Have certificate SSL but Emby always use HTTP get ...

[agasi34 0]

Hi everybody,

 

I have set up a let's encrypt certificate on my emby domain, i can reach my web emby server with htttps://****** but when i look on my server logs, i see only http get with ip adresse *******:8096.

 

I don't understand why steaming are not in https ? i have activate all advanced options to redirect http --> https, but streams always use http ...

 

Do you know why ?

[mastrmind11 722]

If you're hitting your server via the https endpoint, then it's streaming via that endpoint.  I'd imagine what you're seeing is a redirect to http internally, which has no effect on inbound/outbound traffic.  Are you using a reverse proxy?

[agasi34 0]

Hi mastrmind, yes i'm using a reverse proxy with apache2. Do you know how i can be sure that i use a secure access to my streaming ? (with the android app for example ?) When i check my log, i have only http get with local insecure connexion (**.**.**.**:8096)

[Luke 42085]

When i check my log, i have only http get with local insecure connexion (**.**.**.**:8096)

 

Isn't that what you want?

[mastrmind11 722]

Hi mastrmind, yes i'm using a reverse proxy with apache2. Do you know how i can be sure that i use a secure access to my streaming ? (with the android app for example ?) When i check my log, i have only http get with local insecure connexion (**.**.**.**:8096)

If you're pointing to your https endpoint in your apps/browsers, then it's using SSL.  If it weren't, or the cert was bad, you wouldn't even be able to connect to your server at all.  Internally it'll use standard http, because it's internal.  The whole point of a reverse proxy is to redirect inbound SSL connections to your internal network securely.... it's assumed your own internal network is secure.  If it's not for whatever reason, look at setting up a Radius server and authenticating internally that way. (probably outside the scope of what you want to get into)

[agasi34 0]

Thx you 2 for your answers.

 

In fact i want to be sure that all my apps (android, ios, kodi ...) can only access my emby server under ssl connections, you know what i mean ?

 

For example, when i use android app (emby connect ?), i can't see i my connexion is secure or not ?

[Jdiesel 1431]

Edit: Didn't realize you were using a reverse proxy

Edited September 27, 2017 by Jdiesel

[Luke 42085]

Thx you 2 for your answers.

 

In fact i want to be sure that all my apps (android, ios, kodi ...) can only access my emby server under ssl connections, you know what i mean ?

 

For example, when i use android app (emby connect ?), i can't see i my connexion is secure or not ?

 

We don't display this in the app although if you're using a browser you can see the browser lock icon.

 

I think what we'll do is add a setting to require https for external connections.

[fuzzthekingoftrees 10]

In fact i want to be sure that all my apps (android, ios, kodi ...) can only access my emby server under ssl connections, you know what i mean ?

 

To do this,

1. Check your firewall setup. If you only have your secure port forwarded (usually 8920) then apps can only use that port

2. Check in the server dashboard advanced section that you have "report HTTPS as external address" ticked, this will make sure that clients know to connect using the secure port externally

3. Check the logs on your apache server. This is where you will see the secure requests from your clients.

Edited September 27, 2017 by fuzzthekingoftrees

[ebr 16193]

1. Check your firewall setup. If you only have your secure port forwarded (usually 8920) then apps can only use that port

 

This is the real key to your question.  If you only allow the secure port through your router then that is the only way the apps will be able to connect.