Tuesday, 14 February 2017

Emby - SSL Setup (PART1)

I have recently setup a secure, encrypted connection to my Emby Server. This 5 Part post will explain how I did it, demonstrate 2 ways in which it can be done using a direct connection on port 443 and using a nginx reverse proxy.

Before I begin there are 2 options here. I recommend option 2 or Part.1.A below. But it requires you to purchase a Domain Name. Option 1 is free.

Part.1 - Dynamic DNS

There are many services that offer a Dynamic DNS service and most are free. If you have a static IP from your ISP then you can skip this part but if you're like me then my ISP IP address changes every time my router restarts.

I use Namecheap for a DDNS but you can also use noip, dynDNS. For the purpose of this thread I will demonstrate using No-ip.

Goto noip.com and create an account.
Click on Dynamic DNS (Free) on the left hand side.
Click create a hostname.
Hostname = what ever you want your hostname to be called
Domain = what the part after your hostname will be.
i.e embySSLtest.ddns.net



Now you need to configure how the DDNS address will get your ISP IP address. There is software available which will run constantly on your PC and check for IP updates or some routers support a DDNS services.
On my BT router under Advanced settings > Broadband > Dynamic DNS I can enter the account details we have just setup.




Once that has been done we then need to Port Forward Emby's ports on our router. For this write up we will need to forward port 443 to the Internal IP address of your Emby Server. for example 192.168.1.100
To test your DDNS you can also temporarily forward port 8096 to your emby server. Then all you have to type in the Web address bar is http://embyssltest.ddns.net:8096 and it should take you to the web app


Part 1.A. Dynamic DNS With Custom Domain Name.

Ok, so this is an extension of Part 1. Dynamic DNS. If you used Part.1 above then got a SSL Cert for your shiny new domain name and followed all the other steps. When browsing to https://emby.embyssltest.com you will connect via HTTPS however your browser will warn you that the Cert isnt trusted as it was assigned to embyssltest.com however you are browsing to embyssltest.ddns.net because of the CNAME and URL redirecting.

To fix this we need to setup your new domain name to do the Dynamic DNS'ing. Head to PART2 to find out how!

Posted by at
Labels: , , , , , , , , , , , , , ,