How to set up emby with my google domain

[Samus512 2]

I just got a google domain. could someone provide me with information how to set it up and create a ssl cert.

[Luke 42080]

Hi, you may find some helpful info here: 

 

[Samus512 2]

I'm getting confused with how to connect my home IP with google domain. I dont see where to input my home ip under dns.

[Samus512 2]

I figured out where to out the ip. it was under forwarding. completely missed that tab the first time.

[Samus512 2]

If i use google domain ssl cert do i still need to input anything in embys ssl cert boxes?

[pwhodges 2012]

I have the feeling you are setting up a web redirection service, which I suspect won't work with Emby.  You need to set up A records which make the name point directly to your server.  Then you can get the certificate and install it in Emby (or in a reverse proxy, but maybe that's a topic for another day in your case).

Paul

[Samus512 2]

how do you set up an A record with google domain? is that the dns custom record?

[pwhodges 2012]

Google has instructions:

https://support.google.com/a/answer/2579934?hl=en

Paul

[Samus512 2]

I got the A record set up. So now i have to use lets encrypt to create the ssl is what i'm understanding from the provided link from Luke?
Also does using the domain to connect make the open port more secure or is that only when adding the ssl cert that it provides my open port security?

[pwhodges 2012]

A domain name is simply a lookup of an IP address, which is easier to remember (it can also be used for more, but that's the essence of it).  The initial connection to your server is made just the same whether you specify the address as a number or by a DNS lookup of a name.  It has no security implications.

However, for a certificate, you need a name for it to certify, so it is normally required to connect to an HTTPS server using a name (the browser sends the name you requested which it looked up to find the IP address in the header of its communication with the server).  Again, this name can have additional uses in some servers, but that's not the point here.

A secure connection to your server guards against sniffing of the content your communications.  It does not hide your server at all (but if the requirement is to connect to it, it can't be hidden really, can it!).  You can obscure your ownership of your server by using a VPN or remote reverse proxy, such as Cloudflare (in which case the public contact is made using their IP address, not yours - but again, that's a more complex later stage if you want to consider it).

Paul

[Samus512 2]

So I have a vpn but mine doesn't come with a socks 5 proxy so i was unsure if having an open port with a vpn even encrypts my data. Is there way to use expressvpn with emby? if that isn't an option I'd like to use ssl cert at minimum but if a reverse proxy is better and I can set one up maybe I should go that route? I'm pretty new to the proxy and ssl stuff sorry for my ignorance. 

[Luke 42080]

18 hours ago, Samus512 said:

So I have a vpn but mine doesn't come with a socks 5 proxy so i was unsure if having an open port with a vpn even encrypts my data. Is there way to use expressvpn with emby? if that isn't an option I'd like to use ssl cert at minimum but if a reverse proxy is better and I can set one up maybe I should go that route? I'm pretty new to the proxy and ssl stuff sorry for my ignorance. 

Hi, you may find some helpful ExpressVPN info here: 

 

[Samus512 2]

looks like express vpn wont work. so I guess my next option to secure my users connections to my emby server would be ssl or reverse proxy? which do you find better and why?

[pwhodges 2012]

When you say "secure", what do you wish to protect against?

Paul

[Samus512 2]

I'm not really sure how to answer that because I don't completely understand  ssl and reverse proxy right know. from what I have read though having an open port on the router isn't the best option to let my emby users connect and be safe/secure. So I know having an ssl allows you up upgrade to https which is better. I have a google domain. So I guess a good place to start is using lets encrypt and setting up ssl. Am I on the right track with that? After that I want to set up ombi with a domain and ssl. Does a reverse proxy need to be used since the ports being used for emby would be 80 and 443?

[pwhodges 2012]

The answer is not what ssl or reverse proxies do (which are quite different, but may be combined).  Why do you feel insecure without something additional?  Only when we know what you wish to prevent happening can we suggest the best way to go about it.

Paul

[Samus512 2]

I like only my users to have access to my emby server. As well as configure emby and ombi with my google domain.

[pwhodges 2012]

Give your users passwords - that should be enough unless you expect to be the target of serious hackers. You can also set up that your users' names are not listed on the login page, but have to be known and typed in.

Once you've set up your A-record pointing to your server address, that side's done too.

Paul

[Samus512 2]

Oh okay so you don't think there is a need for ssl when i set up my A-records for emby and ombi in my google domain. I don't expect to be hacked. I don't host anything aside from emby and ombi when i get the A record set up.

[pwhodges 2012]

The stakes in that case aren't big enough to demand heightened security, but security is never a bad thing.

I would suggest that once you're happy that your present setup is stable, you look into adding a reverse proxy in front of Emby, because that's an easy way to get a substantial security upgrade; a proxy would have blocked the route in used by the recent attack.  If you use Caddy, you don't even have to get a certificate yourself - Caddy does that completely automatically, and also keeps it renewed, while requiring virtually no configuration (but I have nothing against other proxies - it just looks to me as though they need more setting up). 

Paul

[Samus512 2]

Thank you for you help! Is there a guide for caddy I can look over? I got both emby and ombi set up in my google domain and working correctly. 

[pwhodges 2012]

You can start here:

Paul