Jump to content

Emby SSL confirmation

Fender1978

By Fender1978
in General/Windows

 Share
Go to solution Solved by TheITJedi,

Recommended Posts

Fender1978

Fender1978 9

Posted
Posted (edited)

Hi,

I can't seem to find an answer to my question so hoping someone can shed some light on it.

 

Background

I have emby set up with an SSL let's encrypt certificate and a reverse proxy and I can verify that the web app is using SSL via the visual green padlock.

Also, secure connection mode is set to: Handled by reverse proxy.

 

Question

Will all emby remote connections and whilst using all apps, connect via SSL?

I ask because the apps don't provide a visual SSL connection padlock like the web app does but would like peace of mind that all remote connections from all apps are encrypted.

 

Many thanks!

Edited by Fender1978
Painkiller88

Painkiller88 250

Posted
Posted
6 minutes ago, Fender1978 said:

Question

Will all emby remote connections and whilst using all apps, connect via SSL?

I ask because the apps don't provide a visual SSL connection padlock like the web app does but would like peace of mind that all remote connections from all apps are encrypted.

You can force to use Secure Connections.
Go To Settings and Network there you can set to required by all remote connections or you select reverse proxy controlled if you force it there.

  • Like 2
Luke Emby Team

Luke 42086

Posted
Posted

Yes and also if you have a reverse proxy then that handles your SSL and you don't need to configure a certificate directly in Emby Server.

  • Like 1
Fender1978

Fender1978 9

Posted
  • Author
Posted

Thanks a lot for the replies. I probably should note that I have no idea how the reverse proxy works, I simply followed the below tutorial in the discussion boards.

Within Windows IIS, it has connections set up for 8096 and 443. I just didn't know if all remote emby apps (not just the web app) would be forced to use 443 by default and not 8096.

 

Thank you.

Luke Emby Team

Luke 42086

Posted
Posted
On 7/17/2021 at 1:27 AM, Fender1978 said:

Thanks a lot for the replies. I probably should note that I have no idea how the reverse proxy works, I simply followed the below tutorial in the discussion boards.

Within Windows IIS, it has connections set up for 8096 and 443. I just didn't know if all remote emby apps (not just the web app) would be forced to use 443 by default and not 8096.

 

Thank you.

Thanks for the feedback.

  • Solution
TheITJedi

TheITJedi 41

Posted
  • Solution
Posted
On 7/17/2021 at 12:27 AM, Fender1978 said:

Thanks a lot for the replies. I probably should note that I have no idea how the reverse proxy works, I simply followed the below tutorial in the discussion boards.

Within Windows IIS, it has connections set up for 8096 and 443. I just didn't know if all remote emby apps (not just the web app) would be forced to use 443 by default and not 8096.

 

Thank you.

@Fender1978

Emby itself is listening on 8096.

IIS is listening on 80 (configured to redirect to to 443/https) and 443.

IIS is taking traffic hitting port 443 (https) and passing it to Emby on 8096. 

If you have an AppleTV (or other device) that just discovers the server on the network via Emby app, it will use the 8096 port for Emby itself. If you are manually setting up a client (like iOS app, Roku TV, etc) you will need to specify 443 as the port to use.

Since you only have 80/443 poked through your router, 8096 is only open to clients on your internal network and will only be used by things that auto discover the server. Anything trying to hit your server via 80 will be redirected to 443. 

The only time anything will use insecure 8096 is if it is on your local LAN. if you are connected from outside your network, it will only be able to use 443/HTTPS. 
 

  • Like 1
Fender1978

Fender1978 9

Posted
  • Author
Posted
11 minutes ago, TheITJedi said:

@Fender1978

Emby itself is listening on 8096.

IIS is listening on 80 (configured to redirect to to 443/https) and 443.

IIS is taking traffic hitting port 443 (https) and passing it to Emby on 8096. 

If you have an AppleTV (or other device) that just discovers the server on the network via Emby app, it will use the 8096 port for Emby itself. If you are manually setting up a client (like iOS app, Roku TV, etc) you will need to specify 443 as the port to use.

Since you only have 80/443 poked through your router, 8096 is only open to clients on your internal network and will only be used by things that auto discover the server. Anything trying to hit your server via 80 will be redirected to 443. 

The only time anything will use insecure 8096 is if it is on your local LAN. if you are connected from outside your network, it will only be able to use 443/HTTPS. 
 

@TheITJedi

Thank you so much for the comprehensive answer. By the way, thanks for such a great tutorial, you should be proud!

  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...