ClaySteele 0 Posted September 17, 2020 Share Posted September 17, 2020 I have followed this guide https://blog.awelswynol.co.uk/2018/01/setting-up-cloudflare-with-emby step by step It works, but only for the "Flexible" Cloudflare SSL option, not the "Full" end to end encryption When I turn on "Full" it does not connect to the host I am running on a RaspberryPi 4 as my host Can anyone help me please? Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted September 17, 2020 Share Posted September 17, 2020 (edited) So your router is set up correctly? your ports are open etc? I assume you can access the server locally? you can access your server externally via IP, etc etc. need more info. Edited September 17, 2020 by mastrmind11 Link to comment Share on other sites More sharing options...
ClaySteele 0 Posted September 17, 2020 Author Share Posted September 17, 2020 I can access the server locally My router ports are open correctly I believe external port 80 points to host's port 8096 external port 443 points to host's port 8920 I can go to emby.mydomain.com to view my libraries, it works with https... but on cloudflare it says its only encrypted from cloudflare servers to the user browser I have created an origin server certificate on cloudflare, and linked the .pfx file in the networks settings of emby when I switch from flexible to "Full" encryption the connection to the server goes down Link to comment Share on other sites More sharing options...
Q-Droid 610 Posted September 17, 2020 Share Posted September 17, 2020 You should be able to connect to your Emby server on 8920 (or WAN IP on 443?) to make sure the origin cert was installed correctly. Link to comment Share on other sites More sharing options...
ClaySteele 0 Posted September 17, 2020 Author Share Posted September 17, 2020 4 minutes ago, Q-Droid said: You should be able to connect to your Emby server on 8920 (or WAN IP on 443?) to make sure the origin cert was installed correctly. Using my WAN IP port 443 it gives a ERR_EMPTY_RESPONSE error. Would you be able to link any tutorials or directions on how to install the certificate correctly on my raspberrypi? Link to comment Share on other sites More sharing options...
Q-Droid 610 Posted September 17, 2020 Share Posted September 17, 2020 What about internally on 8920 to double check. That guide should work so verify that your pfx file is good. And that the user running Emby on the Pi can read the pfx file. openssl pkcs12 -in yourfile.pfx -info -nodes The output should be your origin cert and private key, don't post or share it. Link to comment Share on other sites More sharing options...
ClaySteele 0 Posted September 17, 2020 Author Share Posted September 17, 2020 5 minutes ago, Q-Droid said: What about internally on 8920 to double check. That guide should work so verify that your pfx file is good. And that the user running Emby on the Pi can read the pfx file. openssl pkcs12 -in yourfile.pfx -info -nodes The output should be your origin cert and private key, don't post or share it. When i go to WAN-IP:8920 it does not bring me to the server and gives me the error ERR_CONNECTION_RESET Is there a specific folder I should be putting these certs into on my pi? Link to comment Share on other sites More sharing options...
Q-Droid 610 Posted September 17, 2020 Share Posted September 17, 2020 Is your pfx file good? You can create a directory /var/lib/emby/ssl and put the pfx file in there. Make sure the ssl directory and the pfx file are owned by user emby. Then change the Network settings in Emby to match and restart the server. If this doesn't fix the problem then attach the emby server log. Link to comment Share on other sites More sharing options...
ClaySteele 0 Posted September 18, 2020 Author Share Posted September 18, 2020 2 hours ago, Q-Droid said: Is your pfx file good? You can create a directory /var/lib/emby/ssl and put the pfx file in there. Make sure the ssl directory and the pfx file are owned by user emby. Then change the Network settings in Emby to match and restart the server. If this doesn't fix the problem then attach the emby server log. I was very hopeful that that would work, I have followed that first paragraph of instructions but it still did not work Just to be clear so im not missing anything, how do I attach the emby server log? Link to comment Share on other sites More sharing options...
Luke 36889 Posted September 18, 2020 Share Posted September 18, 2020 Instructions can be found here: Link to comment Share on other sites More sharing options...
ClaySteele 0 Posted September 18, 2020 Author Share Posted September 18, 2020 35 minutes ago, Luke said: Instructions can be found here: I checked my logs and it doesnt look like there have been any https requests... none made to port 8920 or 443 Here are my settings in emby network settings Link to comment Share on other sites More sharing options...
Q-Droid 610 Posted September 18, 2020 Share Posted September 18, 2020 The certificate password field looks blank which is unusual since the pfx file typically has one. The reason we ask for logs is to see where the problem might be. Link to comment Share on other sites More sharing options...
ClaySteele 0 Posted September 18, 2020 Author Share Posted September 18, 2020 32 minutes ago, Q-Droid said: The certificate password field looks blank which is unusual since the pfx file typically has one. The reason we ask for logs is to see where the problem might be. I previously tried a pfx file with a password, and then I saw somewhere to try and use a pfx file without a password but that did not work either Is there anyway I can share my logs with you without posting them here? I dont feel very comfortable sharing my domain name publicly Link to comment Share on other sites More sharing options...
Q-Droid 610 Posted September 18, 2020 Share Posted September 18, 2020 Full disclosure - I'm a community member like you, not an Emby support team member. You can scrub those details from the file with find/replace and attach to a direct message if you wish. Just to backtrack a bit: Browser to LAN IP:8920 doesn't work? Browser to WAN IP:443 doesn't work? And you were able to verify the cert and private key are indeed in the pfx? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now