Jump to content

Problems with connecting Emby to Cloudflare Full SSL encryption


ClaySteele

Recommended Posts

mastrmind11

So your router is set up correctly?  your ports are open etc?  I assume you can access the server locally?  you can access your server externally via IP, etc etc. need more info.

Edited by mastrmind11
Link to comment
Share on other sites

ClaySteele

I can access the server locally

My router ports are open correctly I believe

external port 80 points to host's port 8096

external port 443 points to host's port 8920

I can go to emby.mydomain.com to view my libraries, it works with https... but on cloudflare it says its only encrypted from cloudflare servers to the user browser

I have created an origin server certificate on cloudflare, and linked the .pfx file in the networks settings of emby

when I switch from flexible to "Full" encryption the connection to the server goes down

Screen Shot 2020-09-17 at 3.45.14 PM.png

Link to comment
Share on other sites

Q-Droid

You should be able to connect to your Emby server on 8920 (or WAN IP on 443?) to make sure the origin cert was installed correctly.

 

Link to comment
Share on other sites

ClaySteele
4 minutes ago, Q-Droid said:

You should be able to connect to your Emby server on 8920 (or WAN IP on 443?) to make sure the origin cert was installed correctly.

 

Using my WAN IP port 443 it gives a ERR_EMPTY_RESPONSE error. 

Would you be able to link any tutorials or directions on how to install the certificate correctly on my raspberrypi?

Link to comment
Share on other sites

Q-Droid

What about internally on 8920 to double check.

That guide should work so verify that your pfx file is good. And that the user running Emby on the Pi can read the pfx file.

openssl pkcs12 -in yourfile.pfx -info -nodes

The output should be your origin cert and private key, don't post or share it.

 

 

Link to comment
Share on other sites

ClaySteele
5 minutes ago, Q-Droid said:

What about internally on 8920 to double check.

That guide should work so verify that your pfx file is good. And that the user running Emby on the Pi can read the pfx file.

openssl pkcs12 -in yourfile.pfx -info -nodes

The output should be your origin cert and private key, don't post or share it.

 

 

When i go to WAN-IP:8920 it does not bring me to the server and gives me the error ERR_CONNECTION_RESET

Is there a specific folder I should be putting these certs into on my pi? 

Link to comment
Share on other sites

Q-Droid

Is your pfx file good? You can create a directory /var/lib/emby/ssl and put the pfx file in there. Make sure the ssl directory and the pfx file are owned by user emby. Then change the Network settings in Emby to match and restart the server.

If this doesn't fix the problem then attach the emby server log.

 

 

Link to comment
Share on other sites

ClaySteele
2 hours ago, Q-Droid said:

Is your pfx file good? You can create a directory /var/lib/emby/ssl and put the pfx file in there. Make sure the ssl directory and the pfx file are owned by user emby. Then change the Network settings in Emby to match and restart the server.

If this doesn't fix the problem then attach the emby server log.

 

 

I was very hopeful that that would work, I have followed that first paragraph of instructions but it still did not work

Just to be clear so im not missing anything, how do I attach the emby server log?

Link to comment
Share on other sites

ClaySteele
35 minutes ago, Luke said:

Instructions can be found here:

 

I checked my logs and it doesnt look like there have been any https requests... none made to port 8920 or 443

Here are my settings in emby network settings

 

Screen Shot 2020-09-17 at 9.27.26 PM.png

Screen Shot 2020-09-17 at 9.27.37 PM.png

Link to comment
Share on other sites

Q-Droid

The certificate password field looks blank which is unusual since the pfx file typically has one.

The reason we ask for logs is to see where the problem might be.

 

 

Link to comment
Share on other sites

ClaySteele
32 minutes ago, Q-Droid said:

The certificate password field looks blank which is unusual since the pfx file typically has one.

The reason we ask for logs is to see where the problem might be.

 

 

I previously tried a pfx file with a password, and then I saw somewhere to try and use a pfx file without a password but that did not work either

Is there anyway I can share my logs with you without posting them here? I dont feel very comfortable sharing my domain name publicly  

Link to comment
Share on other sites

Q-Droid

Full disclosure - I'm a community member like you, not an Emby support team member. You can scrub those details from the file with find/replace and attach to a direct message if you wish.

Just to backtrack a bit:

Browser to LAN IP:8920 doesn't work?

Browser to WAN IP:443 doesn't work?

And you were able to verify the cert and private key are indeed in the pfx?

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...