LunchBolero 0 Posted December 27, 2020 Posted December 27, 2020 (edited) hello, i've been using emby for a little while on my QNAP TS-251B, but recently noticed that my devices (browsers, an nvidia shield) only connect via unsecured http on the default port 8096. when trying to bring up the page (from within my lan) on the default https port of 8920, chrome gives me ERR_CONNECTION_REFUSED. in Emby Configuration > Server > Network, i do see that the port number is indeed set to 8920. however, when i run nmap against the device to scan for open ports, 8920 appears closed. i'm using Emby server version 4.5.4.0 Edited December 27, 2020 by LunchBolero add emby version
Luke 38499 Posted December 28, 2020 Posted December 28, 2020 Hi there, did you configure an SSL certificate in Emby Server?
LunchBolero 0 Posted January 1, 2021 Author Posted January 1, 2021 (edited) hi luke, no, i sure didn't -- is that required for the server to even listen on the configured https port in the first place? i suppose i assumed it would use a default, self-signed certificate in the absence of a standard ssl cert. perhaps you can help me work out the best configuration. i have an internal-only domain for my home network -- let's call it lunchbolero.info i've got a windows server vm as the domain controller, and it's also doing internal dns, and all the devices and servers i care about have fqdn's on this domain -- however, the domain is not publicly accessible, nor do i really intend for it to be at this time. emby (at nas.lunchbolero.info) is really just serving up my ripped media to my living room tv, and i'd prefer it not to be the last non-https server on my home network. how should i go about setting this up? i have the wildcard cert for my domain already. when i was looking into this the other day, i came across (i now can't find it in my browser history) a post or something that indicated emby requires domain control validation via http, which would mean i need to go through the trouble of forwarding the dns to my home internet connection's ip address and such. is that true? thanks. Edited January 1, 2021 by LunchBolero
Luke 38499 Posted January 1, 2021 Posted January 1, 2021 You need to configure SSL in emby server network settings. that means either adding an SSL certificate to Emby, or setting up a reverse proxy and adding the SSL certificate there, and then letting Emby know about it in server network settings. Please let us know if this helps. Thanks.
LunchBolero 0 Posted January 2, 2021 Author Posted January 2, 2021 so okay yeah, this is what i ran into the first time around, before posting. i just don't see anywhere in the server settings to configure the certificate. i started googling and i came across this article (https://support.emby.media/support/solutions/articles/44001160086-secure-your-server), but it doesn't have any info on where to install the cert either. Settings > Advanced has no network subsections. only Logs, Notifications, Plugins, Scheduled Tasks, API Keys, and Metadata Manager. there's nothing network-related in any of those. Settings > Server > Network only displays the options: LAN Networks, Local IP Address, Local HTTP Port Number, Local HTTPS Port Number, and Max Simultaneous Video Streams.
Happy2Play 9060 Posted January 2, 2021 Posted January 2, 2021 4 minutes ago, LunchBolero said: Settings > Server > Network only displays the options: LAN Networks, Local IP Address, Local HTTP Port Number, Local HTTPS Port Number, and Max Simultaneous Video Streams. This means you have "Allow remote connections to this Emby Server" disabled on that menu.
LunchBolero 0 Posted January 2, 2021 Author Posted January 2, 2021 so you can't configure https at all if that option is disabled? that's pretty weird. i'm only using this thing locally, on my lan. i'm sure i can enable that option, and it won't be a concern if i just refrain from creating an acl to allow and forward wan traffic to the server... but it is just strange settings ui behavior. i'll try this out and report back.
LunchBolero 0 Posted January 2, 2021 Author Posted January 2, 2021 so i've checked that box, set the "external domain" field to "nas.lunchbolero.info", and pointed it to the pkcs#12 cert. i restarted the server, and i'm still unable to browse to https://nas.lunchbolero.info:8920, just getting ERR_CONNECTION_REFUSED. i can't telnet to port 8920, and it's not open per my tcp port scan. i've tried both with and without the "ip filter" populated with my lan ip space.
Luke 38499 Posted January 3, 2021 Posted January 3, 2021 23 hours ago, LunchBolero said: so i've checked that box, set the "external domain" field to "nas.lunchbolero.info", and pointed it to the pkcs#12 cert. i restarted the server, and i'm still unable to browse to https://nas.lunchbolero.info:8920, just getting ERR_CONNECTION_REFUSED. i can't telnet to port 8920, and it's not open per my tcp port scan. i've tried both with and without the "ip filter" populated with my lan ip space. Is the certificate you used a pfx file?
Drahreg 1 Posted January 5, 2021 Posted January 5, 2021 @LunchBolero Hi, maybe this will help you (this is, how it worked for me) I activated the remote connection I choosed the .p12 certificate I created with my .crt and .key files through openssl (those are self made certificates for internal use only) I added the corresponding password For external domain I entered my internal ip address to the server, because I have only the ip address Just in case I changed the ssl port for external connections to a different one I restarted the server and tested the connection: https://myinternalip:myhttpsportinternal It worked for me, so I disabled remote access, then I did a server reboot and it was still working. Maybe not all steps above are needed, but I had no time to play around. BR, Drahreg 1
Luke 38499 Posted January 6, 2021 Posted January 6, 2021 @LunchBolero please let us know if this helps. Thanks.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now