Jump to content

Is it possible to set secure without having a cert?


muzicman0

Recommended Posts

muzicman0

I'm using a reverse proxy that auto gets a cert for me, but I don't have access to the cert.  I would like to set Emby up to 'prefer' secured connections so that Emby Connect will work (my ISP blocks port 80), but it won't let me set the connection since I don't have a cert listed.  Is is possible to edit a text config file to have that setting enabled so that EmbyConnect points to my domain:443 instead of my domain:80?

Link to comment
Share on other sites

Which reverse proxy are you using? nginx or something like Cloudflare?

I use Emby (Emby Connect) over port 443 with a cert through Cloudflare but you can do the same through nginx and likely other proxy servers as well.

Link to comment
Share on other sites

muzicman0

Caddy. It auto renews a cert for me every 90 days, but I believe it stores it in some sort of archive. I haven't been able to actually find it. 

And... Since I can't point Emby to a cert file, I can't tell Emby to use a secure connection.

Edited by muzicman0
Link to comment
Share on other sites

Sorry, I've never used Caddy so can't be of much help except for general questions of functionality as a whole.

Link to comment
Share on other sites

Does the following help?

Quote

Go to your Emby server configuration, under Network. Keep local HTTP as 8096 and local HTTPS as 8920. Be sure to check "Allow remote connections to this Emby server." Change public HTTP port to 80 and public HTTPS port to 443. Under external domain put in media.mydomain.net (substitute with your actual domain name of course). You don't need anything for certificates. Then for Secure Connection Mode, choose "Handled by reverse proxy." Uncheck enable automatic port mapping, because you've already set up port forwarding in your router to your Caddy server.

 

 

  • Like 2
Link to comment
Share on other sites

muzicman0

Thanks @ebr, this was exactly what I was looking for...can't believe I didn't see that before!  Looks like it will work now as I want it to!

Edited by muzicman0
Link to comment
Share on other sites

muzicman0
2 minutes ago, Luke said:

Did you explore all of the choices in that dropdown?

I think the only ones that would work would be Disabled, or Handled by Reverse Proxy.  In any case, Handled by Reverse Proxy seems to work well.

Link to comment
Share on other sites

pwhodges

As you've been told, you don't need to use a secure connection between the reverse proxy and Emby.

It's not too hard to find Caddy's certificates, either, if you have another reason to do so.  In Caddy v1 they're under "<caddy directory>\Assets\acme\acme-v02.api.letsencrypt.,org\sites\<url of site>\"; and in Caddy v2 they're under "C:\users\<caddy user>\AppData\Roaming\Caddy\certificates\acme-v02.api.letsencrypt.org\<url of site>".   As a sample reason, I have a scheduled job which updates my mail server's certificate with a copy of the one which Caddy keeps up to date for the web mail (which has the same domain name as the SMTP and IMAP server, so that works OK).

Paul

Link to comment
Share on other sites

muzicman0
1 minute ago, pwhodges said:

As you've been told, you don't need to use a secure connection between the reverse proxy and Emby.

It's not too hard to find Caddy's certificates, either, if you have another reason to do so.  In Caddy v1 they're under "<caddy directory>\Assets\acme\acme-v02.api.letsencrypt.,org\sites\<url of site>\"; and in Caddy v2 they're under "C:\users\<caddy user>\AppData\Roaming\Caddy\certificates\acme-v02.api.letsencrypt.org\<url of site>".   As a sample reason, I have a scheduled job which updates my mail server's certificate with a copy of the one which Caddy keeps up to date for the web mail (which has the same domain name as the SMTP and IMAP server, so that works OK).

Paul

I'm not using secure between Caddy and the Emby server, but without telling Emby to use secure connections for external connections, Emby Connect will point to port 80, which is blocked on my ISP, thus Emby Connect would not work at all (I had to get their by the domain:port).

Thanks for the info on cert location.

Link to comment
Share on other sites

muzicman0
18 minutes ago, pwhodges said:

As you've been told, you don't need to use a secure connection between the reverse proxy and Emby.

It's not too hard to find Caddy's certificates, either, if you have another reason to do so.  In Caddy v1 they're under "<caddy directory>\Assets\acme\acme-v02.api.letsencrypt.,org\sites\<url of site>\"; and in Caddy v2 they're under "C:\users\<caddy user>\AppData\Roaming\Caddy\certificates\acme-v02.api.letsencrypt.org\<url of site>".   As a sample reason, I have a scheduled job which updates my mail server's certificate with a copy of the one which Caddy keeps up to date for the web mail (which has the same domain name as the SMTP and IMAP server, so that works OK).

Paul

using v1, however, I don't have an Assets directory.  I have init and logs (I created logs for the caddy logs though).  

 

Note: I am running this on Windows, not Linux...although I could change if I wanted to, I do have a Linux PC available.

Edited by muzicman0
Link to comment
Share on other sites

pwhodges

Well, my Caddy v1 installation may not be standard, I admit - but whatever, it wouldn't take long to search your system for *.crt and then you'd know.

Paul

  • Like 1
Link to comment
Share on other sites

muzicman0

I have been wanting to upgrade to v2 for a while, so I did. Now I have access to them. Getting it to run as a service was a bit more difficult, but eventually got it. 

Thanks again for the info. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...