Activation port 8920/HTTPS on server

[Mustag 1]

Hi,

 

I would like to open my emby-server on my raspberry pi5 with the https/8920 port.

I configured my apache2 part but on the emby configuration part I'm blocked.

 

Inside the /var/lib/emby/config/system.xml we have the line "EnableHttps", I put it on "True" but I still cannot have emby listenning the port 8920. 

Do you know what I missed ??

And on the emby's interface I can see it's working on 8096 but not on 8920, before on a previous server I had the information that emby was listenning on both port

 

Thank you for your help

[Lessaj 467]

Did you configure a certificate within the Network settings tab? This is needed for it to listen on 8920, or whatever port you've configured for HTTPS. Having said that, if you're using a reverse proxy on the same system (or even if it's somewhere else in your local network) you don't need to tell the reverse proxy to use the HTTPS port when passing the traffic, it can use the HTTP port and you can have clients connect to the reverse proxy using HTTPS. The overhead for HTTPS from Emby should be minimal either way.

[Mustag 1]

That the problem I think.

On my server I have two certificates, one for my principal website listening on port 80 and another one for my emby website, so I configured my emby website adress on the port 443 with a redirection to port 8920 of localhost with a reverse proxy.

 

I saw on emby parameters inside the network category that we need to fill the certificate. I put the path to my letsencrypt certificate but emby cannot find the path and can't access to it.

[Lessaj 467]

It must be a PKCS #12 file, not PEM encoded like you use for apache. You'll have to create the p12 yourself if you don't have one already.

 

[Mustag 1]

Thank you very much now I have access to emby with https://mywebsite.com:8920

Do you know how can I create it only with https://mywebsite.com ??

Edited April 9, 2025 by Mustag

[Lessaj 467]

I assume you would be doing that using your reverse proxy listening on 443, re-reading what you said it sounds like you're doing a 302 redirect instead of ProxyPass? That means you're not even using the reverse proxy and it would only work locally? Sorry just trying to understand the way you worded it and what you've configured.

[Mustag 1]

I create my apache2 /etc/apache2/sites-available/emby-le-ssl.conf like that :

<VirtualHost *:443>
    ServerName emby.XXXXXXX.ovh

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/emby.XXXXXXX.ovh/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/emby.XXXXXXX.ovh/privkey.pem

    ProxyPass / https://localhost:8920/
    ProxyPassReverse / https://localhost:8920/
    RewriteEngine On
    RewriteCond %{SERVER_NAME} =emby.XXXXXXX.ovh
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:80>
    ServerName emby.XXXXXXX.ovh
    RewriteEngine On
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

 

[Mustag 1]

I don't know if it's clear. I'm not the best in web coding.

I want to redirect my website to the emby server https://localhost:8920 but it's not working

But I can access to emby with https://mywebsite.com:8920

 

[Lessaj 467]

Okay from a basic config standpoint that should be enough to be able to use https://mywebsite.com which will then connect to https://localhost:8920 to transparently pass the traffic. I think you need to have quotes around the / for ProxyPass and ProxyPassReverse but httpd -t should tell you if there are any syntax errors. But you keep saying redirect, why do you need a redirect? The only redirect you should need is the 80 to 443 which you already have, otherwise you will always use https://mywebsite.com. to access Emby through your reverse proxy - no port necessary, it's already using 443 since it's https.

[Mustag 1]

In my mind emby is working on https://localhost:8920 so I need to redirect my 443 port to these address

If I only put https://mywebsite.com I'll go to a webpage but not emby

But I think I need to change something inside the network config of emby because it's not working

[Lessaj 467]

Yes it should be listening on 8920 technically on all addresses but using localhost is fine since the server is running locally, but you're not "redirecting" from the user level, you're transparently passing traffic from the httpd process to the emby server process, so you as the user are connecting to https://mywebsite.com but in the background the httpd process serving requests for that domain is transparently proxying it to https://localhost:8920 and the user has no idea.

[Mustag 1]

I found it, I changed the emby.conf like that :

<VirtualHost *:443>
    ServerName emby.XXXXXX.ovh

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/emby.XXXXXX.ovh/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/emby.XXXXXX.ovh/privkey.pem

    # Active le reverse proxy vers le Emby HTTPS interne
    SSLProxyEngine On
    ProxyPreserveHost On

    # IMPORTANT : dire à Emby que c'est déjà HTTPS
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Ssl "on"

    # Désactiver vérif certificat si Emby utilise certif auto-signé
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off

    ProxyPass / https://localhost:8920/
    ProxyPassReverse / https://localhost:8920/

    # Important: Redirection de HTTP vers HTTPS
    #RewriteEngine On
    #RewriteCond %{SERVER_NAME} =emby.XXXXXX.ovh
    #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

 

In fact Emby was forwarding to apache and apache to emby so it was running without any end

Edited April 9, 2025 by Mustag