Emby only listens on tcp6/8096

[ki9 0]

I'm running Emby server version 4.4.3.0 on Ubuntu 18.04.  I'm trying to get https to work but Emby only listens on http over ipv6: 

# netstat -tulpn | grep EmbyServer
tcp6       0      0 :::8096                 :::*                    LISTEN      18468/EmbyServer    
udp        0      0 0.0.0.0:53911           0.0.0.0:*                           18468/EmbyServer    
udp        0      0 0.0.0.0:7359            0.0.0.0:*                           18468/EmbyServer    
udp        0      0 0.0.0.0:1900            0.0.0.0:*                           18468/EmbyServer

Nothing else is running on 8920.  This is my network config.  I did restart to ensure changes take effect. 

 

[Q-Droid 671]

The emby OS user needs to be able to read and open the pfx file to get the cert. If the server process can't open the file then it won't bind to the SSL port.

 

[ki9 0]

Thanks Q-Droid, that was exactly the problem.  I'm impressed that you knew the problem without seeing any error message.  You must answer this a lot.  It might help if emby threw up an error for that... then again, it might be in the logs that I never looked at.  

It's still only serving on IPv6.  Do you know what's up with that?  

# netstat -tulpn | grep EmbyServer
tcp6       0      0 :::8920                 :::*                    LISTEN      6294/EmbyServer
tcp6       0      0 :::8096                 :::*                    LISTEN      6294/EmbyServer
udp        0      0 0.0.0.0:7359            0.0.0.0:*                           6294/EmbyServer
udp        0      0 0.0.0.0:57408           0.0.0.0:*                           6294/EmbyServer
udp        0      0 0.0.0.0:1900            0.0.0.0:*                           6294/EmbyServer

 

Edited November 8, 2020 by ki9
Added code formatting to code block

[Q-Droid 671]

Emby does throw an error in the server log but not in the UI.

Reporting tcp6 only in netstat should be fine if you're dual stacked. Mine looks the same and I've never given it much thought.

 

[ki9 0]

OK, apparently it is correct behavior, actually listening on both versions whether netstat says so or not: 

Quote

I believe that on Linux, binding to [::] (IPv6) results in receiving both IPv6 and IPv4 traffic (by default). I believe these are referred to as IPv4-mapped IPv6 addresses. netstat simply shows the IPv6 entry only, because there's technically only a single bind, that happens to support both IPv4 and IPv6.

There's a bit of information on the Apache site.

It's possible for software to not use IPv4-mapped IPv6 addresses and bind to both 0.0.0.0 and [::] separately and hence show up twice in netstat, but it's a design choice on the part of the developers.

-Server Fault: HTTPD listening in IPv6, according netstat, but reacheable in IPv4

Which is confusing as hell.  ss even says explicitly that it's running on ipv6 only: 

$ ss -tle '( sport = :8920 )'
State     Recv-Q     Send-Q          Local Address:Port         Peer Address:Port    
LISTEN    0          128                         *:8920                    *:*        uid:997 ino:190854 sk:1e v6only:0 <->

 

[ki9 0]

Actually, 

v6only:0

might mean that it's not only v6.  Maybe that zero is to inform that it's ipv4-mapped-ipv6. 

[Q-Droid 671]

That appears to be the case, 0 to bind v4 and v6, 1 (or non-zero) to bind v6 only. 

 

[Luke 37282]

Hi @ki9 has this helped?

[ki9 0]

@Luke

Yes, thanks.