Secure Connection from LAN Stopped Working in v.4.6.3.0

[dyecast 1]

HTTPS over TCP/8920 - No longer works from multiple devices while on my LAN after patching.

HTTP over TCP/8096 - Does continue to work on my LAN.

Given that I use the same FQDN for LAN and WAN connections, I'd prefer to use HTTPS throughout my implementation.  It makes it easier for my iPhone and iPad to not have to change configs that much when I'm remote.  I've already verified my PFX file is good and even re-entered my password for it just in case.  No change.  Restarted Emby.  No change.

Side note - Synology patch took 20-30 minutes to install to where the Emby service would actually come back up.  No prompts.  No warnings.  Synology graphical took 20-30 seconds as per usual.  I use a DS720+ with tons of RAM and low CPU utilzation.

[dyecast 1]

Doesn't work from WAN side either apparently.

[Luke 37064]

Hi, there isn't any change in the release going from 4.6.2 to 4.6.3 that would impact this.

[Diedrich 355]

You aren't alone. My Ubuntu 20.04 docker-compose Emby image updated the other day and now I can't access Emby through WAN or LAN https. Nothing changed on my firewall side and I can still access my other services on that docker server through their port forwards. Something changed in Emby because 4.6.2 was working just fine and now 4.6.3 isn't. @Luke Logs attached.

Edit: Allowing http and its associated port forward IS allowing WAN access through my FQDN

Does this docker image history screenshot help?

embyserver-1.txt

Edited June 22, 2021 by Diedrich

[Carlo 4330]

Have you guys confirmed the IP of the local Emby Server and that this is the IP used in port forwarding?
I'd start by looking at the port forwarding in your router to make sure it's still there and correct.

[DJX 18]

I've never been able to use my DDNS host name with HTTPS 8920 whilst on my local LAN. Works outside it though which is what I care about though. No idea why 

Edited June 22, 2021 by DJX

[Diedrich 355]

2 hours ago, cayars said:

Have you guys confirmed the IP of the local Emby Server and that this is the IP used in port forwarding?
I'd start by looking at the port forwarding in your router to make sure it's still there and correct.

Nothing changed on my pfSense between 4.6.2 and 4.6.3. I even disabled any potential rules just to be sure but the situation still remains. As mentioned above, I opened http and its port forward and all is fine. In fact, I just had a family member change to http and the corresponding port and he's up and running but https isn't allowing a connection.

[Carlo 4330]

You'll likely need to review anything from your router to Emby (all devices and software) to see what might have changed.

[Diedrich 355]

1 hour ago, cayars said:

You'll likely need to review anything from your router to Emby (all devices and software) to see what might have changed.

I promise you , nothing changed. I spent two hours on it last night testing all options. The only thing was that the docker image changed from v4.6.2 to 4.6.3.

[Carlo 4330]

So docker settings would be a good place to look.
Wish I could help you more with this but I don't use docker.

[Q-Droid 642]

Have you tried https locally, on LAN directly to the host by IP address?

 

Edited June 23, 2021 by Q-Droid

[Diedrich 355]

Well, this is perplexing - all forms of https are working again.

I had the "secure connection mode" set to "disabled" until this got resolved. I just now re-enabled it to "required for all remote connections" and I am able to connect through all http, https and NAT Reflection LAN/WAN connections. Again, nothing has changed in any Emby or firewall settings since the other day other than me disabling the secure connection mode since my last post (it's now re-enabled and operating as expected).

Could this have been an issue with taking to the Emby Connect server? I'm curious if the OP is back to normal as well. Is the Synology system a Docker back-end too?

Edited June 24, 2021 by Diedrich

[Luke 37064]

18 minutes ago, Diedrich said:

Well, this is perplexing - all forms of https are working again.

I had the "secure connection mode" set to "disabled" until this got resolved. I just now re-enabled it to "required for all remote connections" and I am able to connect through all http, https and NAT Reflection LAN/WAN connections. Again, nothing has changed in any Emby or firewall settings since the other day other than me disabling the secure connection mode since my last post (it's now re-enabled and operating as expected).

Could this have been an issue with taking to the Emby Connect server? I'm curious if the OP is back to normal as well. Is the Synology system a Docker back-end too?

If you have that option disabled, then you won't be able to use https.

[Happy2Play 8281]

4 hours ago, Luke said:

If you have that option disabled, then you won't be able to use https.

Disabled does not prevent manually connection via https.  It only changed the dashboard to show http connection on WAN.  At least in my test.

[Carlo 4330]

It's still bound to the SSL port.

[A32 15]

Hi,

I'm using Synology's reverse proxy to reach Emby remotely (and internally if I want to) and I've never had a problem. The reverse proxy is on the NAS where Emby is installed. So https all the way to the proxy server and then http internally on the same NAS to Emby. The router has the loopback feature enabled, so internally, I can use the FQDN too.

I'm wondering why is this method not used by many others (who are using Synology). Any advantage to configuring Emby to use https and not using RP?
I'm genuinely interested. Thanks.

[Diedrich 355]

On 6/24/2021 at 8:52 AM, Luke said:

If you have that option disabled, then you won't be able to use https.

You missed the "until this got resolved" part. "Required" was enabled when this issue arose.

On 6/24/2021 at 8:33 AM, Diedrich said:

I had the "secure connection mode" set to "disabled" until this got resolved.

I had disabled "Required" when https stopped working so that my external users could access the server. Https began working again do I re-enabled it and all is well.

Edited June 26, 2021 by Diedrich

[Carlo 4330]

4 hours ago, Diedrich said:

I had disabled "Required" when https stopped working so that my external users could access the server. Https began working again do I re-enabled it and all is well.

Did you try reenabling Required again to see what happens?

[Happy2Play 8281]

3 hours ago, cayars said:

Did you try reenabling Required again to see what happens?

Pretty sure it was a typo as I would read it as "working again so I re-enabled it and all is well".

[Diedrich 355]

On 6/26/2021 at 2:02 PM, Happy2Play said:

Pretty sure it was a typo as I would read it as "working again so I re-enabled it and all is well".

Yes, a typo. Thanks for the edit.