Force HTTPS?

[iamspartacus 40]

How can one force external connections to their Emby server to use https instead of http?

[Guest asrequested]

I think this is what you're looking for 

 

https://github.com/MediaBrowser/Wiki/wiki/Hosting%20Settings

 

Edited September 24, 2017 by Doofus

[iamspartacus 40]

Yes I've found that page but are you saying that I need to us UPnP port mapping in order to get this working?  I have that disabled on my firewall (pfSense) for a reason.  I have setup the necessary port forwarding rule myself to allow the https port inbound.  However I don't see any place to tell Emby to use https instead of http.  When I connect from a remote client I see the inbound connections using the http port (8096) instead of https.

 

EDIT:  I get it now.  I need to supply my own cert.  I had thought Emby supplied their own certs if not specified.

Edited September 24, 2017 by iamspartacus

[Guest asrequested]

I don't use it, but I believe this is what is required

 

[ebr 16185]

Hi.  In the screen shot above it is the "Report https as external address" that you would want to enable.  Automatic port mapping is not required.

 

However, be aware that you probably will need a true certificate as opposed to a self signed one for all apps to work properly.

[iamspartacus 40]

Hi.  In the screen shot above it is the "Report https as external address" that you would want to enable.  Automatic port mapping is not required.

 

However, be aware that you probably will need a true certificate as opposed to a self signed one for all apps to work properly.

 

Yes, this I just found out.  I have created a new letsencrypt cert for emby.mydomain.com.  However, do you have any guides on how to create a .pfx file for this cert so I can import it into Emby?

[Guest asrequested]

I think this will help. Scroll to the bottom.

 

https://blog.awelswynol.co.uk/2017/06/easy-lets-encrypt-certificate

[iamspartacus 40]

Ok I've created a custom cert, added the path to it in the "Custom Cert Path" location, supplied the password, the custom domain, and selected report HTTPS as external address.  I've since rebooted.  Yet Emby still tries to connect over over http (8096) from a remote client.

 

What am I missing?

[Luke 42080]

Well, if using Emby Connect it will switch automatically but may not be immediate. if you connected manually by entering server address then you'll need to redo that step.

[iamspartacus 40]

Well, if using Emby Connect it will switch automatically but may not be immediate. if you connected manually by entering server address then you'll need to redo that step.

 

I'm using Emby Connect.  I tried it pretty immediately so I'll try again after giving it some time.

[iamspartacus 40]

Ok, I see the traffic now going over the HTTPS port I configured in my firewall and it's passing now instead of being blocked.

 

However, when I click on my server in the app and hit connect, I get "We're unable to connect to the selected server right now."  So something must be off in my config I'm guessing.  Is there something I can look for in the logs to help identify my problem?

[Luke 42080]

If you attach the log we can take a look. If for some reason the device rejected the cert then it wouldn't have gotten far enough to make it into the log.

[iamspartacus 40]

If you attach the log we can take a look. If for some reason the device rejected the cert then it wouldn't have gotten far enough to make it into the log.

 

Yup it's not making it to the log.  Must be an issue with the cert.  I'll troubleshoot this further.

[iamspartacus 40]

Just want to report back that I got this working.  The issue was more about what ports I was forwarding and my reverse proxy.  Once I forwarded the public https port (8920) to my internal nginx port my issue was resolved.