Where do you acquire said certificate?
You can buy them from ISPs or domain registrars, etc. You need a domain name to attach them to, though. You can get certificates free from places like LetsEncrypt - though free ones typically have a much shorter renewal time. If you use Caddy as a reverse proxy, it gets and renews them automatically from LetsEncrypt, if you set it up right. Domain names you have to buy from a registrar - they're not necessarily expensive, though.
Hi there Paul.. thanks for the clarification.. I should say that I am on windows10 os, sorry!!
As far as I can see... Emby automatically entered the port forwarding rules on my router and I don't see yet, where/how to remove them.
I have now unticked the "enable automatic port forwarding" and "allow remote connection to this emby server" in the emby settings, but the port forwarding rules are still in the router.!?
I am happy to use emby in my local network, much faster than plex, and that is what I assumed "Upnp" was for.? only local usage? my error i now know. So I will disable Upnp also. [I thought it meant universal plugnplay, so it sounded like it should be left enabled]..
Is this reverse proxy thing workable on a windows10 setup?
I am trying to do this on a "no budget" situation, to keep the family happy during the outsideworld zombie apocalypse. So any other ideas that you think may help will be very muchly welcomed..
cheers from CD in NZ
uPnP can do things inside the network, but one of the things it can do is open ports in your router. As for the open ports you now have, I suppose you need to go into the router config to close them again.
A reverse proxy is a web server that you can run on the same machine as your Emby, if you want. Typically you would install Caddy (I use v1, but now you have to get v2, for which different instructions will be needed than any in this forum). Before you can set up Caddy you need to have a DNS name pointing to your address; this you have to think up for yourself and buy from a registrar (I use Gandi). The instructions are pretty simple, but maybe people here can help if you get stuck; I will try to find time to move to Caddy 2 myself in the next couple of days so that I can help - Caddy's home page has (scroll down) an example of how easy it can be to run a reverse proxy using v2. I would leave Caddy accepting the default ports for http and https (80 and 443), as these need to be used for the automatic certificate generation. Or you can use nginx, which there's a lot of experience of here, but which is inherently more difficult. You can leave Emby on its default ports and then forward from Caddy by specifying a proxy connection to the http port of Emby. Any attempt to access port 80 from outside will automatically be diverted to 443 by Caddy, so there's nothing to worry about there. For internal use you can use Emby's http port, or you can try using the same address as you would use externally; this working would depend on your router being able to loop back or "hairpin" references to its external address from inside.
If you're content with getting your own certificate and adding it to Emby and renewing it as required, then by all means don't bother with a proxy. You can use the router to forward ports 80 and 443 to the Emby ports, or you can change the Emby ports to 80 and 443 and just let those through.