afullmark 20 Posted April 29, 2018 Posted April 29, 2018 (edited) I first suggested this here: https://emby.media/community/index.php?/topic/54586-security-101-secure-connections/page-9&do=findComment&comment=572225 Could a complete guide to how to setup SSL with the emby server (Window, Mac...) be in the official wiki; it's all a bit fragmented currently and, I'm sure, quite off putting for non-technical folk moving from, say, plex – where SSL is all taken care of. There are probably a hundred and one methods, but if the wiki could focus on the recommended or preferred version that emby thinks best. Plus, it would make any solution slightly more official and give peace of mind, as opposed to finding a solution via the forums. This would need to be step-by-step with visual aids also. And address points (how-tos) for renewing SSL certificates etc. Yep, I still do believe that emby should fold all this SSL business into Emby Connect, and including the fee into the premium membership or as an add-on. I love the flexibility of emby but have never really moved over from plex because of the ease-of-use factor. Edited April 29, 2018 by afullmark 6
larsonDigital 7 Posted July 25, 2018 Posted July 25, 2018 Thanks for posting this. I don't suppose by chance you know of a how-to (step-by-step) for using the Certify The Web app to install a Let's Encrypt SSL Certificate for Emby, do you? 1
Luke 42077 Posted July 26, 2018 Posted July 26, 2018 Yes I agree we should offer something like this.
Luke 42077 Posted July 26, 2018 Posted July 26, 2018 Thanks for posting this. I don't suppose by chance you know of a how-to (step-by-step) for using the Certify The Web app to install a Let's Encrypt SSL Certificate for Emby, do you? There is a procedure here: https://emby.media/community/index.php?/topic/42315-creating-a-letsencrypt-ssl-certificate-for-emby/
larsonDigital 7 Posted July 29, 2018 Posted July 29, 2018 Thanks Luke! Only problem for me is I don't know scripting or Linux, so it's pretty difficult for me to follow that procedure. My situation is: I'm using Windows Server 2016 Standard (with Essentials Dashboard). I used the Essentials Dashboard and the CertifyTheWeb app to easily setup Anywhere Access (RDP & VPN) using my own domain (https://remote.mydomain.com/remote). So I guess I have a prerequisite question: Can I use the same Let's Encrypt SSL Certificate via CertifyTheWeb that I created for my remote access, or would I have to setup a separate one for Emby Media Server? Thanks again for your help! James
larsonDigital 7 Posted July 29, 2018 Posted July 29, 2018 Another question: Since I already have a domain, a DDNS for my computer/server where Emby is installed, and a Let's Encrypt SSL Certificate, is it as easy as filling in the External domain, Custom ssl certificate path, Certificate password, and Secure connection mode under Settings > Expert > Advanced section (see below)? Thanks, James
larsonDigital 7 Posted July 30, 2018 Posted July 30, 2018 Thanks for the quick reply Luke! You rock!! Wow, that would be great if it is that easy! So just to clarify, I'm already using my Let's Encrypt SSL Certificate for my Anywhere Access (VPN & RDP) to my Windows Server 2016. I just don't know exactly how the Certificates work. So I can use the same one I already have for my Emby Media Server connection? I just want to clarify because I don't want to mess up what i already have set up. Thanks again Luke! James
Luke 42077 Posted July 30, 2018 Posted July 30, 2018 If the domain attached to the cert is the same, yes.
larsonDigital 7 Posted July 30, 2018 Posted July 30, 2018 I've been following this tutorial "Let's Encrypt, Emby Server, and Windows", except I skipped Step 4.8-4.13 because I think Emby Server can handle PFX files with passwords now (please correct me if I'm wrong). I used a subdomain of my main domain, created a new "website" for it in IIS Manager called "Emby," created another Let's Encrypt SSL Certificate via CertifyTheWeb app, and plugged the resulting file/info into Emby Server. External Domain: media.<mydomain>.com SSL Certificate Path: <...>\SSLcertEmby.pfx Password: <PFX file password> Secure Connection: Required for all remote connections I restarted the Emby Server and the Dashboard reports Remote (WAN) access: https://media.<mydomain>.com:8920/. Everything seemed to go well, but I can't access the site. Can you think of anything I might have missed? 1
larsonDigital 7 Posted July 30, 2018 Posted July 30, 2018 Also, does Emby use Mono's web server or Microsoft's web server, Internet Information Services (IIS)? Maybe that would make a difference here? Thanks again, James
larsonDigital 7 Posted July 30, 2018 Posted July 30, 2018 Are you talking about this file: C:\Users\Administrator\AppData\Roaming\Emby-Server\programdata\logs\embyserver.txt? or do you need all the others too? There are six other files with numbers, like embyserver-63668246400.txt.
Luke 42077 Posted July 30, 2018 Posted July 30, 2018 Yes. The one from the time frame in which you tried to connect Thanks.
larsonDigital 7 Posted July 30, 2018 Posted July 30, 2018 Okay, here it is, hopefully. embyserverLogs.zip
larsonDigital 7 Posted July 30, 2018 Posted July 30, 2018 Luke, can you tell me does Emby use Mono's web server or Microsoft's web server, Internet Information Services (IIS)?
Luke 42077 Posted July 30, 2018 Posted July 30, 2018 The most recent log had no incoming https requests so it sounds like it's just not getting through to emby server.
larsonDigital 7 Posted July 30, 2018 Posted July 30, 2018 The most recent log file was from this morning; I threw it in just in case, but the other two were from when I was trying to set it up and connect last night. I think I may have tried to connect one time this morning, but I can't remember for sure now.
larsonDigital 7 Posted July 30, 2018 Posted July 30, 2018 Okay, so maybe things are getting through the router's firewall? It seemed when I was doing the initial configuration of the server that I saw of list of ports that needed to be opened, or maybe I saw it in a tutorial. Can you tell me what ports need to be forwarded/opened in the router's firewall?
larsonDigital 7 Posted July 30, 2018 Posted July 30, 2018 Is that for the Windows firewall, because I know those ports are open? Are there any ports that need to be forwarded in my router? Thanks, James
Luke 42077 Posted July 30, 2018 Posted July 30, 2018 Yes, 8920 to 8920 for https, 8096 to 8096 for http. Our connection troubleshooter may also help: https://github.com/MediaBrowser/Wiki/wiki/Connectivity Thanks.
larsonDigital 7 Posted July 30, 2018 Posted July 30, 2018 Hey Luke, that was it! I just needed to forward the 8920 port for https connection. Thanks for your help!! I can change that port, correct? It doesn't have to be 8920 and 8096, right?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now