praxs 0 Posted November 7, 2021 Posted November 7, 2021 (edited) I have configured and reconfigured over and over again but the HTTPS ports never works, i have changed multiple times, the HTTP always works Internal and External, while the HTTPS in any one The SSL Certificate its alright, already tested it on IIS On attachment goes the Log Edited November 9, 2021 by Happy2Play removed log
Abobader 3464 Posted November 7, 2021 Posted November 7, 2021 Hello praxs, ** This is an auto reply ** Please wait for someone from staff support or our members to reply to you. It's recommended to provide more info, as it explain in this thread: Thank you. Emby Team
Luke 42078 Posted November 7, 2021 Posted November 7, 2021 Hi there, what exactly do you mean by "never works" ? What exactly happens when you try to connect? What kind of SSL certificate is it?
Q-Droid 989 Posted November 7, 2021 Posted November 7, 2021 The log shows that Emby is listening on the https port so it's happy with the certs. My guess is firewall, port-forwarding or double NAT. Can you connect using a browser on a different device from within your LAN to https://<embyhost IP>:8920? Should get a security warning which you can click through. Read through the page at your Emby server -> Manage Emby Server -> Dashboard -> Connection Help.
Carlo 4561 Posted November 8, 2021 Posted November 8, 2021 You can remove Addic7ed plugin as it's just giving you errors. You've got something strange in your setup. Are you running a proxy on port 8880? I see quite a bit of traffic coming from a specific domain on that port. If I enter just the domain:8880 it redirects to a Plex login (blanked domain out) I can't even tell by that dialog if I'm getting access or giving it. Anyway it appears you have something setup wrong.
praxs 0 Posted November 8, 2021 Author Posted November 8, 2021 (edited) The Cert i'm using is from Lets Encrypt And yes, i'm using a proxy, to acess the Emby from outside it should work on http as http://xxxxxxxxxxx.com:8880/web and for https like https://xxxxxxxxxx.com:8443/web On my localhost, when I try to access to HTTPS it doesn't open, only shows that the connection was closed Edited November 9, 2021 by Happy2Play edited urls
Q-Droid 989 Posted November 8, 2021 Posted November 8, 2021 The proxy info were important details which should have been included in the opening post. If the same test for localhost works for HTTP (8096) then you'll have to sort out that part before moving outward to LAN, WAN, etc.
praxs 0 Posted November 8, 2021 Author Posted November 8, 2021 But the proxy it's not messing with it, if was working on localhost, i could agree with you, but it's not the case, cause as i had included on the opening, http works fine
Q-Droid 989 Posted November 8, 2021 Posted November 8, 2021 Even if the proxy is not messing with it the info is useful to choose the steps for troubleshooting. It looks like you have Cloudflare in your setup BUT that isn't relevant yet since your server doesn't respond to local requests. The proxy/CF setup also means likely fewer baby steps to go thru. Emby log shows it opened the cert store and is listening on 8920. So what is keeping it from responding? Firewall, security software, conflict?
praxs 0 Posted November 8, 2021 Author Posted November 8, 2021 (edited) So that's what i've been trying to figure out IIS, can't use the same door, shows blocked, what i think it's good, shows that Emby Web Server it's running alright Firewall is all out, so i don't think that whats going wrong I had removed the Addic7ed plugin as recommended and here goes the new log, but i don't really have any ideas of what can be going on Edited November 9, 2021 by Happy2Play removed log
Luke 42078 Posted November 8, 2021 Posted November 8, 2021 How did you configure emby server network settings?
praxs 0 Posted November 8, 2021 Author Posted November 8, 2021 (edited) here the screenshots Edited November 9, 2021 by Happy2Play edited urls
Carlo 4561 Posted November 8, 2021 Posted November 8, 2021 (edited) On 11/8/2021 at 3:55 AM, praxs said: The Cert i'm using is from Lets Encrypt And yes, i'm using a proxy, to acess the Emby from outside it should work on http as http://xxxxxxxxxx.com:8880/web and for https like https://xxxxxxxxxxx.com:8443/web On my localhost, when I try to access to HTTPS it doesn't open, only shows that the connection was closed This is not setup correctly. Above you show "localhost" being used which isn't what you're cert is setup for but xilf10.com. You're not going to get https://xxxxxxxxxx.com:8443/web to work but instead need to setup sub-domain such as https://emby.xxxxxxxxxxx.com:8443 but you might want to switch to using port 443 vs 8443. When I try https://xxxxxxxxxxxx.com:8443/ I'm getting a Cloudflare page saying your SSL isn't setup correctly. Your log does show some proxy requests working but not all of them will work because of your setup which isn't redirecting correctly. You're leaving out a lot of information that is needed to help you. Besides the Cloudflare proxy are you using and reverse proxy locally? What software do you currently have setup receiving traffic from Cloudflare? Both Emby and Plex? Any other software? What ports do you have open on your router and what does this look like? What wan port is being redirected to what local IP/port combination? Edited November 9, 2021 by Happy2Play edited urls
