muzicman0 59 Posted July 14, 2020 Share Posted July 14, 2020 I'm using a reverse proxy that auto gets a cert for me, but I don't have access to the cert. I would like to set Emby up to 'prefer' secured connections so that Emby Connect will work (my ISP blocks port 80), but it won't let me set the connection since I don't have a cert listed. Is is possible to edit a text config file to have that setting enabled so that EmbyConnect points to my domain:443 instead of my domain:80? Link to comment Share on other sites More sharing options...
ebr 14910 Posted July 14, 2020 Share Posted July 14, 2020 @pir8radio Link to comment Share on other sites More sharing options...
Carlo 4330 Posted July 14, 2020 Share Posted July 14, 2020 Which reverse proxy are you using? nginx or something like Cloudflare? I use Emby (Emby Connect) over port 443 with a cert through Cloudflare but you can do the same through nginx and likely other proxy servers as well. Link to comment Share on other sites More sharing options...
muzicman0 59 Posted July 14, 2020 Author Share Posted July 14, 2020 (edited) Caddy. It auto renews a cert for me every 90 days, but I believe it stores it in some sort of archive. I haven't been able to actually find it. And... Since I can't point Emby to a cert file, I can't tell Emby to use a secure connection. Edited July 14, 2020 by muzicman0 Link to comment Share on other sites More sharing options...
Carlo 4330 Posted July 14, 2020 Share Posted July 14, 2020 Sorry, I've never used Caddy so can't be of much help except for general questions of functionality as a whole. Link to comment Share on other sites More sharing options...
ebr 14910 Posted July 14, 2020 Share Posted July 14, 2020 Does the following help? Quote Go to your Emby server configuration, under Network. Keep local HTTP as 8096 and local HTTPS as 8920. Be sure to check "Allow remote connections to this Emby server." Change public HTTP port to 80 and public HTTPS port to 443. Under external domain put in media.mydomain.net (substitute with your actual domain name of course). You don't need anything for certificates. Then for Secure Connection Mode, choose "Handled by reverse proxy." Uncheck enable automatic port mapping, because you've already set up port forwarding in your router to your Caddy server. 2 Link to comment Share on other sites More sharing options...
muzicman0 59 Posted July 14, 2020 Author Share Posted July 14, 2020 (edited) Thanks @ebr, this was exactly what I was looking for...can't believe I didn't see that before! Looks like it will work now as I want it to! Edited July 14, 2020 by muzicman0 Link to comment Share on other sites More sharing options...
Luke 37051 Posted July 14, 2020 Share Posted July 14, 2020 Did you explore all of the choices in that dropdown? Link to comment Share on other sites More sharing options...
muzicman0 59 Posted July 14, 2020 Author Share Posted July 14, 2020 2 minutes ago, Luke said: Did you explore all of the choices in that dropdown? I think the only ones that would work would be Disabled, or Handled by Reverse Proxy. In any case, Handled by Reverse Proxy seems to work well. Link to comment Share on other sites More sharing options...
pwhodges 1527 Posted July 14, 2020 Share Posted July 14, 2020 As you've been told, you don't need to use a secure connection between the reverse proxy and Emby. It's not too hard to find Caddy's certificates, either, if you have another reason to do so. In Caddy v1 they're under "<caddy directory>\Assets\acme\acme-v02.api.letsencrypt.,org\sites\<url of site>\"; and in Caddy v2 they're under "C:\users\<caddy user>\AppData\Roaming\Caddy\certificates\acme-v02.api.letsencrypt.org\<url of site>". As a sample reason, I have a scheduled job which updates my mail server's certificate with a copy of the one which Caddy keeps up to date for the web mail (which has the same domain name as the SMTP and IMAP server, so that works OK). Paul Link to comment Share on other sites More sharing options...
muzicman0 59 Posted July 14, 2020 Author Share Posted July 14, 2020 1 minute ago, pwhodges said: As you've been told, you don't need to use a secure connection between the reverse proxy and Emby. It's not too hard to find Caddy's certificates, either, if you have another reason to do so. In Caddy v1 they're under "<caddy directory>\Assets\acme\acme-v02.api.letsencrypt.,org\sites\<url of site>\"; and in Caddy v2 they're under "C:\users\<caddy user>\AppData\Roaming\Caddy\certificates\acme-v02.api.letsencrypt.org\<url of site>". As a sample reason, I have a scheduled job which updates my mail server's certificate with a copy of the one which Caddy keeps up to date for the web mail (which has the same domain name as the SMTP and IMAP server, so that works OK). Paul I'm not using secure between Caddy and the Emby server, but without telling Emby to use secure connections for external connections, Emby Connect will point to port 80, which is blocked on my ISP, thus Emby Connect would not work at all (I had to get their by the domain:port). Thanks for the info on cert location. Link to comment Share on other sites More sharing options...
muzicman0 59 Posted July 14, 2020 Author Share Posted July 14, 2020 (edited) 18 minutes ago, pwhodges said: As you've been told, you don't need to use a secure connection between the reverse proxy and Emby. It's not too hard to find Caddy's certificates, either, if you have another reason to do so. In Caddy v1 they're under "<caddy directory>\Assets\acme\acme-v02.api.letsencrypt.,org\sites\<url of site>\"; and in Caddy v2 they're under "C:\users\<caddy user>\AppData\Roaming\Caddy\certificates\acme-v02.api.letsencrypt.org\<url of site>". As a sample reason, I have a scheduled job which updates my mail server's certificate with a copy of the one which Caddy keeps up to date for the web mail (which has the same domain name as the SMTP and IMAP server, so that works OK). Paul using v1, however, I don't have an Assets directory. I have init and logs (I created logs for the caddy logs though). Note: I am running this on Windows, not Linux...although I could change if I wanted to, I do have a Linux PC available. Edited July 14, 2020 by muzicman0 Link to comment Share on other sites More sharing options...
pwhodges 1527 Posted July 14, 2020 Share Posted July 14, 2020 Well, my Caddy v1 installation may not be standard, I admit - but whatever, it wouldn't take long to search your system for *.crt and then you'd know. Paul 1 Link to comment Share on other sites More sharing options...
muzicman0 59 Posted July 14, 2020 Author Share Posted July 14, 2020 I have been wanting to upgrade to v2 for a while, so I did. Now I have access to them. Getting it to run as a service was a bit more difficult, but eventually got it. Thanks again for the info. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now