ki9 0 Posted November 6, 2020 Posted November 6, 2020 I'm running Emby server version 4.4.3.0 on Ubuntu 18.04. I'm trying to get https to work but Emby only listens on http over ipv6: # netstat -tulpn | grep EmbyServer tcp6 0 0 :::8096 :::* LISTEN 18468/EmbyServer udp 0 0 0.0.0.0:53911 0.0.0.0:* 18468/EmbyServer udp 0 0 0.0.0.0:7359 0.0.0.0:* 18468/EmbyServer udp 0 0 0.0.0.0:1900 0.0.0.0:* 18468/EmbyServer Nothing else is running on 8920. This is my network config. I did restart to ensure changes take effect.
Solution Q-Droid 881 Posted November 7, 2020 Solution Posted November 7, 2020 The emby OS user needs to be able to read and open the pfx file to get the cert. If the server process can't open the file then it won't bind to the SSL port.
ki9 0 Posted November 8, 2020 Author Posted November 8, 2020 (edited) Thanks Q-Droid, that was exactly the problem. I'm impressed that you knew the problem without seeing any error message. You must answer this a lot. It might help if emby threw up an error for that... then again, it might be in the logs that I never looked at. It's still only serving on IPv6. Do you know what's up with that? # netstat -tulpn | grep EmbyServer tcp6 0 0 :::8920 :::* LISTEN 6294/EmbyServer tcp6 0 0 :::8096 :::* LISTEN 6294/EmbyServer udp 0 0 0.0.0.0:7359 0.0.0.0:* 6294/EmbyServer udp 0 0 0.0.0.0:57408 0.0.0.0:* 6294/EmbyServer udp 0 0 0.0.0.0:1900 0.0.0.0:* 6294/EmbyServer Edited November 8, 2020 by ki9 Added code formatting to code block
Q-Droid 881 Posted November 8, 2020 Posted November 8, 2020 Emby does throw an error in the server log but not in the UI. Reporting tcp6 only in netstat should be fine if you're dual stacked. Mine looks the same and I've never given it much thought.
ki9 0 Posted November 9, 2020 Author Posted November 9, 2020 OK, apparently it is correct behavior, actually listening on both versions whether netstat says so or not: Quote I believe that on Linux, binding to [::] (IPv6) results in receiving both IPv6 and IPv4 traffic (by default). I believe these are referred to as IPv4-mapped IPv6 addresses. netstat simply shows the IPv6 entry only, because there's technically only a single bind, that happens to support both IPv4 and IPv6. There's a bit of information on the Apache site. It's possible for software to not use IPv4-mapped IPv6 addresses and bind to both 0.0.0.0 and [::] separately and hence show up twice in netstat, but it's a design choice on the part of the developers. -Server Fault: HTTPD listening in IPv6, according netstat, but reacheable in IPv4 Which is confusing as hell. ss even says explicitly that it's running on ipv6 only: $ ss -tle '( sport = :8920 )' State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:8920 *:* uid:997 ino:190854 sk:1e v6only:0 <->
ki9 0 Posted November 9, 2020 Author Posted November 9, 2020 Actually, v6only:0 might mean that it's not only v6. Maybe that zero is to inform that it's ipv4-mapped-ipv6.
Q-Droid 881 Posted November 9, 2020 Posted November 9, 2020 That appears to be the case, 0 to bind v4 and v6, 1 (or non-zero) to bind v6 only.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now