yocker 1669 Posted March 7 Posted March 7 Disable admin account from outside and use VPN when needing to use the admin account should make files secure. Keep an eye on where users connect from once in a while, there are plugins for that. Blacklist countries you have no users in. Make sure users don't set 1234 as password.. Emby needs a feature for minimum lenght and special character passwords Correctly set up proxy instead of direct Emby access. Tailscale funnel also works very nicely and doesn't require "outsiders" to have tailscale. Not saying 2fa isn't needed, just that there are other ways to secure the server. 1 1
muzicman0 86 Posted March 7 Posted March 7 I honestly don't understand the 2fa on just admin accounts. I don't want ANYONE logging into my server that I don't know, admin or not. 2
ugenest 1 Posted March 8 Posted March 8 On 3/4/2026 at 12:44 PM, ugenest said: +1 for 2FA for the admin account for any account would be better (that would be perfect), but than nothing, it should be at least for the admin account
yocker 1669 Posted March 8 Posted March 8 3 hours ago, ugenest said: for any account would be better (that would be perfect), but than nothing, it should be at least for the admin account If only the admin account then a VPN would be easier and better. 1
bandit8623 244 Posted March 10 Posted March 10 On 3/8/2026 at 11:42 AM, yocker said: If only the admin account then a VPN would be easier and better. using 2 factor auth vpn i disagree. extra work compared
yocker 1669 Posted March 10 Posted March 10 39 minutes ago, bandit8623 said: using 2 factor auth vpn i disagree. extra work compared VPN is typically easy to set up and a click of a button to connect once set up. IMO the most amount of work is opening the port for it if not using tailscale.
bandit8623 244 Posted March 10 Posted March 10 (edited) 9 minutes ago, yocker said: VPN is typically easy to set up and a click of a button to connect once set up. IMO the most amount of work is opening the port for it if not using tailscale. thats if you use tailscale i guess. i use openvpn with 2fa. nothing touches my internal network. all done on opnsense Edited March 10 by bandit8623
yocker 1669 Posted March 10 Posted March 10 6 minutes ago, bandit8623 said: thats if you use tailscale i guess. i use openvpn with 2fa. nothing touches my internal network. all done on opnsense I use selfhosted Wireguard my self. No need for 2fa for me when only i have the keys. Other users that use my VPN have their own network and shares so can't harm anything. Different needs for different uses ofc. 1
bandit8623 244 Posted March 17 Posted March 17 (edited) Saw this and thought Emby could do something along this line https://blog.noip.com/what-is-no-ip-public-tunnels-a-modern-approach-to-remote-access?utm_source=email&utm_source=email&utm_medium=promo&utm_campaign=2026-march-promo-paid Edited March 17 by bandit8623
caffeineshock 18 Posted May 9 Posted May 9 Yeah, no. Basically a reverse proxy. Does not solve the problem On 3/17/2026 at 12:28 PM, bandit8623 said: Saw this and thought Emby could do something along this line https://blog.noip.com/what-is-no-ip-public-tunnels-a-modern-approach-to-remote-access?utm_source=email&utm_source=email&utm_medium=promo&utm_campaign=2026-march-promo-paid
bandit8623 244 Posted May 9 Posted May 9 (edited) 11 hours ago, caffeineshock said: Yeah, no. Basically a reverse proxy. Does not solve the problem of course it does. everyone that would connecting via this method uses 2fa. would be an option to use if added correctly. thats what you wanted. With link sharing you woudlnt even need 2fa as only the device with the link can login. its just an idea. dont throw it out so fast as its not just like a reverse proxy.. Edited May 9 by bandit8623 1
Chyron 257 Posted 1 hour ago Posted 1 hour ago (edited) Okay, wait... Jellyfin has an OIDC plugin, but Emby does not? It's also amazing to find out that Audiobookshelf---which went gold as recent as March 2022, and still doesn't have an official iOS app release outside of TestFlight---has OIDC support. And Emby does not. Edited 1 hour ago by Chyron
Chyron 257 Posted 1 hour ago Posted 1 hour ago (edited) This means that Emby doesn't work properly with Authelia. If I used Authelia, it would just be a gate behind the reverse proxy--meaning I would have to log in twice--and wouldn't work properly with client apps. Edited 1 hour ago by Chyron
Harry0 3 Posted 48 minutes ago Posted 48 minutes ago 18 minutes ago, Chyron said: This means that Emby doesn't work properly with Authelia. If I used Authelia, it would just be a gate behind the reverse proxy--meaning I would have to log in twice--and wouldn't work properly with client apps. That's true. Emby only has LDAP. I am using emby behind reverse proxy with traefik and authentik 2fa. It works great with emby LDAP. Works great with the app emby as the website.
muzicman0 86 Posted 32 minutes ago Posted 32 minutes ago I got so tired of waiting for 2fa and a few other features that I have made my own media server.
Harry0 3 Posted 27 minutes ago Posted 27 minutes ago 3 minutes ago, muzicman0 said: I got so tired of waiting for 2fa and a few other features that I have made my own media server. If emby only made an OIDC support worth it, i will be happy... But with LDAP works good as well.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now