posted November 25, 2020 Share Posted November 25, 2020 Many are using letencrypt. 1 Link to comment Share on other sites More sharing options...
Carlo 4375 Posted November 25, 2020 Share Posted November 25, 2020 I mostly see LetEncrypt and certs from Cloudflare. Link to comment Share on other sites More sharing options...
Satiomeliom 0 Posted December 8, 2020 Share Posted December 8, 2020 I have a dynamic dns for my ip (www.ddnss.de) . Does it work for this too? Link to comment Share on other sites More sharing options...
Carlo 4375 Posted December 8, 2020 Share Posted December 8, 2020 Hi, Yes, DDNS should work just fine with Emby. Link to comment Share on other sites More sharing options...
sross44 281 Posted December 23, 2020 Share Posted December 23, 2020 Wondering if someone can help me out via TeamView or something else. I had everything set up and working perfectly via Cloudfare. And now all of a sudden I can't connect to my secure domain for Emby. I think something somehow got messed up with the port forwarding rules. Anyone want to give this a shot and see what's going on? I'm lost.... And I've tried everything I can think of. It was working perfectly and loved it and now BAM... nothing. Link to comment Share on other sites More sharing options...
Carlo 4375 Posted December 23, 2020 Share Posted December 23, 2020 (edited) Hi, I can take a look for you via TeamViewer. Send me over via PM the userid and one-time password with a time if you have a preference or I can log right in and open a chat with you. Edited December 23, 2020 by cayars Link to comment Share on other sites More sharing options...
sross44 281 Posted December 24, 2020 Share Posted December 24, 2020 2 hours ago, cayars said: Hi, I can take a look for you via TeamViewer. Send me over via PM the userid and one-time password with a time if you have a preference or I can log right in and open a chat with you. Shot you a PM... let me know whenever you're free. Thanks for helping! Link to comment Share on other sites More sharing options...
JulesC 44 Posted December 30, 2020 Share Posted December 30, 2020 I have SSL + Caddy V2 successfully working as my Reverse Proxy for Emby Server running on Windows 10 for about a year now thanks to all the info sharing on this post. I now am in the process of moving my Emby Server from Windows 10 to Synology NAS 1520+. Can anyone tell me how I can install Caddy V2 on my NAS? Are there any other learnings I should take into consideration? Any assistance would be greatly appreciated. Link to comment Share on other sites More sharing options...
BillOatman 529 Posted June 13, 2021 Share Posted June 13, 2021 Great info in this thread and a big thanks to the OP. I have an asus router with a DDNS feature that allows you to have asus host a domain name for you, and forward requests to your router. So for example I can have asus create EmbyServer.asuscomm.com and putting that into a browser ends up going to my router, where I would forward browser ports to my emby server. Should work in theory But I was wondering if anyone managed to get this working with emby? I did not need to register a domain name so I don't have everything I think I need to execute the original post in this thread. Thanks! Link to comment Share on other sites More sharing options...
Q-Droid 767 Posted June 13, 2021 Share Posted June 13, 2021 39 minutes ago, BillOatman said: Great info in this thread and a big thanks to the OP. I have an asus router with a DDNS feature that allows you to have asus host a domain name for you, and forward requests to your router. So for example I can have asus create EmbyServer.asuscomm.com and putting that into a browser ends up going to my router, where I would forward browser ports to my emby server. Should work in theory But I was wondering if anyone managed to get this working with emby? I did not need to register a domain name so I don't have everything I think I need to execute the original post in this thread. Thanks! Does this thread get you any closer? 1 Link to comment Share on other sites More sharing options...
BillOatman 529 Posted June 13, 2021 Share Posted June 13, 2021 39 minutes ago, Q-Droid said: Does this thread get you any closer? Woo hoo I would think so! 1 Link to comment Share on other sites More sharing options...
MEB 26 Posted July 6, 2021 Share Posted July 6, 2021 Using duckdns with home assistant so it creates the cert with letsencrypt any way to use that setup and the cert it creates automictically? Link to comment Share on other sites More sharing options...
drando 2 Posted August 17, 2021 Share Posted August 17, 2021 I finally got SSL setup. Thank you original poster. I do have a question though, is there a way to check that all remote streams are actually coming over 8920? Thank you Link to comment Share on other sites More sharing options...
Carlo 4375 Posted August 17, 2021 Share Posted August 17, 2021 Check this option on your Network menu That will require all connections to be through SSL. Link to comment Share on other sites More sharing options...
