Jump to content

Port Forwarding Issue (Remote Client Unable to Connect)


NME312

Recommended Posts

I have a question about remote clients connecting to my local emby server. 

I have set up port forwarding on my pfsense firewall to my emby server. I have checked the rule and confirmed the ports are open and accepting request. Running the test from pfsense also shows the ports on the emby server as being responsive and open. 

I can hit the url from the outside and confirm that ssl cert is poplutated and working. When I got to link the emby server to the web client or mobile client, I receive the connection failure message. This was all working, but it seems one i changed the port from the default 8096 to a secure port. It will not connect successfully. 

Has anyone any insight or resolutions to this kind of issue? 

Also on the Emby dashboard, it shows the remote wan access port as 8096, even though I have it configured as a different port number. The default http is 8096, but i have changed the https public port. Is there something Im missing? Do I need to do some type of redirection or change a configuration file in the Emby server itself? 

 

Any help would be much appreciated. 

Link to comment
Share on other sites

rbjtech
8 hours ago, NME312 said:

Do I need to do some type of redirection or change a configuration file in the Emby server itself? 

Yes - have a look at the SSL guides - but in summary, under 'Network' - you need to point emby to your SSL Cert and provide the Cert password you used to create it.  Then restart emby. Unless you do this, the security chain for SSL is not complete and emby will not use SSL...  Once you get a WAN IP (or FQDN) using the SSL Port you specified (8920 is default) shown in the dashboard - then you should be good to go.

Edited by rbjtech
Link to comment
Share on other sites

rbjtech

it's a lets encrypt cert - this used to be ssl4free.

@NME312 - did you see my post above ?  Have you correctly converted and imported the cert into emby ?

Link to comment
Share on other sites

@rbjtech yes, i see your post. Is there any issues with using a free cert? Im not oppose to purchasing one. Just figured, I would use a free one to test out the capabilities. 

 

If was able to load the cert with the private key. It took the cert and everything, but the dashboard never shown that it was using the 8920 port. 

Edited by NME312
Link to comment
Share on other sites

rbjtech

Hiya - no issues with a free Cert at all - Lets-Encypt are a widely approved CA  - that's what I use as do millions of other web sites.

The issue I think may be in your config of the cert - ie is it a PKCS#12 type cert (.pfx in Windows) and when creating the private key, did you use a password ?

Windows has a built in utility to check the cert - once you enter the cert password, it should show something like this -

C:\Users\Richard>certutil "C:\Emby-Server\emby.XXX.XXX.pfx"
Enter PFX password:
================ Certificate 0 ================
================ Begin Nesting Level 1 ================
Element 0:
Serial Number: *****
Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
 NotBefore: 14/07/2020 18:18
 NotAfter: 12/10/2020 18:18
Subject: CN=*** < your FQDN - this MUST be the same FQDN you use on the emby server in the domain field.
Non-root Certificate
Cert Hash(sha1): *****
----------------  End Nesting Level 1  ----------------
  Provider = Microsoft RSA SChannel Cryptographic Provider
Encryption test passed

================ Certificate 1 ================
 

There are a couple of guides on this in detail -

https://support.emby.media/support/solutions/articles/44001160086-secure-your-server

 

Link to comment
Share on other sites

Maybe that is part of my issue, I ran the command you instructed (thank you, just learned something new!). It did not prompt me for a password? I did create a password when creating the cert in IIS. 

The Output shows Certs 0, 1, 2. Cert 2 shows that the issuer is zerossl, has the FQDN, but shows the encryption test failed!

Maybe, I need to create a whole new cert all together? 

Link to comment
Share on other sites

  • 2 weeks later...
On 9/10/2020 at 11:28 AM, NME312 said:

Maybe that is part of my issue, I ran the command you instructed (thank you, just learned something new!). It did not prompt me for a password? I did create a password when creating the cert in IIS. 

The Output shows Certs 0, 1, 2. Cert 2 shows that the issuer is zerossl, has the FQDN, but shows the encryption test failed!

Maybe, I need to create a whole new cert all together? 

Have you got this fixed up yet or are you still stuck?

Link to comment
Share on other sites

Still stuck unfortunately. 
 

I tried exporting the cert again, readding the private key and same thing. 
 

My port forwarding rule works on the Firewall. 
 

So it definitely a cert issue, seems to me. 

I basically am unable to connect externally. If I allow connections from http, works fine, but once I Force https connections, no go  

This where I’m stuck, do you have any recommendations? 

Edited by NME312
Link to comment
Share on other sites

If you want to install Teamviewer from www.teamviewer.com I can give you a hand remotely getting this generated.

Install it, then PM me the userid and one-time use password and I'll remote in and open chat.

Link to comment
Share on other sites

@cayars if you have availability today, we can work on this. Are you a emby support specialists? 

 

Edited by NME312
Link to comment
Share on other sites

We can try but I'm not a pfsense user so...

Install TeamViewer from www.teamviewer.com and install it.

Private Message me your UserID and one-time Passcode that shows up on launch.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...