How to configure Emby for HTTPS.

Emby allows us to stream locally-stored content to wherever we want, even through the internet. Though, whenever browsing your personal Emby library on the internet, it is best to do so through an encrypted connection. Here, we are going to configure HTTPS for Emby.

Domain name

For you to connect to your Emby server via HTTPS, you are going to need some kind of domain name. It can be a TLD or a dynamic domain. The easiest and free method would be a dynamic DNS service.

One recommendation would be no-ip. You can create a free account and setup a custom dynamic domain quickly and easily. Now we are going to generate a self-signed certificate for our Emby server.

Generate a self-signed certificate

The easiest way to do this is through Linux via openssl. Here, we will be generating a private key and certificate in one go. In order to do this, go ahead and type in the following shell command:

sudo openssl req -newkey rsa:2048 -keyout emby_key.pem -sha256 -nodes -x509 -days 700 -out emby_crt.pem

You will be asked to fill out some information. Make sure that under Common Name you put in the domain name. A new key called emby_key.pem will be generated and a certificate called emby_crt.pem with an expiration date of 700 days from now. We are now going to combine the 2 into a pkcs12 file.

sudo openssl pkcs12 -export -inkey emby_key.pem -in emby_crt.pem -out emby.p12

Put in an export password if desired. A file named emby.p12 will be placed in the current directory.

Setup in Emby

When you’re ready, let’s go to our Emby configuration by entering the following on our web browser:

http://YOURIP:8096/web/index.html#!/network/network.html

Or from your dashboard, navigate to Network.

Check where it says Allow remote connections to this Emby server. When you do, additional settings will appear towards the bottom, scroll down.

Here, you will be able to designate who can access/deny your Emby server. If you’re planning on sharing this server will multiple people, then leave this blank or adjust accordingly. The ports for both HTTP and HTTPS can be changed if desired.

You will now need to provide an External domain. This needs to be the same domain that you’ve created earlier and configured in the certificate. If you already know where your .p12 file is, then type it under Custom ssl certificate path.

In this guide we didn’t create a Certificate password during the creation process. Leave it blank.

It is best to enforce Secure connection mode to be Required for all remote connections. If you’re not sure how to do port forwarding with your router, you can try using Enable automatic port mapping to do it for you.

When you are finished, make sure you click Save to apply the changes. If you get a prompt telling you about changes made to hosting settings, click Got it. Now navigate to:

https://yourdomain:8920/

You will get a warning about it being a self-signed certificate. This is normal, go ahead and make an exception to proceed. At this point, everything should be working fine and your connection is now encrypted with HTTPS!