praxs 0 Posted November 8, 2021 Author Posted November 8, 2021 (edited) 23 hours ago, cayars said: This is not setup correctly. Above you show "localhost" being used which isn't what you're cert is setup for but xilf10.com. You're not going to get https://xxxxxxxxxxx.com:8443/web to work but instead need to setup sub-domain such as https://emby.xxxxxxxxxxxxx.com:8443 but you might want to switch to using port 443 vs 8443. When I try https://xxxxxxxxxxxx.com:8443/ I'm getting a Cloudflare page saying your SSL isn't setup correctly. Your log does show some proxy requests working but not all of them will work because of your setup which isn't redirecting correctly. You're leaving out a lot of information that is needed to help you. Besides the Cloudflare proxy are you using and reverse proxy locally? What software do you currently have setup receiving traffic from Cloudflare? Both Emby and Plex? Any other software? What ports do you have open on your router and what does this look like? What wan port is being redirected to what local IP/port combination? I really don't see how an external factor would interfere on localhost work, because if it is working, when i try to reach te https://localhost:8920 it had to show me an ssl error saying that localhost does not matches xxxxxxxxxxx.com But, here it goes all the information you want The only Reverse Proxy is Cloudflare's, the traffic going through Cloudflare is to Plex on 443 and Emby on 8880 and 8443, i don't use the 80 cause all the trafics goes to 443, my idea is to access Emby with 8443 only, i just can't do that cause the HTTPS failure Here goes all my ports open on the router, where "AMBOS" mean "Both" for TCP/UDP and my server's local IP is 192.168.0.205 I had made an restart on my server, so here goes new Logs to Help Edited November 9, 2021 by Happy2Play edited urls
pwhodges 2012 Posted November 8, 2021 Posted November 8, 2021 (edited) 41 minutes ago, praxs said: I really don't see how an external factor would interfere on localhost work, because if it is working, when i try to reach te https://localhost:8920 it had to show me an ssl error saying that localhost does not matches xilf10.com A certificate is checked against the name of the website which is being accessed. You are accessing "localhost", and that name is being compared with "xilf10.com" and failing to match - hence the failure which says exactly that. You can check your server locally (even on the same machine) using the domain name if you run a local DNS server - but for a check from a single client and server it would be less trouble to define the domain name as the server's local IP using a "hosts" file (see google for where that will be in your system) after which you can use the domain name locally and the SSL should be happy. Paul Edited November 8, 2021 by pwhodges 1
praxs 0 Posted November 8, 2021 Author Posted November 8, 2021 14 minutes ago, pwhodges said: A certificate is checked against the name of the website which is being accessed. You are accessing "localhost", and that name is being compared with "xilf10.com" and failing to match - hence the failure which says exactly that. You can check your server locally (even on the same machine) using the domain name if you run a local DNS server - but for a check from a single client and server it would be less trouble to define the domain name as the server's local IP using a "hosts" file (see google for where that will be in your system) after which you can use the domain name locally and the SSL should be happy. Paul So as I had written before, if is working, it should show a message like this This example is from Plex that I'm using on the same Server and works fine on https, even using the same certificate
Carlo 4561 Posted November 8, 2021 Posted November 8, 2021 (edited) 22 hours ago, praxs said: So as I had written before, if is working, it should show a message like this This example is from Plex that I'm using on the same Server and works fine on https, even using the same certificate But that's clearly not working as it's telling you it's an invalid cert. 23 hours ago, praxs said: Here goes all my ports open on the router, where "AMBOS" mean "Both" for TCP/UDP and my server's local IP is 192.168.0.205 I'm 95% certain your issue is Cloudflare setup does not match those ports. Your non secured traffic works as Emby has http://xxxxxxxxxxxx.com:8880 in the logs. I can remote in and help you fix this pretty quickly if you like. Send me a PM and we'll set this up. But honest the best thing would be to install a local reverse proxy like nginx or caddy. With that setup all inbound traffic can be 80 and 443 or just 443 only. The reverse proxy then looks at the URL and redirects it to the proper internal ip & port. It's not needed but helps especially when you start trying to use multiple apps with secured connections. Edited November 9, 2021 by Happy2Play edited urls
praxs 0 Posted November 8, 2021 Author Posted November 8, 2021 (edited) 21 hours ago, cayars said: But that's clearly not working as it's telling you it's an invalid cert. I'm 95% certain your issue is Cloudflare setup does not match those ports. Your non secured traffic works as Emby has http://xxxxxxxxxxxx.com:8880 in the logs. I can remote in and help you fix this pretty quickly if you like. Send me a PM and we'll set this up. But honest the best thing would be to install a local reverse proxy like nginx or caddy. With that setup all inbound traffic can be 80 and 443 or just 443 only. The reverse proxy then looks at the URL and redirects it to the proper internal ip & port. It's not needed but helps especially when you start trying to use multiple apps with secured connections. Cayars, the message that shows invalid is correct, cause as shows, i'm connecting like localhost to a Cert that should be used by xilf10.com. To clear up all the ideas envolving the CloudFlare Proxy, let's use my Dynamic IP Adress until it changes, so, if you use https://xxxxxxxxxxx.46:8443/ should work well as http://xxxxxxxxxx.46:8880/ right? But, that's not what is going on If you want, we can schedule a Remote Access tomorrow at 10:00AM on Brazil, or right now , if that works for you Edited November 9, 2021 by Happy2Play edited urls
Q-Droid 989 Posted November 9, 2021 Posted November 9, 2021 I'm in agreement with @praxs, a certificate error is an indication that the server is responding but the browser doesn't like the response yet still allows you to proceed. That the page is not reachable on the localhost is no response. Is there a local reverse proxy or is IIS also running on the host and potentially blocking access? The Emby server was able to bind on port 8920, can you see if it's on a specific IP address or all?
