jonyskids 1 Posted February 15, 2022 Posted February 15, 2022 I just overhauled my system and am very happy with the results. The only hick-up is access to emby server from the web with ssl. My new system has one Pi running Dietpi/Pi-hole w/ unbound and Nginx Proxy Manager. I run Emby on it's own pi and have a third pi for my sonarr/radarr/readarr etc. So unbound allows me to open zero ports to the web. Pi-hole provides my dns in house so all my services have there own dns addresses and Nginx proxy manager points those urls to the correct ports. I then purchased my own domain and pointed to my external IP. All works as it resolves to my external IP. I then made a cname record of emby.mydomain.com which also resolves to my external ip. If I use emby.mydomain.com within my network it pulls up my emby server with ssl. Outside the local network, nothing. (I did try forwarding my emby external ssl port on my router just in case and still no go.) I am not sure what to try next?
CassTG 113 Posted February 16, 2022 Posted February 16, 2022 Did you enter the domain name in network settings of emby and tick allow remote connection as well as set the public port to 443? I presume you have port forward for port 443 on your router going to the pi running NGINX Proxy Manager which is then upstreaming it to the emby pi.
jonyskids 1 Posted February 16, 2022 Author Posted February 16, 2022 Yes. Local network: 192.168.0.2/24 Local IP: 192.168.2.3 Local Port: 8096 Local Https port: 2096 Allow remote connections: check Remote Ip address list: blank Remote Ip address filter mode: whitelist Public http port: 8096 Public Https port: 443 External domain: emby.mydomain.com Custom SSl cert path: Set to my custom cert location Secure connection mode: Handled by reverse proxy Enable automatic port mapping: checked Cname pointing to: emby.mydomain.com Reverse Proxy: Sends emby.mydomain.com to 192.168.2.3:2096 (Thanks for the help!)
Luke 42077 Posted February 16, 2022 Posted February 16, 2022 Quote Reverse Proxy: Sends emby.mydomain.com to 192.168.2.3:2096 Sounds like it needs to be 8096.
CassTG 113 Posted February 16, 2022 Posted February 16, 2022 (edited) 31 minutes ago, jonyskids said: Yes. Local network: 192.168.0.2/24 Local IP: 192.168.2.3 Local Port: 8096 Local Https port: 2096 Allow remote connections: check Remote Ip address list: blank Remote Ip address filter mode: whitelist Public http port: 8096 Public Https port: 443 External domain: emby.mydomain.com Custom SSl cert path: Set to my custom cert location Secure connection mode: Handled by reverse proxy Enable automatic port mapping: checked Cname pointing to: emby.mydomain.com Reverse Proxy: Sends emby.mydomain.com to 192.168.2.3:2096 (Thanks for the help!) Aww okay Just wondering, you are using nginx proxy manager as your proxy, as that can get the ssl certs, would you not be better off letting that do the ssl and thats when you select Handles by Reverse Proxy. As reading what you have stated above, you are forwarding your domain via nginx which is passing it through to your local https port, yet you have installed your own certs there but also telling Emby to let the reverse proxy handle the secure certs You could try setting handled by reverse proxy to one of the other settings i.e preffered but not required OR If you set NPM to forward to Emby as below then that setting handled by reverse proxy makes more sense I.e - Port Forward on router to NPM Port 443 this forwards emby.mydomain.com to the Emby PI port 8096 (remote) Set emby Public ports to 8096 http and 443 https Remove the custom cert location and leave handled by reverse proxy. Local devices can just connect via the http local port, or set up a pihole or adguard docker on the first pi and have it handle dns, that way you can set local dns records for emby.mydomain.com to forward to NPM without leaving your network NPM offers no advice but here is what swag reverse proxy states in their emby config for proxy ssl emby ## Version 2021/05/18 # make sure that your dns has a cname set for emby and that your emby container is not using a base url # if emby is running in bridge mode and the container is named "emby", the below config should work as is # if not, replace the line "set $upstream_app emby;" with "set $upstream_app <containername>;" # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of emby # in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url, # and set the "Secure connection mode" to "Handled by reverse proxy" Edited February 16, 2022 by CassTG
jonyskids 1 Posted February 16, 2022 Author Posted February 16, 2022 Oops first off I notice that I put 192.168.0.2./24 it is actually 192.168.2.0/24 (The dyslexics out there will understand my pain.) I am using Reverse Proxy to resolve my local services within my lan to local dns. ie service.mydomain.lan. I tried your suggestions with little success. Just for practicality I thought maybe I should go to baseline. Local network: 192.168.2.0/24 Local IP: 192.168.2.3 Local Port: 8096 Local Https port: 2096 Allow remote connections: check Remote Ip address list: blank Remote Ip address filter mode: whitelist Public http port: 80 Public Https port: 443 External domain: emby.mydomain.com Custom SSl cert path: blank Secure connection mode: disabled Enable automatic port mapping: checked Cname pointing to: emby.mydomain.com Reverse Proxy: Sends emby.mydomain.com to 192.168.2.3:8096 (http, Nginx created ssl cert, forced ssl) I was making the mistake in Nginx Proxy Manager of assuming I needed to point to https 192.168.2.3:2096 with a Nginx created ssl cert & forced ssl. If I think to hard about it it is still a bit confusing but it works now and I know the path to make it work. I appreciate the help.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now