Macieksoft 1 Posted June 6, 2019 Posted June 6, 2019 (edited) Im not that knowledgeable in networking, but I do have a lets encrypt and duckdns docker setup for nextcloud with https on unraid. I wanted to secure the connection on emby since some of my users cant use chromecast (only streams https connections). But I cant connect to the https emby url it provides if it tacks on the 8920 port (I have this forwarded)... https://mydomain.duckdns.org/emby Works by itself if typed into a browser (external and internally) https://mydomain.duckdns.org:8920 Does not work https://mydomain.duckdns.org/emby:9820 Does not work Im not sure If I missed something or am not imputing settings into emby correctly. Any help would be great, thanks. Edited June 6, 2019 by Macieksoft
Macieksoft 1 Posted June 6, 2019 Author Posted June 6, 2019 Are you actually using port 8920, or is it 443? hmmm, Since unraid uses both 80 and 443 for the webui I have 80 mapped to 180 and 443 mapped to 1443 on my router. https://mydomain.duckdns.org:1443 does not work https://mydomain.duckdns.org:443 redirects back to https://mydomain.duckdns.org
moviepalace4K 29 Posted June 7, 2019 Posted June 7, 2019 Gebruik alstublieft deze poorten (met PROXY REVERSE!)
Macieksoft 1 Posted June 7, 2019 Author Posted June 7, 2019 After playing around a bit this is way over my head lol, I have no clue what to have in the lets encrypt site-confs/default file and no clue what to have in the emby.subdomain.conf file.
Q-Droid 989 Posted June 7, 2019 Posted June 7, 2019 Does your first example (https://mydomain.duckdns.org/emby) still work and is it a proxy or a redirect? What does the URL in the browser look like after the Emby page comes up? You can continue to mask the actual name.
Macieksoft 1 Posted June 7, 2019 Author Posted June 7, 2019 Does your first example (https://mydomain.duckdns.org/emby) still work and is it a proxy or a redirect? What does the URL in the browser look like after the Emby page comes up? You can continue to mask the actual name. I just ended up nuking the lets encrypt docker, I decided I didn't need the next cloud docker anyway. I believe im not forwarding the the ports properly so I cleared the port forward entries I didn't need anymore in my router and ill try again when I have some time. On the other hand I also found this and might try this method: https://blog.awelswynol.co.uk/2018/01/setting-up-cloudflare-with-emby
Q-Droid 989 Posted June 7, 2019 Posted June 7, 2019 I just ended up nuking the lets encrypt docker, I decided I didn't need the next cloud docker anyway. I believe im not forwarding the the ports properly so I cleared the port forward entries I didn't need anymore in my router and ill try again when I have some time. On the other hand I also found this and might try this method: https://blog.awelswynol.co.uk/2018/01/setting-up-cloudflare-with-emby Ok
Luke 42079 Posted June 7, 2019 Posted June 7, 2019 If it would make sense, we could add an advanced server option to not include the port in the remote url that gets reported to apps.
Q-Droid 989 Posted June 7, 2019 Posted June 7, 2019 If it would make sense, we could add an advanced server option to not include the port in the remote url that gets reported to apps. Wouldn't setting the "Public https port number:" to 443 have the same effect?
Luke 42079 Posted June 7, 2019 Posted June 7, 2019 Well yea, that's what i was trying to suggest earlier.
Macieksoft 1 Posted June 8, 2019 Author Posted June 8, 2019 (edited) Does your first example (https://mydomain.duckdns.org/emby) still work and is it a proxy or a redirect? What does the URL in the browser look like after the Emby page comes up? You can continue to mask the actual name. I re-did lets encrypt, this is how it looks with (https://mydomain.duckdns.org/emby) Dashboard: https://mydomain.duckdns.org/emby/web/index.html#!/dashboard.html Movies: https://mydomain.duckdns.org/emby/web/index.html#!/movies/movies.html?parentId=f137a2dd21bbc1b99aa5c0f6bf02a805&serverId=5caa79e2180a44e8b6ef26acb3bf28fd Playing a movie: https://mydomain.duckdns.org/emby/web/index.html#!/videoosd.html Edited June 8, 2019 by Macieksoft
Macieksoft 1 Posted June 8, 2019 Author Posted June 8, 2019 Well yea, that's what i was trying to suggest earlier. I probably didn't set lets encrypt up correctly but here are some of the different outputs with and without the :443 https://mydomain.duckdns.org https://mydomain.duckdns.org/emby:443 https://mydomain.duckdns.org/emby
Q-Droid 989 Posted June 8, 2019 Posted June 8, 2019 So it looks like you have a reverse proxy handling the /emby location on port 443 and sending it to your server on (probably) 8920. But your server likely doesn't know this and sends connections to apps on it's native port which isn't reachable. The reason your middle one doesn't work is because the URL needs to be in the form of [protocol:]//[host.domain][:port][/location] so https://mydomain.duckdns.org:443/emby instead of https://mydomain.duckdns.org/emby:443. Though https implies 443 so it isn't needed. Unless I'm missing something Letsencrypt only handles the certificates and your issue is with your proxy, naming and ports likely setup in duckdns. Your entry point (main URL) is listening on 443, where is that? And where are those connections being sent?
