Jump to content

unable to use https on qnap ts-251b


LunchBolero

Recommended Posts

LunchBolero

hello,

i've been using emby for a little while on my QNAP TS-251B, but recently noticed that my devices (browsers, an nvidia shield) only connect via unsecured http on the default port 8096. when trying to bring up the page (from within my lan) on the default https port of 8920, chrome gives me ERR_CONNECTION_REFUSED.

in Emby Configuration > Server > Network, i do see that the port number is indeed set to 8920. however, when i run nmap against the device to scan for open ports, 8920 appears closed.

i'm using Emby server version 4.5.4.0

Edited by LunchBolero
add emby version
Link to comment
Share on other sites

LunchBolero

hi luke,

no, i sure didn't -- is that required for the server to even listen on the configured https port in the first place? i suppose i assumed it would use a default, self-signed certificate in the absence of a standard ssl cert. perhaps you can help me work out the best configuration.

i have an internal-only domain for my home network -- let's call it lunchbolero.info

i've got a windows server vm as the domain controller, and it's also doing internal dns, and all the devices and servers i care about have fqdn's on this domain -- however, the domain is not publicly accessible, nor do i really intend for it to be at this time. emby (at nas.lunchbolero.info) is really just serving up my ripped media to my living room tv, and i'd prefer it not to be the last non-https server on my home network.

how should i go about setting this up? i have the wildcard cert for my domain already. when i was looking into this the other day, i came across (i now can't find it in my browser history) a post or something that indicated emby requires domain control validation via http, which would mean i need to go through the trouble of forwarding the dns to my home internet connection's ip address and such. is that true?

thanks.

Edited by LunchBolero
Link to comment
Share on other sites

You need to configure SSL in emby server network settings. that means either adding an SSL certificate to Emby, or setting up a reverse proxy and adding the SSL certificate there, and then letting Emby know about it in server network settings. Please let us know if this helps. Thanks.

Link to comment
Share on other sites

LunchBolero

so okay yeah, this is what i ran into the first time around, before posting. i just don't see anywhere in the server settings to configure the certificate. i started googling and i came across this article (https://support.emby.media/support/solutions/articles/44001160086-secure-your-server), but it doesn't have any info on where to install the cert either.

Settings > Advanced has no network subsections. only Logs, Notifications, Plugins, Scheduled Tasks, API Keys, and Metadata Manager. there's nothing network-related in any of those.

Settings > Server > Network only displays the options: LAN Networks, Local IP Address, Local HTTP Port Number, Local HTTPS Port Number, and Max Simultaneous Video Streams.

Link to comment
Share on other sites

Happy2Play
4 minutes ago, LunchBolero said:

Settings > Server > Network only displays the options: LAN Networks, Local IP Address, Local HTTP Port Number, Local HTTPS Port Number, and Max Simultaneous Video Streams.

This means you have "Allow remote connections to this Emby Server" disabled on that menu.

Link to comment
Share on other sites

LunchBolero

so you can't configure https at all if that option is disabled? that's pretty weird. i'm only using this thing locally, on my lan. i'm sure i can enable that option, and it won't be a concern if i just refrain from creating an acl to allow and forward wan traffic to the server... but it is just strange settings ui behavior. i'll try this out and report back.

Link to comment
Share on other sites

LunchBolero

so i've checked that box, set the "external domain" field to "nas.lunchbolero.info", and pointed it to the pkcs#12 cert. i restarted the server, and i'm still unable to browse to https://nas.lunchbolero.info:8920, just getting ERR_CONNECTION_REFUSED. i can't telnet to port 8920, and it's not open per my tcp port scan. i've tried both with and without the "ip filter" populated with my lan ip space.

Link to comment
Share on other sites

23 hours ago, LunchBolero said:

so i've checked that box, set the "external domain" field to "nas.lunchbolero.info", and pointed it to the pkcs#12 cert. i restarted the server, and i'm still unable to browse to https://nas.lunchbolero.info:8920, just getting ERR_CONNECTION_REFUSED. i can't telnet to port 8920, and it's not open per my tcp port scan. i've tried both with and without the "ip filter" populated with my lan ip space.

Is the certificate you used a pfx file?

Link to comment
Share on other sites

Drahreg

@LunchBolero Hi, maybe this will help you (this is, how it worked for me)

I activated the remote connection

I choosed the .p12 certificate I created with my .crt and .key files through openssl (those are self made certificates for internal use only)

I added the corresponding password

For external domain I entered my internal ip address to the server, because I have only the ip address

Just in case I changed the ssl port for external connections to a different one

I restarted the server and tested the connection:

https://myinternalip:myhttpsportinternal

It worked for me, so I disabled remote access, then I did a server reboot and it was still working.

 

Maybe not all steps above are needed, but I had no time to play around.

 

BR,

Drahreg

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...