Jason'sEmby 29 Posted September 9, 2021 Share Posted September 9, 2021 I followed step by step and I get ERR_CONNECTION_TIMED_OUT:(..... yes with a sad face lol Link to comment Share on other sites More sharing options...
TiaanGR 2 Posted December 25, 2021 Share Posted December 25, 2021 Hi there, I am trying to setup my SSL Stuff with my emby server, I have followed every stepped I think of but as soon as I switch my mobile data on my phone on and I try and remote connect on my phone I get a connection error. Can anybody maybe assist me with were I am going wrong? Router Setup for Port Forwarding Emby network Configuration P.S: With the enable automatic port mapping I have tried it with it off and the same issue still happens. Also I have my own Domain for my company I have issued a SSL Certificate from there but no success. I should also mention for some reason if I do an Ipconfig via CMD the system shows my ip as something completely different to the one in emby if you remove the external domain name, I have rebooted the router but still the same thing Any Advice to were I might be going wrong? Regards, Link to comment Share on other sites More sharing options...
Q-Droid 767 Posted December 25, 2021 Share Posted December 25, 2021 (edited) Disable automatic port mapping. For most it just fills logs and it's a bad feature to have enabled on routers so it shouldn't be trying. Your cert has a .txt extension so if you created a PEM file for your keystore it won't work. Emby requires a PKCS12 store (usually PFX) for the certificates. And when you do create the correct format make sure it contains the server cert, intermediate certs (chain) if any and the private key. Edited December 25, 2021 by Q-Droid Link to comment Share on other sites More sharing options...
TiaanGR 2 Posted December 25, 2021 Share Posted December 25, 2021 9 minutes ago, Q-Droid said: Disable automatic port mapping. For most it just fills logs and it's a bad feature to have enabled on routers so it shouldn't be trying. Your cert has a .txt extension so if you created a PEM file for your keystore it won't work. Emby requires a PKCS12 store (usually PFX) for the certificates. And when you do create the correct format make sure it contains the server cert, intermediate certs (chain) if any and the private key. Ahh okay cool will give it a try thanks man! Link to comment Share on other sites More sharing options...
thejr007 1 Posted February 20, 2022 Share Posted February 20, 2022 (edited) PLEASE NOTE THIS GUIDE IS FOR SYNOLOGY NAS WITH EMBY SERVER RUNNING ON IT. I would like to thank the original poster for several of his ideas/steps are straight forward. Though I must admit with a mix of his steps and as several others have pointed out you can go multiple different ways to get to the same end result, a secure connection. Follow guide for google domain purchase, and setup the google dynamic dns record for emby. Google domains / dns option left bar / advanced settings at the bottom / manage dynamic dns / create record example = emby To clarify the dynamic dns entry you only need to type in emby A visual indicator will fill out the rest of the domain. Once you save that record you can go right back and click view credentials as they are needed in the next step. Updating the google domains dynamic dns, for some reason the standard google option listed didn't work for me, here's my setup. In synology control panel / external access / ddns - click the Customize Provider button "Service provider:" Whatever you want. example = customgoogledns "Query URL:" https://domains.google.com/nic/update?hostname=__HOSTNAME__&user=__USERNAME__&pass=__PASSWORD__&myip=__MYIP__ After saving that customized provider - click add button Service provider = customgoogledns Hostname = emby.yourdomain.com Username = provided from google credentials Password = provided from google credentials External address = auto Hopefully you test successful / normal Next step certificates Forget doing the manual ACME client certificate... use the nas. In synology control panel / security / certificate For the domain point it to your dynamic dns record. example = emby.yourdomain.com As other's have pointed out you can use synology's reverse proxy instead of the headache of telling emby what certificate to use. In synology control panel / login portal / advanced - click reverse proxy button name it whatever. example = embylink source protocol = https hostname = emby.yourdomain.com port = 443 check hsts * lol no idea what it does but figure'd meh... destination protocol = http hostname = locoalhost port = 8096 Then you need to point the correct certificate to the reverse proxy In synology control panel / security / certificate - click settings from the dropdown list match your reverse proxy to the certificate for the dynamic domain Inside Emby server network settings checked allow remote connections public port = 8096 public https port = 8920 leave everything else blank external domain = custom ssl cert pat = cert pass = Secure connection mode = handled by reverse proxy Save and restart emby server from dashboard. As the original poster stated it isn't in the scope of my guide to teach you how to port forward, but as 443 is what we used for reverse proxy source... logic would suggest to open that pointed to the nas. Good Luck! Hope this helps someone... I sure spent way too long inside emby garnishing no secure result and in the end it wasn't worth the trouble once I learned the reverse proxy trick. Edited February 20, 2022 by thejr007 1 Link to comment Share on other sites More sharing options...
