help with setting up Emby and NPM (proxy manager) residing on different truenas servers

[Dariusz 25]

i'm hoping this is something that is possible but i am having some issues getting this to work and looking for some help from the experts here.. 

I have 2 truenas servers.. One is running the EMBY app (server1 ends in 177), the other one is running NPM (server2 ends in 170).

I have NPM working with local apps on server2.. however i wanted to use NPM to setup emby as well which is on server1..

first of, I am not sure i should be using https and port 8920 or if it should be http with local port when creating proxy.. I then pointed the IP to be the server1 that is running emby.

I also issued new SSL certificate which i used to add to emby after converting it (following emby ssl guide) to PKCS#12. 

I setup all details in emby including that this is a proxy and although emby shows https address and all, i get blocked to enter it..

Also on my router i am port forwarding port 8920 on server1, and i am port forwarding ports 80 and 443 on server2 to work with NPM.. 

 

Anyone have any idea what I am missing here for this to work?

 

[Lessaj 467]

You'll likely want to set your public HTTPS port to 443 if NPM Is handling that with that port. Firstly, is it actually listening on 8920? It can report it is but not actually if it has a problem with the certificate for example. Can the NPM server reach Emby via telnet? The config otherwise seems correct, should also enable websocket support.

[Dariusz 25]

47 minutes ago, Lessaj said:

You'll likely want to set your public HTTPS port to 443 if NPM Is handling that with that port. Firstly, is it actually listening on 8920? It can report it is but not actually if it has a problem with the certificate for example. Can the NPM server reach Emby via telnet? The config otherwise seems correct, should also enable websocket support.

I played around with this a bit.. if i change NPM proxy to http and use port 8096 and change my public HTTPS port in emby to 443 like you suggested, then i am able to access emby remotely using my domain name and port 443. however i end up getting "dangerous site" message.. not sure why that is.. 

the certificate i use is the one that was created using NPM, which should be fine and shows up as valid..

 

Edited June 1, 2025 by Dariusz

[Lessaj 467]

Is the certificate signed by a CA or self signed? I don't use NPM, I use httpd, and I use a Lets Encrypt signed certificate.

[Neminem 1518]

@DariuszI have seen that warning, when using emby.mydomain.com

Try without emby in domain name.

[Dariusz 25]

13 hours ago, Lessaj said:

Is the certificate signed by a CA or self signed? I don't use NPM, I use httpd, and I use a Lets Encrypt signed certificate.

It was created through Let's Encrypt using NPM

Edited June 1, 2025 by Dariusz

[Dariusz 25]

11 hours ago, Neminem said:

@DariuszI have seen that warning, when using emby.mydomain.com

Try without emby in domain name.

that would be a shame.. i prefer to keep my domains with a subdomain added to simplify things.. I might give it a try when i have some time to see if this fixes it.. but not the end of the world for me as i connect through the emby app and all seems to work correctly that way

[Neminem 1518]

Just try with blabla.mydomain.com

just not emby.mydomain.com

[Q-Droid 989]

For reference:

 

[guunter 49]

The 8920 port is used if you upload the cert to Emby itself. Otherwise use http and 8096 port and reverse proxy it for https. 
 

as for the above message I don’t get that message at all but I also have a random subdomain name instead of emby

Edited June 1, 2025 by guunter

[Q-Droid 989]

1 hour ago, Dariusz said:

that would be a shame.. i prefer to keep my domains with a subdomain added to simplify things.. I might give it a try when i have some time to see if this fixes it.. but not the end of the world for me as i connect through the emby app and all seems to work correctly that way

What is it that you have in mind? How do you want it to work in the end?

You now have:
http://<something.yourdomain.tld>
https://<something.yourdomain.tld>

You want to add(?):
https://emby.<yourdomain.tld>

Do you want to reach the public Emby URL on port 443 or 8920?

 

[Dariusz 25]

Thank you everyone for all the help and suggestions.. I got it to work properly now.. using reverse proxy nginx with the certificate in emby pointing to the proxy without the dangerous site info popping up..

like @Neminemsaid, i needed to try something else in subdomain other than emby.. i ended up using something along the lines of myemby.mydomain.whatever .. this got rid of the dangerous site info..

the rest of info is here..

16 hours ago, Dariusz said:

I played around with this a bit.. if i change NPM proxy to http and use port 8096 and change my public HTTPS port in emby to 443 like you suggested, then i am able to access emby remotely using my domain name and port 443. however i end up getting "dangerous site" message.. not sure why that is.. 

the certificate i use is the one that was created using NPM, which should be fine and shows up as valid..

 

 

[Q-Droid 989]

If you haven't already then you should close the 8920 port forwarding rule on the router since it's not in use anymore.

 

 

[Lessaj 467]

My subdomain starts with emby.xxx.yyy and I guess I've been lucky that it hasn't flagged lol. Sorry I misinterpreted the error I thought it was just complaining about the certificate.