Macieksoft 1 Posted June 8, 2019 Author Posted June 8, 2019 So it looks like you have a reverse proxy handling the /emby location on port 443 and sending it to your server on (probably) 8920. But your server likely doesn't know this and sends connections to apps on it's native port which isn't reachable. The reason your middle one doesn't work is because the URL needs to be in the form of [protocol:]//[host.domain][:port][/location] so https://mydomain.duckdns.org:443/emby instead of https://mydomain.duckdns.org/emby:443. Though https implies 443 so it isn't needed. Unless I'm missing something Letsencrypt only handles the certificates and your issue is with your proxy, naming and ports likely setup in duckdns. Your entry point (main URL) is listening on 443, where is that? And where are those connections being sent? Ah thanks for your thought process, I ended up going back to the nginx folder and editing the emby.subdomain.conf file, I missed a line where I needed to change (set $upstream_emby emby) And since im also on unraid I needed to switch the network type of emby to that of the lets encrypt's docker (since it handles nginx). With that I was able to get https://mydomain.duckdns.org:443 to work and direct to emby properly Here was my emby.subdomain.conf file ------------------------------------------------------- listen 443 ssl; listen [::]:443 ssl; server_name mydomain.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_emby emby; proxy_pass http://$upstream_emby:8096; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; } location ~ (/emby)?/socket { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_emby emby; proxy_pass http://$upstream_emby:8096; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } } ------------------------------------------------------------ I also added a couple lines in the defult site-confs file --------------------------------------------------------------- server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; root /config/www; index index.html index.htm index.php; server_name _; # enable subfolder method reverse proxy confs include /config/nginx/proxy-confs/*.subfolder.conf; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; # enable for ldap auth #include /config/nginx/ldap.conf; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } location /emby { include /config/nginx/proxy.conf; proxy_pass http://192.168.1.151:8096; } ----------------------------------------------------------- The problem now is that I dont know if users are being directed too https://mydomain.duckdns.org:443, a quick test on my phone on 4g showed that the browser version of emby was still not secure and the url was just app.emby. Ill try tethering some data for my laptop to see on PC end but I dont think it will change, here are my settings in advanced for emby. Though it looks right on the dashboard:
Q-Droid 989 Posted June 8, 2019 Posted June 8, 2019 Your server shows 172.18.x.x as LAN but your proxy_pass is going to 192.168.x.x. Maybe if you include both of those subnets in the LAN networks it should force all others to the WAN address. Is it using Emby Connect? I'm not familiar with nginx conf, is the client IP being passed to Emby as opposed to the nginx IP?
jsendra 0 Posted July 27, 2022 Posted July 27, 2022 Hola Buenas tardes yo tengo un equipo con synology he creado un dominio ddns con DuckDns y he credo un certificado ssl dese el propio nas y quiero poderlo usar en mi instalacion de emby que tengo en el nas pero no se como hacrelo si alguien me puede ayudar muchas gracias @cayars
Luke 42079 Posted July 27, 2022 Posted July 27, 2022 10 minutes ago, jsendra said: Hola Buenas tardes yo tengo un equipo con synology he creado un dominio ddns con DuckDns y he credo un certificado ssl dese el propio nas y quiero poderlo usar en mi instalacion de emby que tengo en el nas pero no se como hacrelo si alguien me puede ayudar muchas gracias Hi, have you taken a look at our network settings setup guide? https://support.emby.media/support/solutions/articles/44001159601-hosting-settings
Carlo 4561 Posted July 28, 2022 Posted July 28, 2022 Sure, what part of the knowledge base article do you not understand? @cayars
jsendra 0 Posted July 28, 2022 Posted July 28, 2022 Hola Buenas ya he conseguido configurar mi https como lo he echo @cayars 1 Despues de generar mi certificado con Let's Encrypt en mi NAS Synology , me lo he descargado 2 He descomprimido el .zip con todos lo archivos de el certificado 3 He accedido a la siguiente Web: https://www.leaderssl.es/tools/ssl_converter y he adjuntado el archivo privkey.pem el el campo de "Archivo de clave privada" y el archivo cert.pem "Seleccione el archivo por convertir" 4 En tipo de certificado he dejado el que viene por defecto (Standard PEM) 5 en el campo "La nueva extensión del certificado" he marcado PFX/PKCS#12 6 en mi caso el certificado no tenia contraseña si habría que ponerla como que yo no tenia contrasenya en mi certificado le he dado directamente a convertir i me ha descargado el certificado ya listo 7 Y esta es la prueba de que funciona el certificado
Carlo 4561 Posted August 3, 2022 Posted August 3, 2022 Go back and do the same steps again but this time fill in the secret password. You will need to type this same password in the network menu as well. Let us know how that works out for you. Carlo
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now