Jump to content

Emby SSL certificates on Raspberry Pi


Go to solution Solved by Q-Droid,

Recommended Posts

Przemek

Hello, I install Emby server on Raspberry pi 4 with Dietpi distro. I have also installed there Nextcloud as my NAS server. There's very easy way to install SSL certificate for Nextcloud. I make a domain myserver.ddns.net on NO-IP website, install certbot and run letsencrypt from dietpi-software.

Now I want to add SSL for my Emby Server. I see there's tutorial but I don't know nothing about certificates and don't want to brake something. @@pir8radio @@Swynol Can somebody tell me do I have to make another domain with ddns? There's also information on the tutorial beginning to kill all process on port 80. When I enable https for nextcloud I delete rule for port forwarding on my router for port 80 but when I make command:

`netstat -nlp | grep :80`

```

tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1191/kodi.bin_v8

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1032/lighttpd

tcp6 0 0 :::8096 :::* LISTEN 26999/EmbyServer

tcp6 0 0 :::8080 :::* LISTEN 1191/kodi.bin_v8

tcp6 0 0 :::80 :::* LISTEN 1032/lighttpd

```

 

Regards Przemek

Edited by Przemek
Link to post
Share on other sites
Q-Droid

If you remove port forwarding for 8096 then you shouldn't be able to reach the http URL even if the host was listening. Same for the other ports, you don't have to worry about or kill the other listening processes on the host if the router is not allowing traffic to reach them.

Link to post
Share on other sites
Q-Droid

Also, if you set Secure connection mode to "Required for all remote connections" in the Network settings and leave port 8096 forwarded on your router then Emby redirects the connection to HTTPS.

Link to post
Share on other sites
Przemek

So I need to set port 8920 also on LAN connections? What about renew certificate when I close port forwarding for port 8096. Do I have to open port everytime?

Link to post
Share on other sites
  • Solution
Q-Droid

Emby and your router are separate and perform different functions. With secure remote access enabled Emby will listen on both of the ports designated for HTTP (default 8096) and HTTPS (default 8920). 

Your router manages traffic between LAN and WAN. You have the option to allow only 8920 or both with port forwarding on the router and it does not affect LAN access to the Emby server. LAN devices can reach both ports on the server but it's best and easier to use HTTP (8096). Without more advanced setup like local DNS the certificate validation would fail on the LAN and secure connection is not needed locally. You can try it with the web app, the browser should warn about the cert but let you continue to Emby on HTTPS using the LAN name. Phones, apps and other devices will fail because they don't offer the option to click through.

 

Certificate renewal does not involve the Emby ports and certbot only allows port 80 for HTTP-01 challenge and only supports standard ports (80,443) during the renewal process. LetsEncrypt has options such as DNS-01 challenge and APIs for many DDNS providers which eliminates the need to open port 80 (and 443). If you're using HTTP-01 then you would have to open port 80 on the router for renewal to work.

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...