Teknician 3 Posted February 24, 2022 Share Posted February 24, 2022 @MikeB111 I followed your instructions exactly and I am very impressed. Worked like a charm. Purchased my domain name, copied all the TXT string info that was given to me by le64 (which worked perfect in Windows 10), opened 8920 in my router and done. I've had most all my users delete the http account and log in with the new domain name and port 8920 and I'm ecstatic. I can use the https url in browser and it is locked and secure. Thank You for all the work you put into that tutorial. It was actually very easy and I only spent $24 on a 2 year domain name. Thank You Again... 1 Link to comment Share on other sites More sharing options...
MikeB111 51 Posted February 24, 2022 Author Share Posted February 24, 2022 12 hours ago, Teknician said: @MikeB111 I followed your instructions exactly and I am very impressed. Worked like a charm. Purchased my domain name, copied all the TXT string info that was given to me by le64 (which worked perfect in Windows 10), opened 8920 in my router and done. I've had most all my users delete the http account and log in with the new domain name and port 8920 and I'm ecstatic. I can use the https url in browser and it is locked and secure. Thank You for all the work you put into that tutorial. It was actually very easy and I only spent $24 on a 2 year domain name. Thank You Again... Thanks for the positive comments, and I'm glad it worked so well for you and that my post was easy enough to follow. I've learned a lot from these forums and am glad that I was able to add a little to the body of knowledge available here. Thanks! 1 1 Link to comment Share on other sites More sharing options...
GoodOleHarold 3 Posted March 6, 2022 Share Posted March 6, 2022 For reverse proxy on a windows platform... The way I do it is Nginx & Lets Encrypt If your windows server is a relatively good spec create a VM with 2GB memory and 1 core (really needs nothing to run) and install ubuntu server. You can even do it with Docker if you want Benefits of it: Renewal is automatic different 'attack' surfaces. If someone gets into the web server VM..... not much to do really. If you are a bit nervous about security you don't even need the reverse proxy on the same device. If they are different you are providing another point of failure/bottleneck so connectivity between things is important 1 VM can control this for any service you are running such as Radarr, Sonarr, Emby and anything really. With exception to Emby as it requires a specific port to connect. You do not need to expose all the service ports to the web such as Radarr's port. You just need 443 & 80. Nginx handles the rest for you Adding new sub domains is fairly simple In terms of streaming. I find the reverse proxy really doesn't have any impact at all. Been doing it since day 1 and everything is If it gains any interest I'll happily post a how to Link to comment Share on other sites More sharing options...
sross44 281 Posted March 15, 2022 Share Posted March 15, 2022 On 10/12/2020 at 11:42 AM, Spaceboy said: https://blog.awelswynol.co.uk/2018-01-setting-up-cloudflare-with-emby/ it is very straightforward. required zero admin in the 3 years or so i've been running this setup Seems that this blog/article is down and not working. Does anyone have a copy of these instructions? I had my Emby server set up this way and had to do a clean install of Windows (and with it Emby) so need to reset everything up. Right now nothing is secured with Emby and I've got a lot of remote family members using my server. I'm kind of an idiot when it comes to networking so it was nice to have a breakdown and have everything make sense. Link to comment Share on other sites More sharing options...
sross44 281 Posted March 15, 2022 Share Posted March 15, 2022 On 3/6/2022 at 8:24 AM, GoodOleHarold said: For reverse proxy on a windows platform... The way I do it is Nginx & Lets Encrypt If your windows server is a relatively good spec create a VM with 2GB memory and 1 core (really needs nothing to run) and install ubuntu server. You can even do it with Docker if you want Benefits of it: Renewal is automatic different 'attack' surfaces. If someone gets into the web server VM..... not much to do really. If you are a bit nervous about security you don't even need the reverse proxy on the same device. If they are different you are providing another point of failure/bottleneck so connectivity between things is important 1 VM can control this for any service you are running such as Radarr, Sonarr, Emby and anything really. With exception to Emby as it requires a specific port to connect. You do not need to expose all the service ports to the web such as Radarr's port. You just need 443 & 80. Nginx handles the rest for you Adding new sub domains is fairly simple In terms of streaming. I find the reverse proxy really doesn't have any impact at all. Been doing it since day 1 and everything is If it gains any interest I'll happily post a how to I would love a how to or even just help on setting mine up!! Link to comment Share on other sites More sharing options...
KegTapper 8 Posted March 15, 2022 Share Posted March 15, 2022 I just checked and his site loaded up fine for me Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now