Happy2Play 9780 Posted November 9, 2021 Posted November 9, 2021 But this is a internal configuration issue as I know my Windows setup returns the proper error. internal connection attempt via https localhost. I would get defaults ports working again before changing ports again. 1
praxs 0 Posted November 9, 2021 Author Posted November 9, 2021 27 minutes ago, Q-Droid said: I'm in agreement with @praxs, a certificate error is an indication that the server is responding but the browser doesn't like the response yet still allows you to proceed. That the page is not reachable on the localhost is no response. Is there a local reverse proxy or is IIS also running on the host and potentially blocking access? The Emby server was able to bind on port 8920, can you see if it's on a specific IP address or all? Just tested, stopped de IIS Server and Plex Server, restarted Emby Server, still not working
Q-Droid 989 Posted November 9, 2021 Posted November 9, 2021 You might have to start from scratch. Emby is running and working as shown via HTTP connections. Your host server and setup are somehow causing a problem with HTTPS which Emby is ready to serve as shown in the logs. I do think you are taking the right approach in troubleshooting and trying to solve the problem locally first then work out to the WAN and CF side layers. Do your Emby logs show the attempts on 8920? If so then the response is being denied or routed improperly? VPN, firewall, tunneling, reverse proxy, etc. could cause this. I don't have much more to offer.
praxs 0 Posted November 9, 2021 Author Posted November 9, 2021 1 minute ago, Q-Droid said: You might have to start from scratch. Emby is running and working as shown via HTTP connections. Your host server and setup are somehow causing a problem with HTTPS which Emby is ready to serve as shown in the logs. I do think you are taking the right approach in troubleshooting and trying to solve the problem locally first then work out to the WAN and CF side layers. Do your Emby logs show the attempts on 8920? If so then the response is being denied or routed improperly? VPN, firewall, tunneling, reverse proxy, etc. could cause this. I don't have much more to offer. For what I've seen and searched on the log, never shows any attempts on 8920, I'm not good on read these logs although I've had the idea that some other work might be blocking the service, so I had installed the Hyper-V, booted up another instance with the same OS as my server, had installed nothing but Emby Server and configured it, made the https configuration and had the same result Saving the VM for use as lab to solve the problem
Q-Droid 989 Posted November 9, 2021 Posted November 9, 2021 Have you tried with your server's local IPv4 address instead of localhost which appears to be using IPv6 (::1)? I don't expect a difference but it doesn't hurt to try.
Carlo 4561 Posted November 9, 2021 Posted November 9, 2021 (edited) The cert warning using localhost isn't a big deal as long as you can ignore and connect. That's expected. It going to plex instead of Emby isn't what's expected which it was doing earlier when I tested from my house. But it's better to use the IP of the machine as a test from a different computer so you can make sure the software firewall isn't blocking the connection. Step One: Change the way you use your domain. Instead of using http://xxxxxxxxxxx.com:8880/Plex and http://xxxxxxxxxxxx.com:8880/Emby, setup things like this: http://plex.xxxxxxxxxx.com:8880 and http://emby.xxxxxxxxxx.com:8880. <-- the port used in this examples is irrelevant. The use of subdomains can make routing much easier especially if you want this to work with Emby. You can redirect /web and test in a browser and think it works but as soon as you start trying to test with devices and apps it will be broken. This doesn't work with Emby. Step Two: Decide what ports you will use for Plex and what ports you will use for Emby. Set both of them up to use the subdomain and generate a new cert if needed (if not wildcard) and install that on both systems. Step Three: Remove all ports from the cable modem/firewall and start fresh opening the proper ports for each of these services. Step Four: Use canyouseeme.org to test each port to make sure it's open. Test each port from the internet making sure the port is open and the service responds. Ignore any cert errors at this point. Step Five: Blow away your setup in Cloudflare and start over. You actually can't do this with one Cloudflare account as you only get 3 page rules and you will need 3 rules for each media server. If it were me I'd use you the domain for Emby then setup Plex with a different account so you get 3 more page rules to use with it. You need to set rules to not cache video, cache images and static pages/elements. That takes 3 rules for Emby. For now to get things working you could setup plex as a CNAME record pointing to the ddns name of your Plex server that you get with them. It's going to redirect anyway so this is probably the easiest method anyway. Now you need to make sure you setup Cloudflare to use the ports you want vs them redirecting traffic to port 80 and 443 which you are not setup to use. Not for Emby anyway. That's it. Edited November 9, 2021 by Happy2Play edited urls
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now