Secure remote connection not working but HTTP is.

[jachin99 88]

Yes I have to apply that to my domain name to get emby.  Was it pretty easy to just export your cert, and apply it to emby?

[Happy2Play 9780]

Yes I have to apply that to my domain name to get emby.  Was it pretty easy to just export your cert, and apply it to emby?

Pretty sure all I did export it and apply it in Emby.  It's been awhile.

 

Edited March 18, 2020 by Happy2Play

[pwhodges 2012]

Thanks @@pwhodges for the description I was just about to ask what is this reverse proxy that have been mentioned many times. Just to clarify for us that only have one 3 or 4 family members using the server this this reverse proxy is not needed as we only have one server ? .  

 

You don't need a reverse proxy in front of a single server.  There are situations when it might be able to do something useful, but this would not be typical, and I won't go into that.

 

What happens in a reverse proxy is that it is a single web server which like any modern web server can separate requests made to the same IP:port address by URL and handle them differently, serving different data as required.  The proxy part is that any one, or many, of these separate responses may be handled by passing that particular request on to another server, using a different IP:port combination (the extra server may even be on a different machine).  This address translation means that multiple servers on a machine, which cannot share an address, can all be made accessible through a single address because of the separation and translation which the reverse proxy server performs.

 

Paul

Edited March 18, 2020 by pwhodges

[Happy2Play 9780]

Technically jachin99 has two servers RWA (Remote Web Access) on 443 on one system and Emby on another system using 8920.  With current configuration you will need to choose which system uses 443 port forwarding.

[jachin99 88]

I googled around a little bit, and I came across this answer on stack exchange https://serverfault.com/questions/109800/multiple-ssl-domains-on-the-same-ip-address-and-same-port

 

That answer addresses the problem of having multiple ssl certs on one server and port but it looks like my servers, and possibly happytoplay's show the same behavior.  My interpretation of the above answer could be wrong but what I get out of it is that during an SSL handshake, your browser gets the handed the first available cert without knowing the host name.  This doesn't happen over HTTP because browsers running http can see host names as part of the connection process.  

 

They said the solution to their problem (Multiple domain names using a single IP and port) was to implement Server Name Indication where the client browser is handed a host name during an early part of the SSL handshake.  Happytoplay you can probably implement something like this, and I'm wondering if it would help me as well.  Some web servers are compatible with SNI, and others arent.  I know IIS 8 and above are (I'm cant remember what version home server uses but it might be 7) along with NGINX, and apache servers.  Which web server is the Emby web app built off of?  

[jachin99 88]

Just to see what would happen I took down the windows server machine and disabled its port forwarding on 443. I still need the port

[Happy2Play 9780]

You would have to adjust port in Emby and port forward to Emby ip instead of windows server machine.

[Sahne 16]

I wrote this guide some time ago but it is still applicable. Use version 2!

 

https://emby.media/community/index.php?/topic/44481-use-existing-ssl-from-server-essentials-remotewebaccesscom/

 

Caddy Reverse Proxy and Windows Server Essentials does not really work. You will be able to get to the RWA page but wont be able to login because it is not just HTTPS redirect, I have been trying to achieve this for many month but no luck.